preface: new linux user, new qubes user, my views are from someone who has barely broke the surface of this OS.
When reading around about certified laptops etc. to use with Qubes it seems that many newer models work perfectly well but are missing support for “coreboot” and therefore don’t make the list. I went for one that doesnt support it anyways (T480S) as my threat model is basically just a normal everyday person who wants to do more for my own personal privacy and learn cool stuff along the way and the newer quality of life hardware appeal to my personal needs more than fortnox security.
Even after reading more on coreboot I’m not positive i grasp what it does. From a basic view it just makes sure no changes in the boot process have taken place? Would this only be possible if someone had physical access to the device or is this a concern for net attacks as well? This isnt a device I plan to travel with, so someone at an airport for example popping in a USB isn’t something I think I’ll ever encounter nor do I have anyone who would want to (I hope lol). If someone could explain coreboot in laymen terms to me that would be great. What exactly am I giving up by not having it?
PS - I did search, just most of the stuff I was reading was a bit over my head discussion between users who already understand the topic.
So the main question - TPM 2.0, what current/future projects are currently in the works to support this? I read up on Trenchboot is that already good to go or still in process? If there’s no current solution is there any feasible timeline on implementation?
Ill start there thanks. I’ve just seen a couple times when going through this forum people say certain things like “I wont buy a machine without coreboot” etc. when recommending models to buy etc. and I guess I don’t fully grasp why unless having your device physically taken, modified, and handed back to you is a real threat to them as what I’ve seen these attacks require physical access to the device? I fully understand that likely is some peoples threat model I’m just not sure many people fall in that category so I was curious if i’m giving anything else up beyond physical BIOS manipulation protection. I’ll dive into the coreboot forum and poke around there.
Technically, if you can reflash your BIOS from the OS, anyone else with root access (in dom0) can do it, too (highly unlikely though). It’s fine to have a threat model not accounting for this.
Doesn’t vboot protect you from that scenario, by keeping the public part of the signing keys in a write-protected region of the rom?
As I understand vboot, you can reflash the firmware from the OS, but without the correct signing keys coreboot will give you are warning next reboot that the firmware doesn’t match the vboot keys, and you can only reflash the keys with physical access to the eprom.