On Friday, December 21, 2018 at 6:56:22 PM UTC-5, John Smiley wrote: > A partial answer to my question about how much security is diminished when > using Thunderbolt comes from the Whonix doc on hardware hardening. > https://www.whonix.org/wiki/System_Hardening_Checklist#Anonymous_Blogging.2C_Posting.2C_Chat.2C_Email_and_File_Sharing > > "Disable or remove problematic devices like ExpressCard, PCMCIA, FireWire or > Thunderbolt which may allow attackers with physical access to read RAM."
For now that is probably wise as TB is basically an external PCIe bus. Recently hardware manufacturers and OS maintainers have started adding the (bios-configurable) option for device & host to cryptographically cross-sign the trustworthiness of a connection during first-time setup of a device by an elevated privilege account. Some recent linux distros support this now, but I don't believe Qubes supports it yet, though I am sure it will at some point in the future. B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d6bfe94b-cc26-4f72-b821-57ff1b814a61%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.