Ahh, very interesting! I think QubesOS only does mitigations, not microupdates. So that’s a point for linux in linux vs qubesos. I need to spend more time learning about these cpu vulnerabilities. One of the things I like about QubesOS is they do many security stuff that many of users don’t know about or understand. For example QubesOS doesn’t use the GPU in the Qubes because an attacker could get control of the GPU and see everything that the GPU renders which means seeing the host (dom0) and all the Qubes.

I guess you can do that on Linux as well by disabling kvm passthrough of the GPU to the VMs.

And maybe disabling hyperthreading like QubesOS does isn’t necessary on Linux if the cpu microupdates from Linux kernel already solves that cpu vulnerability. Many things for me to look into regarding these cpu vulnerabilities.

QubesOS does make compartmentalizing much easier and smoother experience though.

yeah the elites who run the world have limitless money for the lobbying. I don’t think it’s possible to win this war on their turf under their rigged rules. Revolution is the only way but I don’t think that’s a realistic possibility neither. They have so many ways to divide and conquer.

problem is getting everyone to do revolution at the same time. That’s one of the purposes of mass surveillance, they can detect the early beginnings of organization and send them to prison before it grows into a big snowball.

On https://osresearch.net/ it says Linux kernel has some mitigations but it doesn’t protect entirely.

I hope you are right, it would really make it easier if it’s just an external boot rom flash that is needed. I mean I know that feds can plant chips in the silicon and you wouldn’t find it if they had covert physical access and there’s no glitter nail polish to protect the screws, but in this case they are not the adversary, in this case it’s just random cyber criminals who are the adversary when you buy a second hand laptop.

That article I linked to seems to suggest the malware can persist by hiding in any usb peripheral even camera. I think bluetooth is usb as well if i am not mixing it up with something else but i remember reading bluetooth is actually using usb bus. But anyway you mentioned only the boot rom and EC, you didn’t mention other peripherals so that’s why I’m replying and asking what you know about it. Do you think that linked article is mostly FUD and a bit incorrect when it says a malware can hide in the hardwired webcam or other USB components inside the computer?

Intel ME and AMD PSP, in conspiracy-speak are kinda like government backdoors, closed source, undocumented, with huge control over a processor.

In theory it’s possible that intel me is made to be spyware/backdoor for feds but I don’t think it is because if it was then why are there so many cyber criminals in the world who the feds can’t catch? There are lots of cyber criminals on the top wanted lists and feds want to catch them so badly. And that’s just the non-affiliated cyber criminals, then there are also nation sponsored hackers for example north korea has been in spotlight recently for crypto hacks. And if intel me really was what we fear it could be in theory then usa’s enemies like russia and china would be instantly defeated.

So even if it’s possible in theory because it’s cpu proprietary firmware with its own OS and that’s scary but if it really was abused that way then wouldn’t the world be a completely different situation?

Also, intel wouldn’t need to have a backdoor in intel me. This source puts it well (https://deploy-preview-244--privsec-dev.netlify.app/posts/knowledge/laptop-hardware-security/):

Intel and AMD do not need the co-processor to implement a backdoor - they can simply introduce CPU vulnerabilities like Spectre and Meltdown if they want to. If you do not trust a CPU vendor, the only mitigation is to not use said vendor.

So if you read that article, he says there’s no point in buying an old brick just to be able to disable intel me because of the above quote.

You have to negotiate.

They: Do you have whatsapp?

You: No i hate that app but we can use Rehnijobuboba, heard of that?

They: No and there’s no way I’m installing something I can’t even speak.

You: Ok, you dont want to install that and I don’t want whatsapp, lets meet halfway and use Signal together!

They: Fine.

I have respect for what you’re saying and I would like to think you’re right. I don’t have the experience myself to know, I just listen to what experts like you are saying. But I have also read other experts say worrying things like this (https://www.srlabs.de/blog-post/usb-peripherals-turn):

To make matters worse, cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive.

Once infected, computers and their USB peripherals can never be trusted again.

What do you think about that?

And if you want to get tin foil hatty. How do you know you werent man in the middled when you bought a laptop from a retailer. What if a bad actor installed or tampered with the new laptop you bought. And now is less secure than a second hand laptop because joe down the street doesnt care what you do with the laptop as long as he gets paid.

That is part of the unavoidable risk. There are some entities we can’t avoid having to place some trust in. But I think the risk is higher buying second hand instead of from a reputable brand and off the shelf. And the previous owner was also at risk of such a mitm attack from the vendor.

Lets say you have your laptop and sombody steals it. Your using LUKS full disk encryption right? Lets say you did for this example, your headers for decryption are plaintext on boot. So a threat actor can use brutforce to crack your disk. You can setup LUKS to have your headers on a separate disk that you take with you. Its the equivalent of taking away a lock and a key. So all the threat actor is left with is a door.

If you have a password with 100+ entity then practically I don’t think we need to worry about bruteforce attack, or am I wrong about that? But you are still making a good point about there being many attack surfaces to defend against, it’s not only about where you buy it from.

It sounds like you’re saying buying used second hand laptops can’t have malware from the manufacturers, only new laptops can but that is wrong.

If you buy second hand you still have that risk of malware from manufacturers and you also have the risk of malware received because of previous owner bad opsec. So if you avoid second hand laptops then your risk is small but with second hand then its bigger risk.

https://osresearch.net/

oh, I should have understood that. I’ve read about “usb condoms” before. I wonder why a manufacturer for a charger would have those data carrying lines. Why don’t they just manufacture the connector without those data lines?

If they don’t want to use private communication then just leave it. If you want privacy you have to get used to having a less social life, at least online. That’s the key really, if you want a social life, you have to start going offline, out into the real world and meet people. Get to know your neighborhood a bit or join some outdoor activity or club or something. I know it’s weird at first about going outside because we’re all basement computer nerds but you will find freedom without all the online surveillance when you leave your home.

JK, because next challenge is to convince everyone you meet that they should leave their phones are home and if you thought getting people to use Signal is hard you have no idea because that’s just step 1.

should be able to cut D-/D+ and the SS lines

What do those lines do if they are ok to cut? And why we cutting them?

I also wonder if Boot Guard or USBGuard is enough to protect against a malicious charger. Becuase if the adversaries switch the charger out for their own malicious charger that looks the same but is going to be used to maybe record my password or something, then USBGuard should recognize it’s a different device? And I don’t know enough about Boot Guard, I guess Boot Guard doesn’t help in this situation because Boot Guard is just about during the Boot.

It was a good read, thanks for the link.

Problem for me is which experts do I listen to? The article you linked to says a lot of the experts in the privacy community are wrong (common misinformation). But how do I know who’s actually wrong? If two experts are arguing with each other, how do I know who’s right? I would have to become an expert as well before I can know that, or I have to go with the majority and hope they’re right.

There’s so much going on at boot, pre-boot, post-boot and everything, it’s tough to learn. Boot guard, intel txt, TPM, heads, etc. They all sound like they are doing same thing. And sometimes people use words like DRTM but they are talking about intel txt because txt is srtm or something like that. I’m just saying it’s difficult to learn about all this.

I guess there’s just no shortcut really. I am just going to have to keep reading and slowly and steadily keep learning about this until I become an expert as well.