Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-07-31 10:39:55 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add section on trusting hardware

Browse source
This commit is contained in:
Andrew David Wong 2020-08-31 15:37:25 -05:00
parent 37029d1164
commit 96399b2593
No known key found for this signature in database
GPG key ID: 8CE137352A019A17
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
user/downloading-installing-upgrading/install-security.md
View file

@ -10,6 +10,19 @@ redirect_from:
# Installation Security Considerations # # Installation Security Considerations #
There are several security matters to consider before and during the Qubes
installation process.
## Trusting your Hardware ##
No operating system, not even Qubes, can help you if you're installing it on
hardware that is already compromised. This includes CPUs, GPUs, SSDs, HDDs, and
BIOS/EFI/UEFI. Unfortunately, in today's world of undetectable supply chain
attacks, there are no easy solutions. (Tools like [Anti Evil Maid (AEM)][AEM]
can help with *maintaining* the trustworthiness of your hardware, but not with
establishing it in the first place.)
## Verifying the Qubes ISO ## ## Verifying the Qubes ISO ##
@ -80,6 +93,7 @@ Considering the pros and cons of each, perhaps a USB drive with non-rewritable
switch might be the option. switch might be the option.
[AEM]: /doc/anti-evil-maid/
[verify]: /security/verifying-signatures/ [verify]: /security/verifying-signatures/
[classic problem]: https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf [classic problem]: https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
[solutions]: https://www.dwheeler.com/trusting-trust/ [solutions]: https://www.dwheeler.com/trusting-trust/