[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] From what things Qubes is not able to protect you?
From:       Robin Schneider <ypid () riseup ! net>
Date:       2015-12-31 11:32:15
Message-ID: 5685123F.6040401 () riseup ! net
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 31.12.2015 03:37, roberto gonzales wrote:
> 
> 
> I would like to know what Qubes does not protect from.
> 
> For example, one of this things is installing Qubes on a PC with a 
> pre-infected BIOS. This is the same for all other pre-infected hardware 
> like hard drives or processors?
> 
> And what other kind of things or attacks Qubes is not able to protect
> form?
> 
> Thanks a lot.

Hi

Even with Qubes OS, you still need secure hardware, at least to a certain
extend. Joanna Rutkowska described that in a recent talk as as set of three
layers:

3. Apps
2. OS
1. Hardware

which means that the level of security you can achieve is always limited to
your hardware.

Qubes OS does a pretty good job at protecting itself/you from attacks
originating from peripherals which are attached to your CPU via PCI by
utilizing IOMMU support of Xen/x86. Most other OSes don't protect themselves
against PCI devices and are thus vulnerable to DMA attacks.

The closer it gets to the CPU (which you ultimately need to trust), the
trickier it becomes. The BIOS is closer and heavily involved in the boot process
.
If it is pre-infected, I think there is not much Qubes OS can do about it as
the BIOS provides the SMM code which can be activated even when the OS has
"control" of the platform and the OS has no means to disable this.

If however your BIOS is not pre-infected, Qubes OS in combination with Anti
Evil Maid is able to tell you if you BIOS got infected later (with certain
limits as described in "Intel x86 considered harmful").

Also, there are problems like Intel ME which could be infected/malicious.

To solve some of this issues, Joanna wrote a paper called "State considered
harmful" which I think is pretty cool as it allows you to further limit the
possibility of hardware/firmware infections and it even allows you to "lock"
Intel ME so that even if it where malicious it could not leak your private key
(at least make it much more difficult).

Hope that helps.

Refer to and source of information:
*
https://media.ccc.de/v/32c3-7352-towards_reasonably_trustworthy_x86_laptops#vide
o
* https://github.com/rootkovska/x86_harmful
* https://github.com/rootkovska/state_harmful
* https://www.qubes-os.org/doc/anti-evil-maid/
* https://media.ccc.de/v/32c3-7343-beyond_anti_evil_maid#video

- -- 
Live long and prosper
Robin `ypid` Schneider
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWhRI/AAoJEIb9mAu/GkD46xUQAI1PMkdJLILiZ0gHbm3qU/or
4khBxxKRgVdmN8RMJVtKRi6PVr8wE1Mh2BFBKUKvBYeeFSo5y7s4i8oHphIMFAe2
S8Cqt8T53kLdHENG4QlhJtg7fxmUjkjSFjQ5XSyRCdpqPbLCYkC4gl31WwHoNOqx
jFog2NSsAD7gdEFKKzi0sKE6hZm7SLne75JPUug9v9jDGFLCk7koY2IxG8fye4+e
8kOfYE7d4OaBnJ3ggoag9ZN/TRlJpq/jZHuysd1Ek6Qai8qm9UXcFcAUiGn8cXG/
i6w6v5Pboi8D6k5P7+pZ/ZAp55OtbSRTz5A9cadVLIW6lZtixqZa3cb14g4EnhX1
Ud6sy+oZoZlzLv6ihhUHOl/MUDVulgTwoFPr2+++5wNrtrICGr5C9bSybbQBtM0z
JeNVIlR4RFwCuKzXSkZszvfQcMg4ipkmkj0ARXcqYjlQkWwewaonnsu0QylQr+W5
1IuSpJtBGjHPjWUCeLX64KVDRdwP0zgsu0v9Y3UW61d6SfkBFIejfZQO1oIaN/XA
h4bYarCnILRcNYHidYzkElvi1oNrjSJC2UBqqradpz1AFiDoYzzSsNXQlvALzbd+
rX/OzdHGAd6qTRwJGQ4ERhJEpPNrG4ekoPmmQDGKcGRkGmr14vxQbaEVeJJLKtLT
RsgXyCjsW3YYplzzU8rl
=bT6S
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/5685123F.6040401%40riseup.net. For more \
options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]