For example, Signal is a great app to use for private communication but if you use Signal on Windows OS then how private is the communication really? Typical Windows users aren’t good at security and Windows users also have a high amount of malware which can spy on the conversations. It was just an example for privacy starts with the hardware.
I have read a lot of people in privacy communities recommend buying older thinkpads and basically anything that Heads supports. The problem is not that they are old, the problem is they are second hand. You don’t know what the previous owner have been doing on the laptop and who might have had access to it. Remember, Windows users are typically not good at security and malware spreads commonly in Windows.
If a malware flashes a ROM then you buy their laptop and erase the hdd or ssd or buy a new hdd/ssd, then you flash coreboot to the computer. After all this the malware can still remain in the firmware and you would never know unless the malware makes itself obviously known by a ransom attack or stealing all your crypto or something.
There is nothing you can do to prevent this risk other than avoiding used computers.
Then there’s the entirely other debate if it’s even worth it for security & privacy to buy an old brick that is supported by Heads. And I’m not experienced enough on that topic yet although I’m learning about it and getting closer to being able to come to my own conclusion with the help of all the experts who have written about it.
These old bricks don’t get microcode updates for the CPU which means you will be vulnerable to many Spectre and Meltdown attacks. QubesOS can mitigate it to some degree such as by disabling hyperthreading, but QubesOS can’t mitigate it completely, only microcode updates can and these old bricks don’t receive them.
But the main point I wanted to make in this topic is about risk with used second hand laptops. Because of that I think it probably is best to buy a new unused laptop. Off the shelf for cash is best but maybe not depending on which country you live in. fed upgrade factories are a thing and some countries have it happening more than others. In that case maybe it’s better to order a laptop from one of those laptop vendors who ship it with tamper proof container, although it will be very expensive with taxes/customs but worth it.
On https://osresearch.net it says Linux kernel has some mitigations but it doesn’t protect entirely.
do you mean this part?
(https://osresearch.net/Heads-threat-model/)
linux can do microcode updates. I think what they wanted to mean is that the general mitigations (the retpolines and the page table isolation they mention near it) are what is not enough
Ahh, very interesting! I think QubesOS only does mitigations, not microupdates. So that’s a point for linux in linux vs qubesos. I need to spend more time learning about these cpu vulnerabilities. One of the things I like about QubesOS is they do many security stuff that many of users don’t know about or understand. For example QubesOS doesn’t use the GPU in the Qubes because an attacker could get control of the GPU and see everything that the GPU renders which means seeing the host (dom0) and all the Qubes.
I guess you can do that on Linux as well by disabling kvm passthrough of the GPU to the VMs.
And maybe disabling hyperthreading like QubesOS does isn’t necessary on Linux if the cpu microupdates from Linux kernel already solves that cpu vulnerability. Many things for me to look into regarding these cpu vulnerabilities.
QubesOS does make compartmentalizing much easier and smoother experience though.
I think it is disabled by default, and you would need to enable it for a specific VM. as I know, the GPU can rarely be shared to multiple VMs
it may be possible to do it on Qubes too. I think the microcode updates are not OS-specific, but I’m not certain about this