Re: [Tails-dev] Tails Hardware

Delete this message

Reply to this message
Author: flapflap
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Tails Hardware
Hi,

intrigeri:
[snip]
> Michael English wrote (16 Mar 2016 00:22:11 GMT) :

[snip]
>
> This last sentence is only true in face of a very small class of
> adversaries, given Tails threat model. Against a much bigger class of
> adversaries, Tails is still very useful, even when run on
> insecure hardware.


I tend to agree. We should hope and stay optimisitic to be able to
maintain and protect the security of our hardware. Even though things
are far from perfect, it's not useless (but we have to be aware of the
limitations and we have to explain them to the users).
The problem is that we're too slow: the companies create much more
proprietary software/firmware and undocumented hardware than the Free
SW/HW Community can reverse, reimplement, and audit :(

[snip]
> In particular, I want us to go on being as inclusive as we reasonably
> can wrt. those who cannot (economically) afford purchasing secure
> hardware, or who cannot (technically) configure secure hardware.


I agree.
Also @Michael: For these reasons, Tails itself ships proprietary
software. This is not good and obviously a tradeoff between usability
and security. Still, it would be great if this could be replaced with
free software alternatives (not only for us, but also for upstream).

[snip]

>> There are
>> two options to get a Libreboot X200. First, one can buy a refurbished
>> Lenovo ThinkPad X200 from a electronics store like Newegg in the United
>> States. (I assume that there is a European equivalent.) Then, he or she
>> can follow the relatively easy-to-understand instructions on the
>> Libreboot website for installing the BIOS
>> https://libreboot.org/docs/hcl/x200.html and removing the ME
>> https://libreboot.org/docs/hcl/gm45_remove_me.html .
>
> I've tried to follow these instructions and they lead me to
> https://libreboot.org/docs/install/x200_external.html, that IMO is
> arguably waaaay too hard technically, and requires waaaay too much
> time, for the huge majority of our target user base.


There is also (background) information about BIOSes and firmware from
The Centre for Investigative Journalism in a quite readable language:
http://www.tcij.org/resources/handbooks/infosec/chapter-1-protecting-system
(CTRL-F "High risk:")
They recommend laptops no later than the IBM ThinkPad X60/X60s due to
Intel AMT.

[snip]

~flapflap