Re: [qubes-users] X230 vs Purism - real world attack probability
scurge1tl: Are the inits opensource by default or it needs to be flashed too? Not sure what you mean by inits. Coreboot is open source. The only required blobs are CPU microcode and video BIOS. Also how does the G505S stand against X230 in regards of performance? You could maybe check some benchmark sites, but don't forget to factor in speed decreases on the Intel due to mitigations. It's fine for regular use, but wouldn't try gaming or video editing on it. I suppose it can run Qubes without any issues. Is it? Yes, runs well here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e151f2a-5de6-5ef3-0779-28e8e8434a42%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] X230 vs Purism - real world attack probability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'awokd' via qubes-users: > scurge1tl: > >> Can the G505S be bought in the setup you mentioned, with CPU/RAM >> HW init opensource and so on, or it is needed to hack it myself? >> What is the performance of the X230 versus G505S? Seems that >> X230 and G505S have 1366x768. Is there full HD option? Can the >> Ram be upgraded to 16GB on both? > > You need to Coreboot a G505s yourself with a hardware flash. No HD > option, but it supports 16GB RAM. > Are the inits opensource by default or it needs to be flashed too? Also how does the G505S stand against X230 in regards of performance? I suppose it can run Qubes without any issues. Is it? Thank you. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzuwNBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UxBJA//UvHzk/0oNswv+zM7KxBeVSV43XomDN2vuezJyE0Lq9t+M1ykht88wDOp kq5BXN60CNWd8F95DiHjrmeErTNCkGPjNI8IWxh5N6rDCDwyOO0kD0p/xlXdxvU4 L3KEb+wRdxI0/BMjJEgPi9Cfrjn9kgWYYoTcbJqDQMdN+PlZy6rA4xcMk2gIoUN3 MiONCJ0b5bfmohAW5YIUsMLq3nG929gKn8VujsMRjZ9jNeHehgxtViZi9rpLiUbT N+lNXJ5Y/JT1Qu/oTXu1iAQDnJcX98GA9fubna8swBma90sykTgKAz93qf5H5oKI vjtthK9nIjVSKo+fuvAHUVUPvEK22NweX5DV7AacWo2su6J7onsVO3V29Bfqn5ia +T3fhqL88nN2VRyHp9TrXH33T6cpznAYhI8ITkknMxQeVCKjpPrF6r/35mMbFaZ8 AV6F2IpJKIqRD8DFsweqqYYXAwP6WdrCxmeDSxFxVeALDZ4IIalJqX+L1yL9zRUD j+yxfM+NjW1wEjcoL6rM0+vqZzqqMZ8VqAZNACvVWtQPHb6E/HYZHjzLyIAHhIph u9FcoFrxRFmdDoUCoEZB4jjV904YDxQ6BsJxHe+L0FvjXgoH/MTh3IGwKiqEQJ2k guzvaFJefahJT//u5U8nxsa1DlaowrT2Zme5x/C7paX/5aYYNhM= =4Z6K -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d7cae21a-e357-b4cf-5b19-0dcccaeb663e%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] X230 vs Purism - real world attack probability
scurge1tl: Can the G505S be bought in the setup you mentioned, with CPU/RAM HW init opensource and so on, or it is needed to hack it myself? What is the performance of the X230 versus G505S? Seems that X230 and G505S have 1366x768. Is there full HD option? Can the Ram be upgraded to 16GB on both? You need to Coreboot a G505s yourself with a hardware flash. No HD option, but it supports 16GB RAM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5bed10f7-395b-3231-49f9-45d621b0db62%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] X230 vs Purism - real world attack probability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 taii...@gmx.com: > On 05/21/2019 09:52 AM, scurge1tl wrote: >> I have a question related to the decision about what laptop is >> the better option for Qubes usage, from the security point of >> view, in the real world. >> >> The question is related to the IME on Intel, PSP on AMD and >> other Hardware holes. I took these laptop examples to sample the >> differences somehow. >> >> Pose the non-existent micro controllers updates, like in case of >> X230 with IME disabled and corebooted, which doesn't but get >> these updates anymore, > > What updates? who told you that? What micro controllers? I heard that many times during discussions. I am not a programmer so I have to rely on others to evaluate the situation. > >> higher risk than only partial disabling of the IME by Purism >> which still but gets the micro controllers updates? Or is it a >> vice versa? >> >> If I would like to have a strong security position, in case of >> the laptop Hardware with Qubes, and would decide in between the >> two, which variant will be more prone to the real world attacks? >> What attack vectors are available in both cases? For example, is >> one of the cases more resistant to the remote exploitation. Is >> one of the options forcing an attacker more to execute an attack >> with physical access than the other option? >> > > pur.company is junk, they are an incredibly dishonest company that > sells "coreboot open firmware librem" machines that have a hw init > process that is entirely performed via the Intel FSP binary blob. > > The x230 is far more free than anything pur.company could sell > you, freeing intel fsp won't happen due to how difficult it would > be without documentation and how long it would take and it is both > impossible and illegal to free Intel ME. > > Illegal? Yes - ME/PSP is a DRM mechanism and bypassing them is > illegal in the usa where they are based. > > But since the 230 still has an ME abit more nerfed than the > purijunk you should get a G505S which has no ME/PSP and is the most > free laptop option. You mention G505S. Can it run Qubes without issues? > > Pur.junk = me kernel+init code run (not disabled), HW init 100% > blobbed - performed via Intel FSP X230 = me init code runs (not > disabled), HW init is open source G505S = No ME/PSP, CPU/RAM hw > init is open source, graphics/power mgmt requires blob but IOMMU > prevents them from messing with stuff. - the most free Can the G505S be bought in the setup you mentioned, with CPU/RAM HW init opensource and so on, or it is needed to hack it myself? What is the performance of the X230 versus G505S? Seems that X230 and G505S have 1366x768. Is there full HD option? Can the Ram be upgraded to 16GB on both? > > pur.company lies by claiming their ME is "disabled" when the kernel > and init code still run. > > > I don't want to say their name as they send someone out of the > woodwork to defend them and waste my time every time someone > mentions them in a negative light they go and start claiming that > they are "doing their best" - whereas various other much newer > companies are actually selling owner controlled libre firmware > trustworthy general computing hardware proving their claims of > "doing our best" to be bullshit. > > If you want more info see my other posts as I have made many of > them re: pur.company or laptop/desktop/workstation selections. > -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztYvBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uy78A/+N+BL/lLBodnYBR7yfrOisHvUtxMacQ2A/m6+4OAsZSRyGVN+qxSOg269 LZgxwZfaJuWZuuhPGuLftY7j7Vz4zopgPjlcVQ0UR01HD9jx16lXD3E2mvGxxuSr gwOY1FlrknV15qFl/V1HvGXKXpqOCKOyPUjdjSyGpB8kc0lvjAaC1KDj09G6CzXF scp98rOLFYbvIairEfWuiIvwjTmfwyTxNQRrG7hYomiE5EzDslPT4Owpoky9RGzj T3ICHJq2pq/8GqgnX7DarxkPRlKt7VNMg6ZdfoCkeN+zqty0T2WMvre77kgAlykQ HMh+hdkrGztFapM1lA1PBifxNhznxDcsICEzl5khPyey3sZYkA1HVZ37Z+SVMYyB XtbFc+vFx8l0uEhyXlJkotgxg+1liguReK3KCn1t75CpUsiVrQI2dtxC7Ns3SjmI H/Hlg30Ju4KV9emb0icNHwtv9HhE9huOnFzKS3KjGHTn+GrS0ubzQXfvRmfrAFbC Kwz6OYQP6VsX4FwJek6UwS+rfTyHi50Uef/QvxKqN3OyukonVfGFzB+l7EWZthpd U63IdtVD0dcHag27qh65ayPXwTTLLHxpa+52eHxnxI+19u2RT5XErhdEDBzL9UDC kghFEw/Rmt1sGaG93+vRRVFpyph1JWnyyQEbnji/FAx72ALv754= =YmLb -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a16d0794-a892-0a75-16f9-6bf20aa2fb29%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] X230 vs Purism - real world attack probability
On 05/21/2019 09:52 AM, scurge1tl wrote: > I have a question related to the decision about what laptop is the > better option for Qubes usage, from the security point of view, in the > real world. > > The question is related to the IME on Intel, PSP on AMD and other > Hardware holes. I took these laptop examples to sample the differences > somehow. > > Pose the non-existent micro controllers updates, like in case of X230 > with IME disabled and corebooted, which doesn't but get these updates > anymore, What updates? who told you that? What micro controllers? > higher risk than only partial disabling of the IME by Purism > which still but gets the micro controllers updates? Or is it a vice > versa? > > If I would like to have a strong security position, in case of the > laptop Hardware with Qubes, and would decide in between the two, which > variant will be more prone to the real world attacks? What attack > vectors are available in both cases? For example, is one of the cases > more resistant to the remote exploitation. Is one of the options > forcing an attacker more to execute an attack with physical access > than the other option? > pur.company is junk, they are an incredibly dishonest company that sells "coreboot open firmware librem" machines that have a hw init process that is entirely performed via the Intel FSP binary blob. The x230 is far more free than anything pur.company could sell you, freeing intel fsp won't happen due to how difficult it would be without documentation and how long it would take and it is both impossible and illegal to free Intel ME. Illegal? Yes - ME/PSP is a DRM mechanism and bypassing them is illegal in the usa where they are based. But since the 230 still has an ME abit more nerfed than the purijunk you should get a G505S which has no ME/PSP and is the most free laptop option. Pur.junk = me kernel+init code run (not disabled), HW init 100% blobbed - performed via Intel FSP X230 = me init code runs (not disabled), HW init is open source G505S = No ME/PSP, CPU/RAM hw init is open source, graphics/power mgmt requires blob but IOMMU prevents them from messing with stuff. - the most free pur.company lies by claiming their ME is "disabled" when the kernel and init code still run. I don't want to say their name as they send someone out of the woodwork to defend them and waste my time every time someone mentions them in a negative light they go and start claiming that they are "doing their best" - whereas various other much newer companies are actually selling owner controlled libre firmware trustworthy general computing hardware proving their claims of "doing our best" to be bullshit. If you want more info see my other posts as I have made many of them re: pur.company or laptop/desktop/workstation selections. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cbcead23-63af-c5b7-26c5-99ba40047341%40gmx.com. For more options, visit https://groups.google.com/d/optout. 0xDF372A17.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: [qubes-users] X230 vs Purism - real world attack probability
scurge1tl: I have a question related to the decision about what laptop is the better option for Qubes usage, from the security point of view, in the real world. The question is related to the IME on Intel, PSP on AMD and other Hardware holes. I took these laptop examples to sample the differences somehow. Pose the non-existent micro controllers updates, like in case of X230 with IME disabled and corebooted, which doesn't but get these updates anymore, higher risk than only partial disabling of the IME by Purism which still but gets the micro controllers updates? Or is it a vice versa? If I would like to have a strong security position, in case of the laptop Hardware with Qubes, and would decide in between the two, which variant will be more prone to the real world attacks? What attack vectors are available in both cases? For example, is one of the cases more resistant to the remote exploitation. Is one of the options forcing an attacker more to execute an attack with physical access than the other option? Which micro controllers do you mean, hard drive? I don't see any vendors commonly shipping updates for those, and peripherals are user replaceable on both. Real world attacks on both at the hardware level are currently slim, unless you've given reason to someone else to spend time or resources targeting you directly. Exception might be USB drives, since it appears relatively easy to compromise those at the manufacturer's level. Some have shipped with viruses, for example. You might want to consider AMD as well. Their CPUs have been more resistant to some of the recent attacks than Intel. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2757a4e8-c61f-da5e-2d6e-64c6f8b49494%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] X230 vs Purism - real world attack probability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I have a question related to the decision about what laptop is the better option for Qubes usage, from the security point of view, in the real world. The question is related to the IME on Intel, PSP on AMD and other Hardware holes. I took these laptop examples to sample the differences somehow. Pose the non-existent micro controllers updates, like in case of X230 with IME disabled and corebooted, which doesn't but get these updates anymore, higher risk than only partial disabling of the IME by Purism which still but gets the micro controllers updates? Or is it a vice versa? If I would like to have a strong security position, in case of the laptop Hardware with Qubes, and would decide in between the two, which variant will be more prone to the real world attacks? What attack vectors are available in both cases? For example, is one of the cases more resistant to the remote exploitation. Is one of the options forcing an attacker more to execute an attack with physical access than the other option? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzkAp9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzOVBAAvH7Wp+GJSrKoptNX5OEzxm9Q3FEkgVgnaZ57HlIH94TCy3Rc+kk+cR5m DGghaSnhSOvOxEKgZXM1g6+KIAUUH1yNRfSKkmPQANjUgrhs65VsNd1miKOzkLmV 5INzHAtiOvTQFYuCaBkzIvuxPaHDqOyDyIOSVxgzeQOYJ7k4NgGWCES7hUHrp2f2 TmhSZwdWqaNo1n6YJZvLetKj8ZxqqJwg/T0GPzvmMHo9KGohx8mHWVPFsVsRFhgM ObcvPRempjhLE4aZR6UVKoJOxf2M6VPYFzghejeFb7wh3ncha9c38dspWV4ALlIj lC7K5fXFWH0t7TX0YreXWnxQgdMKuCBHY9KZFKXnHPDKg/X5QXJtduabY/ZhqU/g 6+rW8MSEE6PrhIjQWKU4Zvw3y58zKePqwCCgHOZwpguQ+uUr1ZFjyKVnjSKGlPgF QnH9rHqMQY9FNTnYCSuD5hoXAifXQg7AZ2MlB83SkbekMRjf5XsSRGDQ29cewKG/ igDFRgH3UCe0dwwqHY3hzshxKkPCvqcmkQiyb+G8nYSVeaYuzilbC+q1MEZ1xQS/ 0uhNJ8ysLk8CoQRKUCc18dctKUCWdmqicJlvoeliEovUK3rAY/Uy5q86z8Ad5A42 PNraTWlfOfQ2wegc+YEPv37341+LPXSbt2RzHOg9BAaRkvupFWk= =N5BL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c2b8746e-a005-2086-aa05-12fb0ed41955%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys 0xC1F4E83AF470A4ED.asc.sig Description: Binary data