-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, May 12, 2020 at 06:22:50AM -0700, bradbury9 wrote: > Looks like a new evil maid attack [1][2] that takes advantage of the > thunderbolt port is on the wild. > > I do recall Qubes OS had anti evil maid features. I wonder, are Qubes OS > protected against this new attack? > > [1]: https://www.schneier.com/blog/archives/2020/05/attack_against_2.html > [2]: https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/
In theory, my answer would be "IOMMU isolates Thunderbolt devices, so it isn't a concern". But unfortunately practice can far from it: 1. As mentioned in the advisory, effective IOMMU isolation for Thunderbolt is available in hardware produced in 2019+ only. 2. Configuring IOMMU for hot-pluggable devices is generally racy. In Qubes we do disable PCI hotplug handling in kernel, but that's only a small obstacle for the attacker, in many cases bypassable - - unless proper IOMMU configuration is applied at the right time, in many cases device can access host memory even if no driver is loaded for it. So, my advice would be to disable Thunderbolt until further notice. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl67OOYACgkQ24/THMrX 1yy7ggf9GIWc6+/lXO0P3TozLj7iIaBIUkZtT/OerXywiNivnPrRQ4Ybmmia/UQ+ mF07GsDBzxv6ZxSVEdw3YjGqJpwvVbb1fCXeeb7Nd98GpwKmzfbL07JKZ8Bkp1Mf pYeEXfZk4MwVsGwwxJB7mjtWoaYMSFE391Ql/njquLFFCo70FPt+NN5yY+wuv5SA KardT7UG0a5tn7IabyaAU7Bx7Q1rU9gZVvm6EHy//tSqxMw4VXhAmXo7uoeaUiUL Bvq2ls/2B/eIbhm0HDv3cmDaeOUOYMaejdGkIvlhRxBzN5E4tOqrsrGxnpzpMFiI 3yTgFIL2gU1yCsniei7/9Gxbp8Te0A== =iVxs -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20200513000143.GH1178%40mail-itl.
