[qubes-users] Re: Dual Boot - Live CD Knoppix & USB-SSD Qubes?

2016-10-24 Thread raahelps 
On Sunday, October 23, 2016 at 4:55:32 PM UTC-4, 1'0934178'09384'1092438'091432 
wrote:
> Hello,
> 
> if nobody can control the BIOS, if it is maybe or maybe not clean and 
> infected with a root-kit in some way...
> 
> Will it not be some advantage, if the stateless laptop has a firmware-module, 
> which is mobile? $
> So I can unplug the firmware, the PC-body is without interest, because it has 
> no persistent Memory (like the lapdoc of Motorola).
> The best, would be, if the mobile module exists of two components, the SSD 
> disk and the firmware module. 
> Both can be stored on a safe place and replaced by plug an play.
> In advantage, with a second module some Dual Host system will run also. Safe 
> Plug and Play for Qubes or Windows or Ubuntu or... 
> 
> Sure, there should be a disaster recovery plan for the firmware module, how 
> you make sure, that you came back to a clean System with Firmware Security, 
> so you can start a real clean re-installation of the OS, if necessary.
> 
> And in the last case a cheap replacement of the Firmware-Module (e.g. that 
> for security reasons you will replace it all 30 days, because it might be 
> some cheap electronic device, instead of the hole PC).
> 
> The firmware/hardware must be complete in some sense, so you need only to 
> update the BIOS with security considerations, but not to expand the 
> configuration-stuff in some way (This leads to a more complete systems, 
> including touch screen, 3D).
> 
> Will this work in some way?
> 
> So you would have different ways to start with a proofen clean Firmware?
> 
> Kind Regards

sounds interesting if you can manufacture it.   Some experts say it is possible 
to infect bios and these firmwares remotely as well,  not just physically.  As 
some experts claimed with hacking teams bios malware that infected insyde uefi 
bios in oem systems.

I would also suggest if very worried about this type of attack to use something 
like AEM to detect if something did indeed change, hopefully. I would like see 
qubes get secure boot eventually also that can be used alongside aem for even 
better measurement.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/596e219b-7a2b-4a4d-a128-f615eb38e06c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Dual Boot - Live CD Knoppix & USB-SSD Qubes?

2016-10-23 Thread 1'0934178'09384'1092438'091432 
Hello,

if nobody can control the BIOS, if it is maybe or maybe not clean and infected 
with a root-kit in some way...

Will it not be some advantage, if the stateless laptop has a firmware-module, 
which is mobile? $
So I can unplug the firmware, the PC-body is without interest, because it has 
no persistent Memory (like the lapdoc of Motorola).
The best, would be, if the mobile module exists of two components, the SSD disk 
and the firmware module. 
Both can be stored on a safe place and replaced by plug an play.
In advantage, with a second module some Dual Host system will run also. Safe 
Plug and Play for Qubes or Windows or Ubuntu or... 

Sure, there should be a disaster recovery plan for the firmware module, how you 
make sure, that you came back to a clean System with Firmware Security, so you 
can start a real clean re-installation of the OS, if necessary.

And in the last case a cheap replacement of the Firmware-Module (e.g. that for 
security reasons you will replace it all 30 days, because it might be some 
cheap electronic device, instead of the hole PC).

The firmware/hardware must be complete in some sense, so you need only to 
update the BIOS with security considerations, but not to expand the 
configuration-stuff in some way (This leads to a more complete systems, 
including touch screen, 3D).

Will this work in some way?

So you would have different ways to start with a proofen clean Firmware?

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/760dce93-7467-4a54-9ad3-55a069c65f59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.