Git-Mirrors/Qubes-Community-Content
1
0
Fork 0
mirror of https://github.com/Qubes-Community/Contents.git synced 2025-01-03 11:31:04 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix links

Browse Source
This commit is contained in:
awokd 2018-03-10 10:24:52 +00:00 committed by GitHub
parent cd780ddc7b
commit 3f0ea40433
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
guides/hardware-tree.md
View File

@ -18,16 +18,16 @@ Click on the links, read the supporting information if desired, reach a conclusi
Are you concerned about potential manufacturer [hardware backdoors](https://libreboot.org/faq.html#intel)? Are you concerned about potential manufacturer [hardware backdoors](https://libreboot.org/faq.html#intel)?
[Yes](/doc/hardware-tree/#concerned) [Yes](/guides/hardware-tree/#concerned)
[No](/doc/hardware-tree/#unconcerned) [No](/guides/hardware-tree/#unconcerned)
### Concerned ### ### Concerned ###
Are you concerned about [blobs](https://www.coreboot.org/Binary_situation) being used to initialize hardware? Are you concerned about [blobs](https://www.coreboot.org/Binary_situation) being used to initialize hardware?
[Yes](/doc/hardware-tree/#init) [Yes](/guides/hardware-tree/#init)
[No](/doc/hardware-tree/#mecleaner) [No](/guides/hardware-tree/#mecleaner)
[No, but I want AMD](/doc/hardware-tree/#amd) [No, but I want AMD](/guides/hardware-tree/#amd)
### Init ### ### Init ###
@ -35,8 +35,8 @@ Nearly all R4.0 capable systems require at least a CPU microcode blob, and often
However, there are still some options when it comes to running the [proprietary, unaudited code](https://www.coreboot.org/Intel_Management_Engine#Freedom_and_security_issues) for hardware initialization. However, there are still some options when it comes to running the [proprietary, unaudited code](https://www.coreboot.org/Intel_Management_Engine#Freedom_and_security_issues) for hardware initialization.
Do you want: Do you want:
[AMD](/doc/hardware-tree/#amd) [AMD](/guides/hardware-tree/#amd)
[Intel](/doc/hardware-tree/#intel) [Intel](/guides/hardware-tree/#intel)
### AMD ### ### AMD ###
@ -46,8 +46,8 @@ In theory there is an option to partially disable it, but no motherboard/BIOS ma
Form factor? Form factor?
[Laptop](/doc/hardware-tree/#amd-laptop) [Laptop](/guides/hardware-tree/#amd-laptop)
[Desktop](/doc/hardware-tree/#amd-desktop) [Desktop](/guides/hardware-tree/#amd-desktop)
### AMD Laptop ### ### AMD Laptop ###
@ -65,15 +65,15 @@ Unfortunately, all R4.0 capable Intel hardware requires use of at least the [BUP
[Weaknesses](https://mobile.twitter.com/rootkovska/status/938458875522666497) have been found in this proprietary, non-owner-controlled code. [Weaknesses](https://mobile.twitter.com/rootkovska/status/938458875522666497) have been found in this proprietary, non-owner-controlled code.
There are some ways to restrict Intel ME after the initial BUP. There are some ways to restrict Intel ME after the initial BUP.
[Commercial](/doc/hardware-tree/#intel-commercial) [Commercial](/guides/hardware-tree/#intel-commercial)
[DIY](/doc/hardware-tree/#intel-diy) [DIY](/guides/hardware-tree/#intel-diy)
### Intel Commercial ### ### Intel Commercial ###
These vendors have systems available that partially disable Intel ME after the initial hardware initialization: System76, Purism, Dell. These vendors have systems available that partially disable Intel ME after the initial hardware initialization: System76, Purism, Dell.
Implementations vary, so research the vendors. Implementations vary, so research the vendors.
Prefer ones that use Coreboot instead of closed-source, [proprietary](https://www.kb.cert.org/vuls/id/758382) [UEFI firmware](https://www.securityweek.com/researchers-find-several-uefi-vulnerabilities). Prefer ones that use Coreboot instead of closed-source, [proprietary](https://www.kb.cert.org/vuls/id/758382) [UEFI firmware](https://www.securityweek.com/researchers-find-several-uefi-vulnerabilities).
Search the [HCL](/doc/hcl) for a compatible system. Search the [HCL](https://www.qubes-os.org/hcl/) for a compatible system.
[Search the mailing list](https://www.mail-archive.com/qubes-users@googlegroups.com/) for additional reports. [Search the mailing list](https://www.mail-archive.com/qubes-users@googlegroups.com/) for additional reports.
### Intel DIY ### ### Intel DIY ###
@ -81,8 +81,8 @@ Search the [HCL](/doc/hcl) for a compatible system.
Closed-source, proprietary UEFI firmware has its own [set](https://www.kb.cert.org/vuls/id/758382) of [vulnerabilities](https://www.securityweek.com/researchers-find-several-uefi-vulnerabilities). Closed-source, proprietary UEFI firmware has its own [set](https://www.kb.cert.org/vuls/id/758382) of [vulnerabilities](https://www.securityweek.com/researchers-find-several-uefi-vulnerabilities).
Do these concern you? Do these concern you?
[Yes](/doc/hardware-tree/#coreboot) [Yes](/guides/hardware-tree/#coreboot)
[No](/doc/hardware-tree/#mecleaner) [No](/guides/hardware-tree/#mecleaner)
### Coreboot ### ### Coreboot ###
@ -93,13 +93,13 @@ Flash your system with Coreboot, including [ME_Cleaner](https://github.com/corna
### MECleaner ### ### MECleaner ###
Search the [HCL](/doc/hcl) for a compatible system. Search the [HCL](https://www.qubes-os.org/hcl/) for a compatible system.
[Search the mailing list](https://www.mail-archive.com/qubes-users@googlegroups.com/) for additional reports. [Search the mailing list](https://www.mail-archive.com/qubes-users@googlegroups.com/) for additional reports.
Follow the instructions [here](https://github.com/corna/me_cleaner) to partially disable Intel ME. Follow the instructions [here](https://github.com/corna/me_cleaner) to partially disable Intel ME.
### Unconcerned ### ### Unconcerned ###
Search the [HCL](/doc/hcl) for an R4.0 compatible system. Search the [HCL](https://www.qubes-os.org/hcl/) for an R4.0 compatible system.
[Search the mailing list](https://www.mail-archive.com/qubes-users@googlegroups.com/) for additional reports. [Search the mailing list](https://www.mail-archive.com/qubes-users@googlegroups.com/) for additional reports.
If selecting a desktop, you may also want to include and use a third party NIC in an expansion slot instead of the onboard Ethernet. If selecting a desktop, you may also want to include and use a third party NIC in an expansion slot instead of the onboard Ethernet.
This will help avoid overt network communications from onboard management. This will help avoid overt network communications from onboard management.