- #Qubes os for macbook air Patch#
- #Qubes os for macbook air portable#
- #Qubes os for macbook air android#
- #Qubes os for macbook air software#
- #Qubes os for macbook air code#
#Qubes os for macbook air software#
When you get a device or software set the less hands that touched it the better (at least organizationally). There's also the rules of corporate trust. LineageOS, PinePhone and everything else fails for the reasons listed above. Using a Pixel 2 with no sim and GrapheneOS until the end of support in October is probably the way to go. Unlike regular custom ROMs GrapheneOS and the Pixel line maintain verified boot which is likely the most important security feature.
#Qubes os for macbook air code#
Right now for instance from a raw security and freedom balanced system the Pixel 2 with GrapheneOS has all closed OS code running in a HAL sandbox and the system is extremely hardened and backed up by top notch hardware features. Your hardware and software needs to work together and you should have a clearly defined goal. At this point I'd recommend reading my previous post today and desktop security models and more on the vulnerability sharing programs and my sources. The better hardened the system the better the chances of delaying before the government could exploit it. Closed source is generally a little safer and less likely to propogate everywhere. Closed source isn't necessarily the answer here due to the issue of them often making contracts with military which could result in them turning over the code and possibly and likely vulnerability data in advance.
#Qubes os for macbook air Patch#
This is due to the need to be able to patch their forks of the projects ahead of time.
#Qubes os for macbook air android#
Android and Linux generally it's 30 days and the share it with the US and Chinese governments. Most services and products share vulnerabilities ahead of time with company's and governments. Worse yet they can be backed by a company that really doesn't know what they are doing (Qualcomm and Apple have both been market leaders in deep auditing of their own security chips and quick patching) you won't get that level of commitment from anyone else. Open source firmware can't keep up with the countless CVEs found and likely have their own unknown ones. It can't be randomly flashed, but you know it's respecting your privacy and security. You can fully verify they build it themselves and from what code they did. The ideal solution is like the approach Google took for the Pixel 2 where the code is open source and reproducible.
![qubes os for macbook air qubes os for macbook air](https://www.ghacks.net/wp-content/uploads/2017/05/QubesOS-Default.png)
Signed firmware is important to protect from exploits backdooring or even getting backdoored in transit.
![qubes os for macbook air qubes os for macbook air](https://i.ytimg.com/vi/hWDvS_Mp6gc/maxresdefault.jpg)
While you can get pretty solid open systems they fall dramatically behind in security.
![qubes os for macbook air qubes os for macbook air](https://datapioneer-network.org/wp-content/uploads/2020/12/appearanceStyle.png)
What do you hope will be the next nice thing in terms of trusted hardware in the near future? Any good feelings about the OpenTitan project? Let's not even consider the Librem 5 because that one I consider a sad failure. All of them are way too big for my hands. As far as I understand, regarding the hardware the current "good" options are: Pinephone, Shiftphone, Fairphone. Smartphone-wise the situation is much more complex (I still have to figure out whether to use Lineage OS or Graphene OS). But still, has blob firmware for the DDR4 controller, and also the HDMI port requires blob (this is less critical, but still). The Insurgo X230 looks like a good compromise, but it's still not completely ME-free (ME is minimized with ME_cleaner but still has some blobs that cannot be removed).Īt this point, rather than the Insurgo I would say the MNT Reform looks like a much better deal (when it is delivered, for now preorder only). But it's old, difficult to service, and does not come with important security features (IOMMU, trusted boot, limited Qubes support etc).Īll the Librem laptops are not an option because of the many binary blobs. Bonus mention if it is not produced in China/Russia, ideally in Europe but I understand now I'm dreaming too much.Īs far as I know the option that probably matches more closely what I need is a RMS-level solution: Thinpad X200/T400 with Libreboot. Better if the hardware design is also open, so that I could potentially inspect the silicon for hardware backdoors if I had a forensic lab with electron microscope etc. I need something able to run some flavor of Linux without any proprietary software/firmware. I'm talking about Snowden-level paranoia here.
#Qubes os for macbook air portable#
Mainly to use as a super-secure air-gapped portable machine.
![qubes os for macbook air qubes os for macbook air](https://www.qubes-os.org/attachment/doc/r4.0-open-in-dispvm-2.png)
Let's say I want to buy/build a personal device (laptop mainly, but smartphone also taken in consideration) that is as much secure and free-as-in-freedom as possible. Hi, I know this question probably has been asked over and over but given some recent developments maybe the answers I knew are not up to date.