-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 08/29/2017 04:50 PM, cyberian@national.shitposting.agency wrote: > Leo Gaspard, > > I have read about AEM but have never used it, it seems like it is > geared towards protecting from USB's with malicious firmware on > them. > > Does AEM actually verify the integrity of /boot before using? This > is what I am looking for, either a method of encrypting /boot or > even better, a secure method to verify its integrity during boot >
AEM does verify the integrity of /boot using the TPM seal/unseal operation. If any of the boot components change, AEM falls back to regular, unmeasured boot -- the user is expected to notice this and cease using the potentially-compromised system (the lack of explicit indication of failed AEM boot is deliberate, see the last FAQ item at [1]). The security provided by AEM is much more stronger than encrypted /boot could ever offer, because as already pointed out, there is always a little first-stage bootloader stub on the disk unencrypted and it would be easy to overwrite it with a malicious version that would intercept the encryption passphrase and exfiltrate it using eg. unused disk sectors. If someone did the above with AEM, the TPM would refuse to useal the AEM secret as the platform state would be different. The feature protecting dom0 from malicious USB devices [2] serves a different purpose and is not related to AEM. Plus, you always need to disconnect all untrusted USB devices while rebooting Qubes, regardless of whether you have USB qube set up or not. Cheers, Patrik [1] https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html [2] https://www.qubes-os.org/doc/usb/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZpYp/AAoJEFwecd8DH5rlYLsP/iV4ZHkYPAzWp8aNHMXaZ4sc 1yZaYE4v2jvdnVdOV2Y7Rxny+4wKAhv3W/XDgW+PDc5HkM41+OyA516/rzapZk/t /Qa3og/ciZwT0DTMaB31mJ+1mj6IYyPfxOk0tKfK8zNp6UwzlNPrE0mhkT8nTt32 M85Bcju5ighXVPyMD8c1v+y6eRLrFTPN9tsfMTH/PUOP/ogPjNbLByz/W3zAoVyO CvylzRiJM2XfGDdYrAF1qcOQi3bkgxiL29Wy3C8fDbfkBcDMz3Br7NOpYtZSpetH umpEp0RcRybmlXszp2i2GItzRCIdPNAd1QtWCK6lT41CbiNlm+QHwd9Z3mzWZgRN JaikqWN6haLRORZO5r+vhFb5mRrV5y9uWblXFPQrsgkkUCM7UtmK9jfnFqFSQbO2 yP6ork3mUuGzHZzt7oc2PfpjYE55CU/wxM6C10QErZvA0+eDYzhkx+Rh/Eaoporz Ad2zF0G0BBUjJ0mt4HPpomL5fTAZoZnoqEFK1Xe7m7VYDklINIgVGYjhi4Ektbma VSW6PfXTUs9Be816pxFSCg9n8GlU0fsdp/1xFitRWCUv69aV7jFs+YsCn+XhuZzF vjqLp97hDDElv8Gzd5/R/tuQmmdmvXmJN3olp++mnjLCceIHq6JTlT3KTAgX/sFB jKp0HqjSdwU7USBWIo7B =nrKy -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/38703b18-acec-7c59-d2ec-257a84e9021e%40gmail.com. For more options, visit https://groups.google.com/d/optout.
0x031F9AE5.asc
Description: application/pgp-keys
0x031F9AE5.asc.sig
Description: PGP signature
