On Thu, August 23, 2018 8:03 pm, [email protected] wrote: > On 08/23/2018 01:35 PM, [email protected] wrote:
>> Use an SSD that supports T13 ATA SANITIZE and TCG OPAL, and also >> remember to enable trim in dom0 ( >> https://www.qubes-os.org/doc/disk-trim/ ). Enable HW encryption (but >> also enable QUBES' software encryption). >> >> Bonus: using SSDs with the above features, when you are done with the >> system you can instantly (< 2s) erase all user data on the SSD by >> issuing either an ATA SANITIZE - CRYPTO SCRAMBLE EXT command or an OPAL >> PSID REVERT command (the latter requires the code printed on the drive >> label). >> > > Anything TCG is bad news - it was spawned by microsofts project > palladium "trusted computing" concept and it is not owner controlled. > > Do you trust proprietary closed source firmware to protect you? I don't > - those kinds of things have many holes. > > > There is no reason to use an SED drive. I think that's a bit over-broad. It depends on threat model, which varies from person to person. > In terms of encrypting boot that is generally impossible without the use > of coreboot Encrypting boot is one use case for SEDs when only light security is required. Will your average evil maid (or some thief who steals your laptop) have access to tools needed to defeat OPAL, assuming it's backdoored? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e9034b54663225703e059723e43796c.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
