On Tuesday, September 27, 2016 at 3:35:54 PM UTC-4, johny...@sigaint.org wrote: > > On Tuesday, September 27, 2016 at 6:51:31 AM UTC-4, neilh...@gmail.com > > wrote: > >> If I think a computer has been infected, is there anything else I should > >> wipe/re-install other than > >> > >> 1. Hard Drive / Operating System > >> > >> 2. BIOS > > This also brings up the question of BIOS vs. EFI, which has some parallels > to the Ethernet vs. WiFi security discussion in that other exciting > thread. > > EFI supposedly has more lines of code than the Linux kernel, which can't > be good. > > In my opinion, the device drivers should manage the hardware, not the > motherboard's BIOS/EFI. The BIOS should be just enough to get the base > system loaded from disk, and it can do its thing. > > The complexity and attack surface of EFI concerns me, which is why I'm > glad to stick with BIOS, until I'm forced to EFI. (Also, I'm broke, lol. > Another reason I'm sticking with my BIOS-based motherboards.) > > (will Qubes 4.0 force that as well? Likely the newer hardware required > for Qubes 4.0 will be EFI-only, so the question may be moot.) > > I know TPM/Anti-Evil-Maid is an EFI-only thing, and supposedly a useful > (essential?) thing for boot security. But is it worth the massive amount > of extra code involved? > > Any opinions on the BIOS vs. EFI thing, from a security standpoint? > > JJ
I agree. Just ask hacking team. Its less secure and imo has no benefits to qubes users if not even using secure boot. If using secure boot then its up for debate. Secure boot would be nice addition to go with aem. Although it seems its a controversial subject because people Like Richard Stallman and Joanna have been talking for a while now of the concerns regarding intel ME/amt/vpro in general as an unchecked balance which can lead to potential unknown backdoors. Richard Stallman actually says he is not against uefi in its current form, only because he considers it a failure for its original intended purpose...lol and secure boot is a reasonalbe use of it. He is against what he calls "restricted boot" which imo is not a warranted concern of mine since I have not run into a retail mobo I could not disable secure boot on or add my own keys to. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b178f9d6-e72a-4477-b1b8-f04dddaac3ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.