Thanks
A related question...
does the fact that UEFI allows for pre-os networking present any problems to the Qubes security model?
why are you so obsessed with microsoft. Once again, it would have nothing to do with them. Richard Stallman admitted he was wrong. Why can't you?
Other distributions use a shim bootloader signed with a Microsoft key. It might be adventitious for QubesOS to do the same. I can't think of a major downside to it right now. It could make installation a bit easier. Some systems may not have the option for secure boot to be deactivated.
I disabled secure boot, but I'm stuck trying to get QubesOS to install. Fighting with a nmi watchdog bug soft lockup. Maybe I'll start another thread about that if I can't get it figured out.
As of 2015, treacherous computing has been implemented for PCs in the form of the “Trusted Platform Module”; however, for practical reasons, the TPM has proved a total failure for the goal of providing a platform for remote attestation to verify Digital Restrictions Management. Thus, companies implement DRM using other methods. At present, “Trusted Platform Modules” are not being used for DRM at all, and there are reasons to think that it will not be feasible to use them for DRM. Ironically, this means that the only current uses of the “Trusted Platform Modules” are the innocent secondary uses—for instance, to verify that no one has surreptitiously changed the system in a computer.
*Therefore, we conclude that the “Trusted Platform Modules” available for PCs are not dangerous, and there is no reason not to include one in a computer or support it in system software.
This does not mean that everything is rosy. Other hardware systems for blocking the owner of a computer from changing the software in it are in use in some ARM PCs as well as processors in portable phones, cars, TVs and other devices, and these are fully as bad as we expected.
This also does not mean that remote attestation is harmless. If ever a device succeeds in implementing that, it will be a grave threat to users' freedom. The current “Trusted Platform Module” is harmless only because it failed in the attempt to make remote attestation feasible. We must not presume that all future attempts will fail too.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAL8H3o9mGQP2Oqnjt4sL0_obqOMdmo1ch%2BOWT%2B_p7RSqicstBg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.