Hello,
Any concept of QubesOS product sales figures? Any idea?
1 Like
No, Qubes OS is free of charge.
1 Like
I mean hardware with pre-installed Xen/QubesOS.
Sales from vendors with Xen/QubesOS pre-installed.
1 Like
Pretty much a niche market⌠Iâm not aware of sales data being publicly available.
1 Like
Insurgo sells 200.
10 vendors, assume 200 each.
20,000 systems.
VERY niche.
2 Likes
The dollar amount for Qubes in a commercial context is not something that can be quantified but qualified.
Depending on the end userâs needs, existing technical proficiency (more like lack of it), what assurances are being promised, support for applications running inside the qubes, the seamelessness of user experience (not manually managing files), and how difficult (or not) the personalities on the clientâs side are, the dollar amount can range from modest to âthe price of one luxury carâ per user.
1 Like
You are saying that the amount charged depends on the end userâs perceived
computing ability. How do you assess that?
Insurgo selling at $2,000 ea. with about $1,000 markup, support is
included in this amount (this is bleeding edge product).
1 Like
I think the main point of these offerings is the disabled ME/coreboot.
Because otherwise one could just go with standard off the shelf hardware.
IOMMU used to be exotic 13 years ago. But it became super common to the point of even random mini pcs running Qubes. Before the weird USB stuff in Meteor/Arrow lake, it was pretty much a given everything would work. A newer kernel needed there, kernel or xen param here.
I remember once TB and DisplayPort was super problematic on Linux, but look at it now. Pretty well supported.
The sheer complexity of using Qubes canât be solved by paying for support. Either the user understands the threat model and works with it correctly or the user bypasses the security for convenience. But the attack surface can surely be reduced.
On that topic I wonder if microcode security fixes are still released for old hardware, like the 3rd Gen intel inside a x230.
4 Likes
I think thatâs an issue also, older Intel CPUs not getting microcode fixes.
Newer ones getting microcode fixes, up cannot be fully âneuteredâ, they
can only be disabled by the HAP bit method.
There needs to be some chronological timeline for the Intel CPU generation
that can have IntelME fully neutered vs. HAP bit disabled. That would
make things more clear.
On a side not, which Coreboot/Heads version are we having currently?
Which CPU vulnerability is affecting older Intel CPUs anyways? There is
a CVE?
1 Like
I think the main point of these offerings is the disabled ME/coreboot.
My impression as well.
1 Like
disabled != neutered iirc
1 Like
Intel drops support on average about 6 years after release.
1 Like
Apologies, somewhat off-topic.
AFAIU all Intel models pre 8000 series (8000 included), circa 2018, are not receiving microcode updates and are permanently vulnerable to SpectreV2 (see QSB-107).
A big part of ME-related development was done here GitHub - corna/me_cleaner: Tool for partial deblobbing of Intel ME/TXE firmware images , it looks the original tool does not work as well on recent Intel platforms.
1 Like
I wonder if Intel would consider licensing the microcode for older CPUs.
Are there any CPU microcode code repos for old Intel CPUs?
1 Like
Anybody have an older Intel CPU with microcode lying around?
1 Like
I donât know if this repo is real, or in any way relevant to the extraction
and analysis of CPU microcode:
1 Like
Patching and updating your own CPU microcode, any takers?
Using a BIOS update to extract CPU microcode binaries? Is that
even possible?
âCPU microcode is a set of low-level instructions that help control the processorâs operations and can be updated through the BIOS. The BIOS contains a store of CPU microcode files that are applied during boot to ensure the processor runs correctly and efficientlyâ
1 Like
What class of vulnerability is Spectre V2?
1 Like
CPU microcode binary located inside of BIOS/UEFI firmware directory.
Is compressed? Is encoded? Is encrypted?
1 Like
It would be handy to have a clear description of UEFI/BIOS/Coreboot directory
structures. Locating any CPU microcode binaries in this directory structure
would be simpler.
1 Like