Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-25 07:35:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

glossary, tails updates

Browse source
This commit is contained in:
anarsec 2023-06-29 22:28:16 +00:00
parent 5494231a84
commit 4f1ae04890
No known key found for this signature in database
6 changed files with 26 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

2
content/posts/qubes/index.md
View file

@ -335,7 +335,7 @@ Kicksecure is [considered untested](https://www.kicksecure.com/wiki/Qubes#Servic
Hardware security is a nuanced subject, with three prominent factors at play for a Qubes OS computer:
* **Root of trust**: A secure element to store secrets that can be used as a root of trust during the boot process.
* **Blobs:** Newer hardware comes with [binary blobs](https://en.wikipedia.org/wiki/Binary_blob) which require trusting corporations to do the right thing, while some older hardware is available without binary blobs.
* **Microcode updates**: Newer hardware gets microcode updates to the CPU which (ideally) address security vulnerabilities as they are discovered, while older hardware doesn't after it is considered End Of Life. The [Heads threat model page](https://osresearch.net/Heads-threat-model/#binary-blobs-microcode-updates-and-transient-execution-vulnerabilities) explains why CPU vulnerabilities matter:
* **Microcode updates**: Newer hardware gets [microcode](https://en.wikipedia.org/wiki/Microcode) updates to the CPU which (ideally) address security vulnerabilities as they are discovered, while older hardware doesn't after it is considered End Of Life. The [Heads threat model page](https://osresearch.net/Heads-threat-model/#binary-blobs-microcode-updates-and-transient-execution-vulnerabilities) explains why CPU vulnerabilities matter:
>"With the disclosure of the Spectre and Meltdown vulnerabilities in January 2018, it became apparent that most processors manufactured since the late 1990s can potentially be compromised by attacks made possible because of [transient execution CPU vulnerabilities](https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability). [...] Future not-yet-identified vulnerabilities of this kind is likely. For users of Qubes OS, this class of vulnerabilities can additionally compromise the enforced isolation of virtual machines, and it is prudent to take the risks associated with these vulnerabilities into account when deciding on a platform on which to run Heads and Qubes OS."