On 2018-03-27 22:17, awokd wrote:
PS Have you seen Heads? http://osresearch.net/
Nope i didn't know it. By the overview it looks like a very good idea but i have yet to understand all the details. Still the problem is that currently one has to choose between keeping the Intel ME active or have a working TPM.
I tried starting a discussion on the tradeoffs of both https://groups.google.com/forum/#!topic/qubes-users/JEEaDRZpnpA and as other users pointed out, while it stills depend on your threat model, the Intel ME pose a potential remote threat while the TPM should help notice a physical attack (given coreboot is flashed with write protection).
I looked into adding a secondary TPM, maybe in the ExpressCard slot but it looks like no such piece of hardware exist. Or maybe there's a way to use the integrated TPM without the Intel ME but i don't have the skills to research in that direction.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c346292aa1c1a38b6a92abbe79e7facc%40anche.no. For more options, visit https://groups.google.com/d/optout.