Re: [qubes-users] Re: What are the disadvantages of NOT having vt-d?

2017-12-14 Thread Matteo 
> I see.. But currently I am using Qubes 3.2 and 4.0 last time I tried was
> VERY unpolished, I am not sure I am going to look at it before support
> for 3.2 expires...

Same here, and my pc doesn't have vt-d nor slat (second level addres
tranlation); both required for Qubes 4

> It's not like I would not have the money to buy a 7700k, but I want to
> avoid spending money if not necessary that is why I want to get a clear
> picture...

As far as i know, you can't just replace the cpu to get vt-d (IOMMU);
also the chipset and the bios must have proper support so changing the
cpu only might be a waste of money.
There was a discussion about finding a notebook with proper support
https://groups.google.com/forum/#!topic/qubes-users/Sz0Nuhi4N0o

vt-d protect from dma (direct memory access) attacks.
for a demo take a look at "inception" that works via firmware interface.
i have personally tested against a windows xp and worked (from what i
have read, newer os are protected against this *specific* attack).
it protect you from bad/exploited dma devices like network card.
net vm is used for both ethernet and wifi.

for your use case (almost anyone use case) you don't need vt-d but we
are starting to see succesful attacks against network interfaces, and
thanks to the hard work of Qubes OS team and that genius person Joanna
Rutkovska we have that extra protection for free.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e5c2e86-63ad-74bd-c8e3-44bd6974dec9%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: What are the disadvantages of NOT having vt-d?

2017-12-13 Thread charly LEMMINKÄINEN 
About vt-d, the problem is more about usb controller and the fact that without 
vt-d you have not a good control about how they behave and are assigned but I 
could be wrong. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f36d7520-52a9-46bb-9648-3518beebe073%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: What are the disadvantages of NOT having vt-d?

2017-12-13 Thread 'Chris' via qubes-users 
I see.. But currently I am using Qubes 3.2 and 4.0 last time I tried was VERY 
unpolished, I am not sure I am going to look at it before support for 3.2 
expires...

It's not like I would not have the money to buy a 7700k, but I want to avoid 
spending money if not necessary that is why I want to get a clear picture...

>  Original Message 
> Subject: [qubes-users] Re: What are the disadvantages of NOT having vt-d?
> Local Time: December 14, 2017 1:40 AM
> UTC Time: December 14, 2017 12:40 AM
> From: vigilian.pira...@gmail.com
> To: qubes-users 
>
> Le jeudi 14 décembre 2017 01:27:23 UTC+1, Chris a écrit :
>
>> Hi,
>> I am an avid user of Qubes OS and I love what you have done. Finally I have 
>> a feeling of security and a peace of mind... I am not a security person but 
>> I kinda do care about it and have some basic understanding and am slightly 
>> paranoid.
>> I am currently running a DELL Precision 5520, which has vt-d. But it is 
>> owned by my company which I am leaving soon, and then I will have to switch 
>> back to my desktop, an old Intel 3700K without vt-d.
>> I am wondering, compared to my precision laptop with vt-d, what attack 
>> vectors will open up? The desktop will be connected to an Ubiquity router 
>> via Ethernet cable (no WLAN) which is in turn connected to a normal Cable 
>> modem. Is this reasonably safe? Is the NetVM mostly useful for WLAN or also 
>> for Ethernet?
>> I am a normal person, soon working as a developer at Amazon (so I would say 
>> while I am not high-profile, people might have interest in attacking me to 
>> gain access to AWS or any other Amazon service)...
>> Cheers
>> Mara
>>
>> Well for what I remember, you may not have any choice since for R4.0 you 
>> won't be able to install without vt-d activated. I have kinda the same 
>> problem. I will have to change the CPU from mthe laptop where qubes is 
>> installed to make it compatible.
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to qubes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to qubes-users@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/qubes-users/02c07ac0-1578-4b33-96ff-1412de3ba133%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/S_X6ylPGCA7Uo4UtwpudNnYCWivvWd2frBgsaGn4rQgehtQHEzfaxArst4HhSn25_yj-fde1TtkoP1jAVlRq4TIpyIW6zEakoMLHIiep8DM%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: What are the disadvantages of NOT having vt-d?

2017-12-13 Thread charly LEMMINKÄINEN 
Le jeudi 14 décembre 2017 01:27:23 UTC+1, Chris a écrit :
> Hi,
> 
> 
> 
> I am an avid user of Qubes OS and I love what you have done. Finally I have a 
> feeling of security and a peace of mind... I am not a security person but I 
> kinda do care about it and have some basic understanding and am slightly 
> paranoid.
> 
> 
> 
> I am currently running a DELL Precision 5520, which has vt-d. But it is owned 
> by my company which I am leaving soon, and then I will have to switch back to 
> my desktop, an old Intel 3700K without vt-d. 
> 
> 
> 
> I am wondering, compared to my precision laptop with vt-d, what attack 
> vectors will open up? The desktop will be connected to an Ubiquity router via 
> Ethernet cable (no WLAN) which is in turn connected to a normal Cable modem. 
> Is this reasonably safe? Is the NetVM mostly useful for WLAN or also for 
> Ethernet?
> 
> 
> 
> I am a normal person, soon working as a developer at Amazon (so I would say 
> while I am not high-profile, people might have interest in attacking me to 
> gain access to AWS or any other Amazon service)...
> 
> 
> 
> Cheers
> 
> Mara

Well for what I remember, you may not have any choice since for R4.0 you won't 
be able to install without vt-d activated. I have kinda the same problem. I 
will have to change the CPU from mthe laptop where qubes is installed to make 
it compatible.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/02c07ac0-1578-4b33-96ff-1412de3ba133%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.