Recommended replacement for Heads Qubes Laptop component

hi @enmus @Insurgo this is to continue discussion in Wifi Card Replacement ,
since hardware component replacement does not really relate with the thread title.

i see, those are new terms for me, FOSS device & RYF certification.

I refer to product with RYF certification ,
but couldn’t find Atheros wifi card in the product list,
do i refer to the correct website ?
or maybe there is other reference saying RYF certified Atheros ?

how about hard disk ? which one is more secure, hard disk or SSD ?
any recommendation about more secure RAM & blue-tooth module ?

some laptop has on-board graphic card, so cannot replace,

any reason why RJ45 port / eth2usb adapter is more secure than wifi card ?
assuming that maybe sys-net / dom0 / firmware has been compromised,
maybe, at least it can prevent secret ad-hoc network between firmware,
but not sure about covert channel attack & side channel attack.

1 Like

hi @fsflover i see your profile mentioning fsf.org
maybe, it’s a bit off-topic, but are you the administrator for the website ?

Wi-Fri ND2H | RYF is one of those. RYF certification requires non-writeable firware parts if present (oversimplification here) where certified products are mostly rebranding of originals, and where drivers contain no blobs.

Unfortunately, you will have do follow the rabbit to check which chipsets were RYF cerrified. And RYF is just an approval of the FSF for some products which companies seeked to certify their products, sometimes with different firmware but normally relying on supported linux open source drivers.

No recommendation there. Its a performance tradeoff, mainly. It is a fact that SSD firmware is doing more “stuff” then HDD counterpart, mainly for wear leveling but also to read ahead and optimize cache performances there. Both are blackboxes, where some companies are now pushing their firmware updarea through LVFS and where fwup permits to download and apply them. fwupd support under Qubes OS ia another subject. But outside of the OpenSSD research project, there is nothing open source in that realm.

No strong opinion here. Wifi offers “more privacy” generally, in the sense that its harder to see where “you are connected vs rj45, logically. On the security side of things, wifi offers less security for the same opposite reasons, plus additional possible vulnerabilities in the wifi protocols. When it comes to firmware, this is the same dilemna as usual. A non-updatable firmware will prevent tampering but also updates for obvious reasons. The XSA-404 Xen vuln exposed an important design flaw for HVMs on PCI devices. To know which ones are bad is unknown still to me today, but having those in disposable qubes and reinitializing their states on-demand mitigates some of the risks there. Same for usb dongles for wifi/ethernet, where you makensure disconnection of device forces an electrical reset if internal states, while adding complexity of usage: you would need to dispatch a usb controller to an additional HVM, or in simpler terms, remove a usb controller from sys-usb and give it to sys-net/add another sys-net HVM qube with that single usb controller and put " provides network” in settings.

1 Like

There is no real world difference imo. SSD as HDD forensics are a “normal” thing.

Wifi is inherently more insecure. For example i can send your adapter any packet i want if i am close to you, but for ethernet i need to physically connect to your infrastructure. Also it leaks less data like data volume/air time utilization.

sys-net: marginally interesting, nothing bad can happen, that could happen at mots other locations on the route of your packets.

dom0: you are fucked. reinstall OS.

firmware: you are fucked. reflash firmware or go full tinfoil hat and buy new hardware.

Isn’t it possible to analyze the wear SSD cells and use it to do things like discover encrypted data hidden in encrypted data?

hu? I mostly agree with what you wrote, but i have to disagree on that one.
The size of “vulnerable territory” from which your adversary can gather information is, with wifi,

  • much bigger (wifi range)
  • Much harder to define (add more gain to the antenna and get more range) and
  • practically indefensible. (Needs physical access)

i am not a data forensics guy.

Some thoughts:

  • Yes, it should be technically possible to extract how often a cell was written to, maybe read from even. However this gives no clear indication of a hidden volume, but more of general wear. I think you can only obtain this information from the controller, not from the cells itself (non-destructively and with high confidence). Also the data should be well distributed due to wear leveling. I don’t think this is a reasonable attack vector.
  • HDDs are “easier” to reformat. From my felt confidence i trust my (not SMR) to write to the same block if i write to it, not like an SSD with wear leveling, so i have to trust TRIM to really delete stuff
  • for SMR HDDs the SSD caching might be of concern for forensical evidence of hidden data.
  • Talking about EMSEC, i have no strong or based opinion about HDD vs SSD, but i can test if this is a real concern for you.

I quoted “more privacy” to try to dodge that semantic debate. I hope we agree that privacy!=security while having some dependencies between privacy and security. I also hope that we agree somewhat that to attain some level of anonymity, privacy guarantees need to exist, which depends on some “security” principles.

Now, under QubesOS 4.1, wifi randomization is activated by default, where Ethernet anonymity is left to the user to configure it properly.

Privacy is a concept where personal information should be under user control. Anonymity requires privacy.

Agreed that if no privacy mechanisms are enforced (no wifi encryption (wpa2+) then wifi is like having invisible cables in all direction to the limit of listening range. But if the goal is anonymity/privacy, that range is actually a feature. Combined with Tor/VPN (other subject) then one can somehow take granted some level of anonymity over wifi out of the box today as opposed to Ethernet, since Ethernet is considered safer (more secure) to use where physically connected space is considered already private (home, office) and where what happens through that physical link (wifi also considered a physical link) is somewhat consistent over time.

Also, someone kinda needs to trust the soldered physical ethernet card, firmware and drivers (Intel gigabiy cards here considered default) where otherwise usb based linked to previous comment with added complexity. No strong opinion here, where Ethernet cannot implement automatic profiles. Its either randomize/stable/persistent MAC address profile which will be used when a wire is connected, as opposed to randomized beacon capturing MAC and different randomized/stable MAC used for connection.

All of this dependa on what goes over “physical layer”.
I agree that wifi adds attack surface since that physical layer security can be questioned. Also agree that attacks on wifi is a big thing, less frequent on ethernet. But if monitoring is a concern, both are equivalent, which requires additional protections on top of the physical link, which was the subject here.

It is totally feasible to track a user based on signal strength, localize such user. Just as easy, or maybe a little harder, then from ethernet. But in the goal of roaming anonymity and privacy, with netvm lon-leaking additional guarantees offered by Qubes I tend to recommend changing wifi card to ease anonymity and augmented security on the go, where being on ethernet would require the same added precautions. We do not trust the infrastructure, don’t we?

1 Like

Fully agree.

Regarding the anonymity/privacy of ethernet, from my perspective what you leak (at the very least) is, when do you transmit and receive data.

This can be used against one in confirmation attacks (a case comes to my mind of an anonymous hacker. He was confirmed and subsequently busted by correlating traffic over his wifi to his IRC sessions). This is the kind of privacy leak i meant to focus on. Surely would be possible with a pentap on him too, but this would have required more legal stuff to do for the feds involved.

Regarding your “qubes-out-of-the-box” argument i agree. Maybe this should be fixed… Regarding privacy i find if worse if an adversary can observer how much i do when online, in contrast to knowing my MAC address (technically anonymity not, privacy, but semantics are really not that nuanced there)

I think in the end ethernet vs wifi is a very broad topic and basically we agree on most, but value different protective goals differently.

i see, okay, thanks for the info.
i wonder why Purism and Insurgo are not mentioned in the RYF certification list.

maybe, if what we aim is anonymity,
while we are connected to the internet,
then using WiFi card will provide more anonymity,
because Qubes provides WiFi randomization by default,
then plus using Whonix & Tor.

but if we consider covert channel attack,
then maybe both Ethernet & WiFi cannot protect.

then, if we consider side channel attack,
maybe this attack happen in another realm,
doesn’t really relate with Ethernet or WiFi.

then, man in the middle attack,
with assumption, these all men standing in the supply chain,
are able to supply compromised package,
installed into the firmware or OS or software,
in this case, maybe either Ethernet or WiFi card also doesn’t matter.

then, if there is intentional firmware backdoor,
that can establish secret ad-hoc network,
with other devices around,
then maybe using Ethernet will be more secure,
with assumption, the secret ad-hoc network,
is established by using WiFi card.

but if there is secret hidden component,
that can be used by intentional firmware backdoor,
to establish independent internet connection,
maybe by using uncommon EMF signal,
then, either Ethernet or WiFi card, both will make no difference.

then, maybe the last is, zero click exploit spyware, i.e. Pegasus,
if not mistaken, this spyware are sent, via internet connection,
that has been established before, either by Ethernet or WiFi,
means, it cannot establish connection by itself,
but using the established existing connection,
so in this case, maybe both Ethernet & WiFi, doesn’t really relate.

means, maybe in conclusion,

using RYF certified WiFi card + Qubes + Whonix + Tor,
will give us more anonymity.

removing the WiFi card, and using Ethernet,
maybe can remove 2 attack vector possibilities,

  • 1st, the possibility of having firmware backdoor in the WiFi card,
    but, by using RYF certified WiFi card can solve this issue
  • 2nd, the possibility of WiFi card, is being used by firmware backdoor,
    to establish secret ad-hoc network
1 Like

4 posts were split to a new topic: Coreboot binary blobs and RYF cerification