zlacker

[return to "Toward a Reasonably Secure Laptop"]
1. HugoDa+bg[view] [source] 2017-07-11 14:05:02
>>doener+(OP)
"Finally, we are going to require that Qubes-certified hardware does not have any built-in USB-connected microphones (e.g. as part of a USB-connected built-in camera) that cannot be easily physically disabled by the user, e.g. via a convenient mechanical switch. However, it should be noted that the majority of laptops on the market that we have seen satisfy this condition out of the box, because their built-in microphones are typically connected to the internal audio device, which itself is a PCIe type of device. This is important, because such PCIe audio devices are – by default – assigned to Qubes’ (trusted) dom0 and exposed through our carefully designed protocol only to select AppVMs when the user explicitly chooses to do so."

This made me download Qubes. Amazing project that seems to care.

◧◩
2. emilfi+Sy[view] [source] 2017-07-11 16:19:33
>>HugoDa+bg
I don't understand the hate for USB.

The machine does nothing with them unless you give them permission to do something.

◧◩◪
3. wuch+xC[view] [source] 2017-07-11 16:39:50
>>emilfi+Sy
Problem is not what your machine does with an USB device, but what the USB device does with machine [0].

[0] https://security.stackexchange.com/questions/118854/attacks-...

◧◩◪◨
4. floatb+PU[view] [source] 2017-07-11 18:35:52
>>wuch+xC
> USB 3.1 does support DMA

Holy shit where did that come from o_0

> USB 3.0 runs as a binary blob in the BIOS

Is that running on the chipset or the CPU?

[go to top]