On Friday, February 10, 2017 at 3:02:23 AM UTC-8, john.david.r.smith wrote: > On 10/02/17 11:53, '0xDEADBEEF00' via qubes-users wrote: ... > > This also serves as a decoy, if I'm forced to boot my laptop when passing > > borders or so. > > > > Best, > > > > 0xdeadbeef > > dual booting opens a whole new attack surface. > is there a way to deal with this? > the other os may not be able to read/modify qubes due to encryption, but it > can write something malicious on the disk (e.g. some loader running before > qubes)
thats what AEM is for, but then, on most laptops, you lose iommu protection. the lemur7 from system76 has a pci bridged sd card reader, but you cant boot from it! if 0xdeadbeef is running on the dummy partition most of the time, this probably is not a problem, unless it runs into a badusb that can compromise bios or firmware. some laptops can have multiple internal drives, but since sometime after 2010, they stopped letting you disable devices in bios. havent found any modern ones that let you do this. maybe something can be done with coreboot if bootguard is disabled. but then you dont have bootguard protecting your bios. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc2fc2ca-145b-4970-8239-9791a24afd1d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
