Discussion on Purism

Insurgo · August 11, 2024, 10:19pm

As I pointed before @TommyTran732 and to anyone thinking compromising measured boot is trivial, I layed down the tooling for anyone wanting to further protection / prove measured boot not enough to understand and break it once and for all under WiP: introspection - replicate TPM PCRs measurements directly from measured content (TCPA/TPM Event log) by tlaurion · Pull Request #1568 · linuxboot/heads · GitHub

Just use it for the bad to faster the development of something good/better.

Until then, it was proven non trivial. You refusing to read it, test it, prove you understand how a TPM extend/seal/unseal/quote ops work, extract/replay/tamper bootblock anchored measured boot is yet to be proven flawed beyond just theoretical attack by anyone/to everyone. Please just do it and like I said: you’ll get the world’s attention. Until then, you are in denial. And this echo chamber is not the place (not my place) to discuss this further.

EDIT: added repro notes directly at WiP: introspection - replicate TPM PCRs measurements directly from measured content (TCPA/TPM Event log) by tlaurion · Pull Request #1568 · linuxboot/heads · GitHub to entice Evil-Made PoC by anyone willing to take that challenge to move theoretical vuln into a practical, reproducible PoC. Up for the challenge with more than words but code? PLEASE DO IT.

Insurgo · August 15, 2024, 2:25pm

And again, for the sake of this thread, I already replied extensively with my own learnings and criticisms at "Maybe I messed up my qubes installation?" related support questions involving "some" Heads subtleties, aka "How to disable autostarting of service qubes at boot without Grub interface" - #8 by Insurgo

(tags: firmware, testing, security, Purism, QubeOS certification process, oem disk installation, salt, kick-start what should be the next steps, where collaboration is needed etc etc etc)

adrelanos · October 26, 2024, 11:04am

Do you have the corresponding video?

apparatus · October 26, 2024, 11:14am

FranklyFlawless · October 27, 2024, 10:29am

Direct video link:

FranklyFlawless · January 13, 2025, 11:21am

I moved this topic to the #all-around-qubes category due to these posts:

fiftyfourthparallel:

This is thread is a showcase of why a trusted level of 2 should be needed to participate in tangential discussions (though some might argue that this is directly relevant to Qubes). Relevant thread here.

Once a product/company had been badmouthed there’s a pattern of new accounts being made with the sole purpose of taking a side. Two brand new accounts are posting here, for example, and neither seem to have an interest in Qubes. What’s worse, they’re making lengthy posts that take considerable effort to get through. This is obviously leading to increased workloads for the mod(s) and clogging up the moderation queue.

As I’ve mentioned before, I’m not going to bother arguing with those in entrenched positions spouting long-winded sophistry, since I have better things to do with my time.

fiftyfourthparallel:

Thank you for this detailed and informative post.

“Not having some ancient piece of hardware” – Do you manually verify every piece of hardware in a laptop that you’re interested in? If so, what resources do you use?

Memory encryption – Pardon my naivete, but why is it important beyond the context of cold boot attacks; and if it’s that important, why would Apple choose to forgo it? Especially since it should be easy to implement given their other security features.

I’ve been using Dell for the last few years but I’ve personally experienced a rash of hardware defects and now I’m considering alternatives. What are your thoughts on HP?

I’m somewhat glad the mods haven’t shut it down this thread yet, but it’s snowballing into something that belongs in the restricted category (and this post doesn’t help).

If @moderators and/or trust level 3/Regular users would rather prefer the topic goes back into the General Discussion category, simply move it again.

barto · January 13, 2025, 2:22pm

access to category

Isn’t “All around Qubes” somehow access-restricted?
[After checking] → yes it is:

Sven · January 13, 2025, 3:24pm

Moved back to `General Discussion`.

It doesn’t seem appropriate to move this mega-thread after all this years. As @fsflover outlined: this is hardware specifically marketed towards Qubes OS users and their experiences and impressions with the vendor are on-topic.

FranklyFlawless · January 14, 2025, 7:14am

Sure, although Purism primarily targets PureOS, not Qubes OS.

capsizebacklog · January 15, 2025, 8:38am

How can I know if the glitter nail polish is acryllic or gel?
I’ve had a very bad experience trying to ask questions about glitter nail polish at local stores that sell glitter nail polish. They always answer “don’t know”.

FranklyFlawless · January 15, 2025, 9:54am

At a glance, thickness of the applied polish is a giveaway. Gel is thicker while acrylic is thinner.

barto · January 15, 2025, 3:56pm

Gel is thicker while acrylic is thinner.

As a straight guy, I wouldn’t know

Insurgo · January 16, 2025, 5:42pm

Trammel recommended this brand. Shipped all privacy beast with it. Worked awesome.