[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    [qubes-users] Modern laptops, Intel ME, and AEM
From:       tetrahedra via qubes-users <qubes-users () googlegroups ! com>
Date:       2019-11-27 11:08:01
Message-ID: 20191127110801.GA7404 () danwin1210 ! me
[Download RAW message or body]

On Tue, Nov 26, 2019 at 01:05:08PM -0800, Lambda wrote:
> Lenovo's 2019 laptop is currently on sale and their CPU selection[1]
> includes:
> - i7-9750H: no vPro, No Out-of-Band Systems Management
> - i7-9850H: vPro, Intel ME Disabled

[--]

> I'm aware that for AEM support I would need to have ME and TXT 1.2. But
> those CPUs have TPM 2.x

What's the state of modern laptops when it comes to disabling ME and/or
using anti-evil-maid features?

The Lenovo X1 Carbon Gen 6 is "unofficially" the standard for Qubes
developers, but only the (much older) X230 supports the HEADS
Anti-Evil-Maid solution (which is different from Qubes AEM, and
apparently better).

(Coreboot is not supported on the Carbon Gen 6 as far as I know)

Similarly I've read that the X230 is the last laptop where it's
reasonable to disable Intel ME, but the above email suggests even much
newer laptops are available without ME.

For users who care about hardware security, do any modern laptops offer
the capabilities of the older ones, or is "an upgrade necessarily a
downgrade" in this case?

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/20191127110801.GA7404%40danwin1210.me.


[prev in list] [next in list] [prev in thread] [next in thread]