-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Nov 14, 2019 at 10:37:33AM -0800, Lorenzo Lamas wrote: > Btw, do you think it is possible for Qubes to distribute the Intel > fTPM(http://tpm.fail/) update somehow like Qubes does with microcodes?
I don't think it's directly possible, this part of the system firmware is specific to particular device configuration (bundled together with the rest of BIOS/UEFI), not only CPU. A quote from Intel advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html | Intel recommends that users of Intel® CSME, Intel® SPS, Intel® TXE, | Intel® AMT and Intel® DAL update to the latest version provided by the | system manufacturer that addresses these issues. There could be a way to ease updating system firmware by integrating fwupd, but it isn't done yet: https://github.com/QubesOS/qubes-issues/issues/4855 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl3PEHUACgkQ24/THMrX 1yy5rAf+OUCwS/oIGN04ps6Skv19pwCL8gkKizEoncXduI5nXUI1hBcqtmfBPbUj orJqWt65YKQPeCnWubbJHHA5cIe0KtG/yPTtMcG98caU8Qi1y/vi2Nv7lt6+y1GL BbGe/O2ZHYuZAMGLg9bbk3ZXmQ8hrAyHCB+3vvVxIlrPHkOShjpHztsgguug00MI sPNdg9IHurPNwbwbMgwHGIUDOgFr7MilGT1y3afzBEIrHZCT5SaPHernUYGd7oD9 PmhGsb5grJo5eYDO+wiizrW/by2BUXH+4Qeimtxk+N7xqqk7/btQXl77dOGQ5k/t 1uNcXNluSAXVspKvKJTIXhGlpJmAMQ== =cXye -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191115205412.GB4164%40mail-itl.
