Re: [qubes-users] Qubes with newer hardware and error messages still safe enough?
On 12/14/2018 03:42 PM, Achim Patzner wrote: > On 20181213 at 19:20 -0800 Sphere wrote: >> If only I could establish my own CPU production company I would definitely >> support libre hardware/libreboot/coreboot and such but sadly we are in a >> world with high demands to processing and stuff and due to how there is >> hardly any support for libre hardware, the processing needs are hardly >> filled out and even more so with limited budget. > > You could have bought a Power 9-based board and (4-core/16-thread) CPU > for less than $1000 a few weeks ago. Yeah they're made in usa, fully owner controlled and the raptorcs OpenPOWER9 boards like the TALOS 2 and Blackbird have real open source firmware with open hw init directly from the factory. The prices are pretty good vs non-free intel/amd server hardware in the same performance/feature class OpenPOWER is now the only owner controlled performance cpu arch. Note that qubes/xen doesn't currently run on it but you can use POWER-KVM/POWER-IOMMU/POWER-IOMMU-GFX virt in the meantime. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bafd0829-a6a7-e56e-6af8-df774ea6a47d%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes with newer hardware and error messages still safe enough?
On 20181213 at 19:20 -0800 Sphere wrote: > If only I could establish my own CPU production company I would definitely > support libre hardware/libreboot/coreboot and such but sadly we are in a > world with high demands to processing and stuff and due to how there is > hardly any support for libre hardware, the processing needs are hardly filled > out and even more so with limited budget. You could have bought a Power 9-based board and (4-core/16-thread) CPU for less than $1000 a few weeks ago. Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/33d5345b1850fe7e96963df9f158d056b5e893d7.camel%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes with newer hardware and error messages still safe enough?
> It is not an option - it can't be disabled! By Option I mean, an option whether or not to ride along with PSP despite the known horror it brings. If only I could establish my own CPU production company I would definitely support libre hardware/libreboot/coreboot and such but sadly we are in a world with high demands to processing and stuff and due to how there is hardly any support for libre hardware, the processing needs are hardly filled out and even more so with limited budget. I checked KGPE-D16 KCMA-D8 g505s coreboot and it seems good so long as you have enough budget. Say I would make a KVM server or ESXi server out of this for the purpose of gaming VMs running AAA games, which CPU and RAM models would you suggest? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e3150547-a9c8-4059-b29a-56e1b7fce537%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes with newer hardware and error messages still safe enough?
On 12/12/2018 09:11 PM, Sphere wrote: > On Thursday, December 13, 2018 at 9:59:27 AM UTC+8, tai...@gmx.com wrote: >> On 12/12/2018 03:56 PM wrote: >>> New to Qubes with basic Linux knowledge i installed successfully a desktop >>> system with follwing configuration: >>> >>> Qubes 4.0, CPU Ryzen 5 2400G, MB ASRock B450 Pro4, GPU Radeon R7 370, 32 GB >>> RAM >>> >>> I can update templates and install appvms without issues. Everything works. >>> >>> My question is now: On Boot screen i get some error messages (see following >>> screen). Possibly there is a lack of safety i can not estimate. Everything >>> works but under the surface i did not know if it is as safe as it should >>> be. Are there some basic tests which should be made? Or is it enough when >>> the system works? >>> >> >> Well you are stuck with a system that has a very obvious frontdoor >> backdoor called AMD PSP platform "security" processor (as in security >> from you) that prevents you from doing as you please with the system >> firmware hence it is not really your computer. >> >> If you want one that is owner controlled and has free (as in freedom) >> open source firmware I have written many walls of text on this subject >> so just use a non-google search engine to find my previous posts. >> >> You also are using gmail which is really bad if you care about not being >> put of of work or murdered by a robot - your emails and re-captcha >> solves are fed in to a massive database that helps googles AI research >> including killer robots like project maven and also of course sold to >> advertisers and anyone else who can pay. >> >> I do not load images from random people if you want help you have to >> send text only. > > How about give us keywords to help us search this and have it at the first > search result? KGPE-D16 KCMA-D8 g505s coreboot - your keywords :D Just search my email address and look at what I post on threads asking for board recommendations > > As for stefanne's inquiry, here are my thoughts: > It's usually normal to see error messages on start of a linux system cause > consumer motherboards production processes still have no proper arrangement > to fully support Linux operating systems much to our dismay. > To check the level of your safety, I recommend you produce one of these and > see the results: > https://www.qubes-os.org/doc/hcl/#generating-and-submitting-new-reports > > If it's a yes on HVM, IOMMU, and SLAT then that means your hardware works > very well on Qubes. To further increase security, I recommend you to turn off > SMT (Simultaneous Multi-threading) as recently there's been a high surge of > vulnerabilities involving multi-threading/hyperthreading and will probably > haunt us for years to come. Nah that only applies to intel's HT and he has an AMD system. > > Additionally, if you have an entry of IOMMU=no > Go search around your BIOS setup for an option like AMD-Vi or IOMMU and set > that to enabled. > Product another report to check and see if the entry changes to IOMMU=yes > IOMMU is essential because it protects you from alot of complex attacks like > Direct Memory Access (DMA) attacks. > > Lastly, check for updates everyday and never neglect them for maximum > security! > After all this, you may want to configure a VPN. > > As for the Platform Security Processor, well it's an option for people > whether or not they would go with it. It is not an option - it can't be disabled! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b7cb4ce5-550e-27f2-6a16-8339cfc47658%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes with newer hardware and error messages still safe enough?
On Thursday, December 13, 2018 at 9:59:27 AM UTC+8, tai...@gmx.com wrote: > On 12/12/2018 03:56 PM wrote: > > New to Qubes with basic Linux knowledge i installed successfully a desktop > > system with follwing configuration: > > > > Qubes 4.0, CPU Ryzen 5 2400G, MB ASRock B450 Pro4, GPU Radeon R7 370, 32 GB > > RAM > > > > I can update templates and install appvms without issues. Everything works. > > > > My question is now: On Boot screen i get some error messages (see following > > screen). Possibly there is a lack of safety i can not estimate. Everything > > works but under the surface i did not know if it is as safe as it should > > be. Are there some basic tests which should be made? Or is it enough when > > the system works? > > > > Well you are stuck with a system that has a very obvious frontdoor > backdoor called AMD PSP platform "security" processor (as in security > from you) that prevents you from doing as you please with the system > firmware hence it is not really your computer. > > If you want one that is owner controlled and has free (as in freedom) > open source firmware I have written many walls of text on this subject > so just use a non-google search engine to find my previous posts. > > You also are using gmail which is really bad if you care about not being > put of of work or murdered by a robot - your emails and re-captcha > solves are fed in to a massive database that helps googles AI research > including killer robots like project maven and also of course sold to > advertisers and anyone else who can pay. > > I do not load images from random people if you want help you have to > send text only. How about give us keywords to help us search this and have it at the first search result? As for stefanne's inquiry, here are my thoughts: It's usually normal to see error messages on start of a linux system cause consumer motherboards production processes still have no proper arrangement to fully support Linux operating systems much to our dismay. To check the level of your safety, I recommend you produce one of these and see the results: https://www.qubes-os.org/doc/hcl/#generating-and-submitting-new-reports If it's a yes on HVM, IOMMU, and SLAT then that means your hardware works very well on Qubes. To further increase security, I recommend you to turn off SMT (Simultaneous Multi-threading) as recently there's been a high surge of vulnerabilities involving multi-threading/hyperthreading and will probably haunt us for years to come. Additionally, if you have an entry of IOMMU=no Go search around your BIOS setup for an option like AMD-Vi or IOMMU and set that to enabled. Product another report to check and see if the entry changes to IOMMU=yes IOMMU is essential because it protects you from alot of complex attacks like Direct Memory Access (DMA) attacks. Lastly, check for updates everyday and never neglect them for maximum security! After all this, you may want to configure a VPN. As for the Platform Security Processor, well it's an option for people whether or not they would go with it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6f243b3-d1db-4ed5-9e77-b8f7bf5ae37b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes with newer hardware and error messages still safe enough?
On 12/12/2018 03:56 PM, stefanneuhaus2...@gmail.com wrote: > New to Qubes with basic Linux knowledge i installed successfully a desktop > system with follwing configuration: > > Qubes 4.0, CPU Ryzen 5 2400G, MB ASRock B450 Pro4, GPU Radeon R7 370, 32 GB > RAM > > I can update templates and install appvms without issues. Everything works. > > My question is now: On Boot screen i get some error messages (see following > screen). Possibly there is a lack of safety i can not estimate. Everything > works but under the surface i did not know if it is as safe as it should be. > Are there some basic tests which should be made? Or is it enough when the > system works? > Well you are stuck with a system that has a very obvious frontdoor backdoor called AMD PSP platform "security" processor (as in security from you) that prevents you from doing as you please with the system firmware hence it is not really your computer. If you want one that is owner controlled and has free (as in freedom) open source firmware I have written many walls of text on this subject so just use a non-google search engine to find my previous posts. You also are using gmail which is really bad if you care about not being put of of work or murdered by a robot - your emails and re-captcha solves are fed in to a massive database that helps googles AI research including killer robots like project maven and also of course sold to advertisers and anyone else who can pay. I do not load images from random people if you want help you have to send text only. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a2e9400b-89b3-3aa4-62f7-a7935081bd2a%40gmx.com. For more options, visit https://groups.google.com/d/optout.
