zlacker

>>doener+(OP)
If I read that right, they're allowing Intel ME, which sounds like a sad compromise to me. Given that it's a pretty big complex black box that one can't easily disable, would you agree that x86 is doomed when it comes to security? If that's the case, is there any hope we could have a CPU with competitive capabilities? (For example, is there an i7 alternative for ARM?)

What could one do to make it possible to have ME-less x86 in the future?

>>d33+y5
I think the whole point of Qubes OS is t not trust hardware because of potential BIOS or ME backdoors.

Joanna Rutkowska, Qubes founder, is the person who brought up intel ME as a problem in her paper Intel x86 considered harmful (https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf).

>>zer0to+m7
You can't run trusted software on untrusted hardware. If someone has a backdoor in your ME, you can't protect yourself from it.

>>adrian+ti
The point of Qubes is not perfection. It instead tries to put in barriers so that compromising one part does not compromise the whole.

>>slayma+Gn
If I understand it correctly, ME has basically unrestricted access to RAM, bypassing the CPU and any restrictions the hypervisor and/or operating system may impose.

If I can peek and poke around in your RAM as I please, no amount of cleverness is going to save you if my intentions are malicious.

(Don't worry, though, I have no such intentions, and I don't fiddle with other people's RAM as a matter of principle, unless they ask me to. ;-))