On Wed, Dec 25, 2019 at 6:03 PM <brendan.h...@gmail.com> wrote: > Insurgo is providing a service. > > If one can do the steps themselves, that’s fine. > > If I were advising a somewhat less technical journalist or a potentially > targeted human-rights worker or politically targeted activist who just > wanted to get stuff done and had the resources, I’d point them to Insurgo. > > Brendan > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/7a7741f2-6b80-40be-a5a0-0f56b658f9fc%40googlegroups.com > . >
Hello there, Thierry Laurion from Insurgo Open Technologies. Thanks Brendan. I feel the need to clarify things a bit once in a while. This reply is one of those. This QubesOS community is large, and even if replies were done on Reddit and other posts here in the past, the same questions arises with the same scattered answers. Here is a combination of those answers. - Insurgo made grant applications so that actual best trustworthy unmaintained hardware becomes mainstreamed under coreboot, and added under Heads (extend Heads measured boot support of latest coreboot VBOOT+measured boot on Sandy/Ivy bridge xx30 and xx20 platforms: t530, t430, x220. Thanks to obtained NlNet grant for Accessible Security project). - Insurgo is attempting to gather developers, device manufacturers (RaptorEngineering) and funders around Power9-Power10 hardware based X86 alternative platform (PPC64le QubesOS platform support which has a bounty offer already but needs commited developers). Let's remember that their Blackbird/Talos II platforms recently got RYF certification. - The last x86 platform having met RYF criteria is the X200, thanks to the Libreboot project, which removed Intel ME. - Since then, the x86 platforms have blobs we have to accept/deal with to make it trustworthier: - Sandy Bridge/Ivy bridge : EC firmware, Intel ME BUP ROMP modules. Coreboot doesnt rely on FSP blobs for initialization. ME is actually neutered (no kernel nor syslibs as opposed to newer platforms, just BUP and ROMP) and deactivated (AltMeDisable bit, not HAP bit). - More recent hardware requires ME with its kernel and syslibs binary blobs present, while ME is asked to be deactivated through HAP bit, requires Intel FSP and other binary blobs for hardware initialization. - Insurgo works to bridge the gap to broader QubesOS accessibility, so that users in need of remote support can have secured remote administration from trusted third parties (new revenue? AccessNow? Other third parties?) over hidden tor onion service from additional GUI (NlNet grant for Accessible Security project). - Insurgo tries its best to support Heads community through GitHub opened issues while promoting collaboration. - Insurgo tries its best to mainstream CI build systems to produce reproducible builds artifacts (this is broken for months and is still not resolved). - Insurgo tries to raise awareness of researchers and developers on the current state of "Open Source Firmware" (currently requiring FSP, ME or equivalent,not having completely neutered Intel ME while claiming it is deactivated, while system libraries and kernel is still there but latent...) This implies going to conferences, doing talks, confronting the status quo, researching, developing so we have alternatives in the future....while also doing the required clerical work. - Insurgo made QubesOS preinstallable for the first time on the PrivacyBeast X230, thanks to its reownership wizard which takes care of GPG key generation, internal ROM reflashing, TPM ownership and sealing of measurements, signing boot configuration, while enforcing diceware passphrases in the provisioning phase. The goal is to generalize it to other platforms. Ideally through collaboration... - Insurgo made the PrivacyBeast X230 certified by QubesOS, with a lot of work done on Heads that is unfortunately not upstreamed yet. Will go back at this, while branch is available through Gitlab and GitHub. - Insurgo collaborates with other parties to make needed work to have fwupd (firmware upgrades), available inside of QubesOS, including Heads firmware, thanks to NlNet Privacy and Trust grant, once again. - Insurgo tries to push verified boot to measure also the LVM containers inside of deployed QubesOS reencrypted disk installation, through Heads, so that third party OEMs could also deploy reproducible ROMs that are measureable, verify their reproducibility, have verified boot and known good QubesOS installation with safer defaults to deploy to users by themselves (LUKS discards, MAC randomization, sdcard attached to sys-usb and others). The user would not have to trust those third parties on the RoT. - Add internationalization into Heads, so that UK keyboards and other keymaps can be selected at first boot and saved into the ROM at ownership. - .... Other work required by both QubesOS, Heads and their subprojects for more accessible security and usability. There is something really interesting in the open source world. Bigger corporation will pay for the development work they require to fit their needs and upstream changes. This makes software and accomplished work feel like free as in free beer. Meanwhile, when a small player tries to make important changes for everyone in related projects, with really limited resources, people apply the same free as in free beer logic since they can buy second hand hardware online at lower price and do the reprogramming themselves, not understanding even the differences on the model they are buying and the changes in costs associated with the model they buy, nor the privilege they have to be able to do required technical work themselves nor the knowledge privilege they have of knowing that such hardware and free software exist with which their hardware can be freed with. Of course, you can and are encouraged to backup your SPI flash chips, unlock the rom, apply me_cleaner, flash ME and Heads back into SPI flash chips, replace the wifi card, factory reset your USB security dongle, seal secrets for remote attestation and sign boot components, if you are tech savvy enough to do it right, yourself. Meanwhile, Insurgo's goal is to facilitate that DIY, while still making money enough to pay itself and others to do the technical required work... so that you can do it yourself if you'd like, while organizations needing this kind of privacy/confidentiality/security for their users can also do the work for their users, without knowing all the technical details. On the X230 now, and other platforms in the near future. Meanwhile, the x230 i7 2.9ghz, with its IPS screen and replaced wifi card, maximized 16GB ram and 256GB SSD drive, which makes the PrivacyBeast X230 hardware, is the one of the last platform on which open source firmware can fully thrive, meeting QubesOS requirements, pushing things the farthest possible by truely neutering ME (releasing 5Mb of additional ROM space to do more stuff from the boot environment), using its TPM to do the measured boot functions, sealing secrets into a QR code that enforces remote attestation through TOTP (smartphone based manual validation) or HOTP USB security dongles (Librem Key/Nitrokey Pro and Nitrokey Storage which visually attests of firmware integrity with a green or red LED), while using OpenGPG functions of the smartcard to enforce verified boot on QubesOS core system components (/boot), making those root of trust required components tamper evident. Thanks for you time. Equip yourself accordingly. :) Thierry Laurion Insurgo, Open Technologies -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAzJznx%2BSgVSWOMvaohPf-im082uXqSqsu%3DLLL7P4N8rhXRKKA%40mail.gmail.com.