On Mon, March 19, 2018 5:03 pm, Giulio wrote: > In summary, > are the TPM benefits enough to forcw me to keep the ME? I know this may be > more subjective depending on everyone's own threat model but i would like > to hear opinions on it.
Like you said, depends on threat model. TPM would allow you to use Anti-Evil Maid in Qubes, which helps prevent local tampering with the device. There are some other measures that can also help deter local tampering such as keeping GRUB/boot off local storage or SED (depending how much you trust your manufacturer's implementation). ME with AMT and known and potentially more unknown exploits permits remote/network tampering with the device. ME without AMT and unknown exploits may also permit remote/network tampering or escalations of privilege. Since the source code is closed, there's no way for an end-user to be sure. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f43b1be88eef8c948132feb7d800126.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.