-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, Nov 14, 2019 at 10:37:33AM -0800, Lorenzo Lamas wrote:
> Btw, do you think it is possible for Qubes to distribute the Intel 
> fTPM(http://tpm.fail/) update somehow like Qubes does with microcodes?

I don't think it's directly possible, this part of the system firmware
is specific to particular device configuration (bundled together with
the rest of BIOS/UEFI), not only CPU.

A quote from Intel advisory:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
| Intel recommends that users of Intel® CSME, Intel® SPS, Intel® TXE,
| Intel® AMT and Intel® DAL update to the latest version provided by the
| system manufacturer that addresses these issues.

There could be a way to ease updating system firmware by integrating
fwupd, but it isn't done yet:
https://github.com/QubesOS/qubes-issues/issues/4855

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl3PEHUACgkQ24/THMrX
1yy5rAf+OUCwS/oIGN04ps6Skv19pwCL8gkKizEoncXduI5nXUI1hBcqtmfBPbUj
orJqWt65YKQPeCnWubbJHHA5cIe0KtG/yPTtMcG98caU8Qi1y/vi2Nv7lt6+y1GL
BbGe/O2ZHYuZAMGLg9bbk3ZXmQ8hrAyHCB+3vvVxIlrPHkOShjpHztsgguug00MI
sPNdg9IHurPNwbwbMgwHGIUDOgFr7MilGT1y3afzBEIrHZCT5SaPHernUYGd7oD9
PmhGsb5grJo5eYDO+wiizrW/by2BUXH+4Qeimtxk+N7xqqk7/btQXl77dOGQ5k/t
1uNcXNluSAXVspKvKJTIXhGlpJmAMQ==
=cXye
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191115205412.GB4164%40mail-itl.

Reply via email to