Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

Hey guys you don't need a VGA ROM for the integrated graphics - they use coreboot native init. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

Hi, On Fri, Apr 06, 2018 at 08:25:37PM +0200, 799 wrote: > as described in the howto I have extracted the vga.rom from my own > BIOS-files. > I can use resume and the laptop reconnects its network adapters as soon as > it wakes up. > So far no issues at all. thanks for explaining. > > The

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On Fri, April 6, 2018 11:18 pm, 799 wrote: > Am 07.04.2018 12:35 vorm. schrieb "taii...@gmx.com" : > > > On 04/06/2018 05:22 AM, 799 wrote: > > >> It seems to me that if I run Coreboot with grub + encrypted boot, there >> is no need to run anti evil maid, as the boot partition

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

Am 07.04.2018 12:35 vorm. schrieb "taii...@gmx.com" : On 04/06/2018 05:22 AM, 799 wrote: > It seems to me that if I run Coreboot with grub + encrypted boot, there is > no need to run anti evil maid, as the boot partition can't be messed with. Assuming you set the write-lock on

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On 04/06/2018 05:22 AM, 799 wrote: > It seems to me that if I run Coreboot with grub + encrypted boot, there is > no need to run anti evil maid, as the boot partition can't be messed with. Assuming you set the write-lock on the flash descriptor and have a physical anti-tamper sticker on the case

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

Hello, On 6 April 2018 at 15:05, Holger Levsen wrote: > > On Fri, Apr 06, 2018 at 09:22:52AM +, 799 wrote: > > As mentioned I have also drafted a how-to to setup Coreboot on a X230, > > including building the pi, flashrom and extracting Blobs. > > out of curiosity:

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

hi, On Fri, Apr 06, 2018 at 09:22:52AM +, 799 wrote: > As mentioned I have also drafted a how-to to setup Coreboot on a X230, > including building the pi, flashrom and extracting Blobs. out of curiosity: does resume work reliably for you? For me it didnt with coreboot (and the free VGA bios)

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On 2018-04-06 09:22, 799 wrote: As mentioned I have also drafted a how-to to setup Coreboot on a X230, including building the pi, flashrom and extracting Blobs. My how-to is located in the Qubes Community docs. While I need to fill in some small gaps how to put the hardware parts together,

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On 2018-04-05 19:38, 799 wrote: Nice how-to, I'm currently writing something similar for my X230. Would you mind adding your howto to the Qubes Community doc repository, which we've established to work on howtos and docs until they're easy to be migrated to the official Qubes Docs. If you

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

Hello Giulio, G schrieb am Di., 27. März 2018, 21:35: > On 2018-03-27 18:10, G wrote: > > Hello, > > since it took a while for me to sum up all piece and a lot of trial > > and error to get the whole setup working i took some notes to help > > other who want to try something

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

Hello, G schrieb am Di., 27. März 2018, 20:10: > > since it took a while for me to sum up all piece and a lot of trial and > error to get the whole setup working i took some notes to help other who > want to try something similar. > Please note that everything written there is

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

G as in g-money? hehe just had to say that. The ME is capable of presenting a fake "softTPM" software based TPM but in this case I doubt that is what the X220 has - and there is no reason as to why a TPM shouldn't work with a cleaned ME as it doesn't involve the ME it communicates directly on the

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On 03/27/2018 02:10 PM, G wrote: > Hello, > since it took a while for me to sum up all piece and a lot of trial > and error to get the whole setup working i took some notes to help > other who want to try something similar. > Please note that everything written there is public domain (so >

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On 2018-03-28 12:14, G wrote: You're right. So the no ME no TPM rule probably apply only when using the stock bios. I just noticed coreboot recently pushed a commit fixing a problem in TPM activation https://github.com/coreboot/coreboot/commit/676887d2e2e474f70a8ebb1b6065f71e4e81001d maybe

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On 2018-03-28 11:42, 'awokd' via qubes-users wrote: On Wed, March 28, 2018 8:13 am, G wrote: I looked into adding a secondary TPM, maybe in the ExpressCard slot but it looks like no such piece of hardware exist. Or maybe there's a way to use the integrated TPM without the Intel ME but i

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On Wed, March 28, 2018 8:13 am, G wrote: > > I looked into adding a secondary TPM, maybe in the ExpressCard slot but > it looks like no such piece of hardware exist. Or maybe there's a way to > use the integrated TPM without the Intel ME but i don't have the skills to > research in that

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On 2018-03-27 22:17, awokd wrote: PS Have you seen Heads? http://osresearch.net/ Nope i didn't know it. By the overview it looks like a very good idea but i have yet to understand all the details. Still the problem is that currently one has to choose between keeping the Intel ME active or

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On Tue, March 27, 2018 7:35 pm, G wrote: > On 2018-03-27 18:10, G wrote: > >> Hello, >> since it took a while for me to sum up all piece and a lot of trial and >> error to get the whole setup working i took some notes to help other who >> want to try something similar. Please note that everything

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

On 2018-03-27 18:10, G wrote: Hello, since it took a while for me to sum up all piece and a lot of trial and error to get the whole setup working i took some notes to help other who want to try something similar. Please note that everything written there is public domain (so copy-edit-whatever).