i know that this question is probably stupid but when I bought all my hardware which is 1-2 years ago I only thought about performance and not about open source firmware. It is all very High End and I won‘t buy a new PC for switching to Qubes but theoretically: Would Qubes Certified Hardware offer an significant security benefit for normal people who don’t want all these three letter agencies to observe them passively? Is there a possibility how my custom PC becomes as secure and anonymous as the Qubes hardware? Where are the risks of normal hardware in sense of privacy? I heard about coreboot but I don’t know the risks of messing around with the BIOS (currently the ASUS/ROG one). Do you run Qubes on your normal main PC or on a special everything is open source one?Thank you very much for your help!
There is not a simple answer to that, but:
- if your hardware or firmware is compromised, qubes will not help you, probably.
- PC OEM are very lasy with firmware updates, mainly because users tend to not care
- ideally, firmware would be open source
- but mantained closed source can be better then unmantained opensource
- if it is closed source you trust the entity behind it. Even if it is open source, in a way you are putting trust in the developpers / comunity, unless you audit or pay someone to audit the code.
- coreboot is a great project, but currently you have to choose between having coreboot or have microcode updates (wich are closed source, I think)
- heads is even better, but hardware choice is smaller, and it suffers the same issues i pointed in coreboot (it uses corebot and linux)
Choices are realy hard currently.
It doesn’t protect you against Internet surveillance, it protects you against someone tampering with your firmware.
This is not entirely true. If it’s FLOSS, then the community can verify the code. Therefore, even if you do not do anything yourself, you rely on the community, which is much better than relying only on developers working with a secret code.