[handedness]

You still need to address this part: "Qubes is great but at the end of the day cannot protect against evil maid attacks to the level that pixel or apple phones can. Its great at making sure a browser exploit cannot steal your banking credentials you have open in a different virtual machine but cannot overcome the limitations of the platforms it builds off of."

That's the crux of it you blow past every single time it comes up, and then disparage others as having not stuck around long enough to educate you (as if that's their responsibility).

[fsflover]

> "Qubes is great but at the end of the day cannot protect against evil maid attacks to the level that pixel or apple phones can"

Yes, it can. Heads, TPM with a hardware key do exactly that, don't they? I'm not sure what you mean by "level". You would need to use a nail polish, too, to be sure your laptop wasn't tampered with.

> but cannot overcome the limitations of the platforms it builds off of

Yes, it can, if you use it correctly. Tell me your threat model, and I will explain how Qubes can protect you.

[handedness]

Comprehensive verified boot with hardware attestation, a secure element, no dependency on USB for AEM. It's an entirely different ballgame.

Qubes AEM hasn't had an update in years, either.

[fsflover]

Perhaps you are right, and the hardware attestation is more reliable on a Pixel. However, doesn't it rely on proprietary hardware, unlike Heads? coreboot with Heads is not the same as Qubes AEM. Heads is updated regularly: https://github.com/linuxboot/heads/

[upboundspiral]

Heads + TPM is solid but I suspect it is not at the level of Google/Apple secure enclave. And a strong secure enclave provides benefits outside of first boot to secure certain processor state and continuosly ensure integrity.

For desktop TPM at least to me they seem a bit of a black box with many past vulnerabilities https://en.wikipedia.org/w/index.php?title=Trusted_Platform_....

I think at cold boot as long as one doesn't store the encryption key in the TPM (external hardware key?) then one should be secure. I am not so sure about post boot however, once the system is already running.

This actually prompted me to research a bit on the scale of the security impact of SMM

https://en.wikipedia.org/wiki/System_Management_Mode

https://doc.coreboot.org/security/smm.html

It seems that coreboot is aware and supposedly for some computers can be implemented to catch calls to SMM (ideally this would prevent the attacker from triggering SMM - if they do it's game over).

I do suspect though that if the system bus is not protected from malicious calls then someone can trigger SMM and have carte blanche to one's computer.

https://www.infoworld.com/article/2167684/hackers-find-a-new...

https://hothardware.com/news/researchers-discover-rootkit-ex...

I don't know what processes Apple / Android use but I suspect ARM chips don't have SMM and that they tie certain functions to their secure enclave. In X86 its backwards, with SMM having control over the TPM (at least in some implementations).

Though some SMM vulnerabilities are patched by now given its history I take X86 security with a grain of salt. I think the potential for a secure platform is there, but I suspect one would want to make their own boards engineered with security in mind to be certain (I hope this happens in the future - it seems to be happening in the server space already).

[fsflover]

> external hardware key?

Yes: https://en.wikipedia.org/wiki/Librem#Librem_Key

[handedness]

Versus storing the encryption key on a device requiring USB with its many vulnerabilities (even on Qubes OS), storing the key in a dedicated eSE is beneficial.

Beyond that, there have been known vulnerabilities of NitroKey's Librem Key, to say nothing of the Nitro Key App.

Nothing's perfect but I would vastly prefer something like the Titan M2's implementation over a USB key with all of the complexity and attack surface that introduces.