Coreboot?
62 views
Skip to first unread message
ljul...@gmail.com
Aug 5, 2019, 4:58:21 PM8/5/19
to qubes-users
I was told that buying an used laptop represents an extra risk since the previous owner could have used the laptop with Qubes and got dom0 infected. After a little bit of research, I was told that installing coreboot would eliminate/delete any malware that, in a hypothetical case, took control of dom0 when the previous owner used the laptop for Qubes but I’m not too sure if this is true, do you guys thinks it’s true?
799
Aug 5, 2019, 5:21:28 PM8/5/19
to ljul...@gmail.com, qubes-users
Hello,
On Mon, 5 Aug 2019 at 22:58, <ljul...@gmail.com> wrote:
I was told that buying an used laptop represents an extra risk since the previous owner could have used the laptop with Qubes and got dom0 infected. After a little bit of research, I was told that installing coreboot would eliminate/delete any malware that, in a hypothetical case, took control of dom0 when the previous owner used the laptop for Qubes but I’m not too sure if this is true, do you guys thinks it’s true?
I would always replace the storage media in a used laptop to get a fresh SSD, as this is where your data is stored and you don't want to mess arround with a used SSD or HDDs. And with todays low prices for SSDs it's even more fun to do so.
If dom0 was "infected" you would not be affected if you use another ssd, you could of course also reinstall Qubes on the used device, but as mentioned above .. no reason to do so.
If the previous user has an infected or manipulated BIOS you can indeed reflash with coreboot, in fact I would always suggest to run coreboot if your laptop is able to do so - I would even reccomend to buy only devices which support coreboot (for example Lenovo X230 / T430 / W530 ...).
Keep in mind that an attacker could always place a tiny spy device inside a used laptop which can then be used to sniff your keyboard entries etc. But as this is an attack which is more likely used if you are a high priority target, I think that this scenario is quiet unlikely.
Therefore:
Buy a used Lenovo X/T/W x30, install coreboot and become a happy Qubes user.
If you need more information how to install coreboot, take a look here, where I tried to document a whole run through for a X230:
- O
awokd
Aug 5, 2019, 5:26:02 PM8/5/19
to qubes...@googlegroups.com
ljul...@gmail.com:
operating system, not the hardware. A Qubes dom0 infection, although
unlikely, is no different than a Windows or Linux infection, and can be
cleaned by formatting the drive. What you are concerned about is a
firmware infection, which is less likely to happen compared to other
OS's if someone was already running Qubes. Again, out of the hundreds of
thousands malwares out there, I've only heard of a couple that install
themselves at the firmware level so the chances of you finding a used
laptop with one are minimal. You need to weigh this against the
possibility that new laptops could also be infected. Some say all new
x86 laptops are backdoored, for example.
> After a little bit of research, I was told that installing coreboot would eliminate/delete any malware that, in a hypothetical case, took control of dom0 when the previous owner used the laptop for Qubes but I’m not too sure if this is true, do you guys thinks it’s true?
>
Yes, I believe flashing Coreboot would eliminate known system firmware
malwares. See 799's reply, he beat me to it!
You might also check out https://insurgo.ca/ if you're not comfortable
flashing yourself.
> I was told that buying an used laptop represents an extra risk since the previous owner could have used the laptop with Qubes and got dom0 infected.
There's some terminology mixed up here. Qubes' dom0 is part of the
operating system, not the hardware. A Qubes dom0 infection, although
unlikely, is no different than a Windows or Linux infection, and can be
cleaned by formatting the drive. What you are concerned about is a
firmware infection, which is less likely to happen compared to other
OS's if someone was already running Qubes. Again, out of the hundreds of
thousands malwares out there, I've only heard of a couple that install
themselves at the firmware level so the chances of you finding a used
laptop with one are minimal. You need to weigh this against the
possibility that new laptops could also be infected. Some say all new
x86 laptops are backdoored, for example.
> After a little bit of research, I was told that installing coreboot would eliminate/delete any malware that, in a hypothetical case, took control of dom0 when the previous owner used the laptop for Qubes but I’m not too sure if this is true, do you guys thinks it’s true?
>
malwares. See 799's reply, he beat me to it!
You might also check out https://insurgo.ca/ if you're not comfortable
flashing yourself.
ljul...@gmail.com
Aug 5, 2019, 6:38:54 PM8/5/19
to qubes-users
Thanks a lot for the reply. So if the previous owner’s dom0/laptop was infected, it wouldn’t have any effect on me if I change the SSD and install coreboot, am I understanding right? I apologise for my ignorance on this topic, I’m learning only now.
ljul...@gmail.com
Aug 5, 2019, 6:42:37 PM8/5/19
to qubes-users
So like installing coreboot should eliminate any malware installed at firmware levels, right?
799
Aug 9, 2019, 9:23:22 PM8/9/19
to ljul...@gmail.com, qubes-users
Hello,
<ljul...@gmail.com> schrieb am Di., 6. Aug. 2019, 00:42:
So like installing coreboot should eliminate any malware installed at firmware levels, right?
I would not use the very strong claim "any", because I can't backup this claim through knowledge (I am not a security specialist).
But using coreboot will offer the best approach protecting against firmware malware/attacks. There are not much reasons, why you should not consider running coreboot and if you buy most new hardware you are to install coreboot.
Therefore I would say that coreboot will improve the "reasonable" security ;-)
- O
Reply all
Reply to author
Forward
0 new messages