1. Hard Drive / Operating System
2. BIOS
Is there anything else that a hacker could possibly infect that needs to be wiped/re-installed..?
Thanks
any other firmware pci/dma devices attached to the system can be infected. BIOS might not even securely flash properly depending how you are doing it. For example doing it from operating system (DOS) might not be truly removing the malware. Might need a special dedicated device to flash it or ask company to send you a new bios chip to solder on. to be 100% sure you need to buy a new pc unfortunately lol.
I forget which blackhat event, they showed how you can think you are flashing a bios. But the malware will remain.
Here is interesting thread on reddit i Just found. https://www.reddit.com/r/badBIOS/comments/319qlf/spi_programmers_to_flash_bios_rootkits_bios/
regarding kvm/qemu, you probably need to use an hvm and its probably diffucult to set up. Probably would also run very slow. Not worth it imo. If your bios or dom0 gets compromised its already game over.
I agree. Just ask hacking team. Its less secure and imo has no benefits to qubes users if not even using secure boot. If using secure boot then its up for debate. Secure boot would be nice addition to go with aem. Although it seems its a controversial subject because people Like Richard Stallman and Joanna have been talking for a while now of the concerns regarding intel ME/amt/vpro in general as an unchecked balance which can lead to potential unknown backdoors.
Richard Stallman actually says he is not against uefi in its current form, only because he considers it a failure for its original intended purpose...lol and secure boot is a reasonalbe use of it. He is against what he calls "restricted boot" which imo is not a warranted concern of mine since I have not run into a retail mobo I could not disable secure boot on or add my own keys to.
Or what about a read-only BIOS in the first place..?
Is there any reason BIOS can't be read-only..?
I basically want a computer which is most easy to wipe/reinstall and then it's truly wiped.
How about Raspberry Pi..? That seems to have very few components.
You can get a motherboard that has a removable bios chip that you can just snap in to replace, Then call the company and have them send you one or two to hold onto for emergency lol. There is also mobos with dualbios, most ly this is for bringing a bricked board back to life.
Also don't forget malware can reside in other firmware also. SO that means all pci devices, like gpu, netcard. etc... most experts will tell you just to replace everything to be sure if you think you are compromised at that level and its important.
I use a raspberry pi as a print server with a usb printer for my qubes machine. Its great its just like running debian. and chromium running on it for google loud print for android devices. runs great.
I'm not sure if whether its integrated matters to how prone to compromise it is. I would imagine being able to replace a component you think compromised is better then not being able to, for example replacing gpu or netcard you think is compromised. But I don't know of many boards that dont' have some pci devices integrated so we probably have no choice. Again, only way to be 100% is probably to replace the whole system. With a laptop it would be more necessary probably.
Regarding attacking a specific motherboard or firmware, imo, this would all fall under that category of targeted attack. I think it is still very rare nowadays for some random or automated attack to infect your firmwares and bios. At least I hope it is lmao. Especially on a custom machine. But on the same token it is less rare nowadays for someone to be personally targeted by a persistent actor with lots of resources. So I guess it all depends on how paranoid you are and how much you are willing to spend. IMO I don't think there is much any of us can do against a very persistent attacker, especially if its the government.
when I say nothing you can do, I mean if you want to keep doing the things you want to do on a pc that make you vulnerable and out of your control in the first place unfortunately. Like walking down a public street.