It will run on any x86_64 hardware, including AMD like any other linux distro.
However AMD also have ME-like shit named PSP and it is less reverse engineered for now than Intel ME.
Hardware in list could run coreboot with ME disabled. If you are onto privacy, then you definitely will want to install coreboot on your computer, effectively disabling ME stuff. AMD have much less support in coreboot than Intel - https://coreboot.org/status/board-status.html so it is logical that you will have only Intel hardware in the list.
Howvever, Tails/Qubes/whatever are not something special, you could get exactly same level of privacy with any other distro. Moreover, using some special distro could play bad game attracting unneeded attention unlike some usual Debian/Ubuntu with same high-privacy configuration.
Key for privacy is not specific distro, it is your brain, really. And using some super-private Linux distro without flashing coreboot instead of factory BIOS/UEFI have no any sense.
This is their recommended hardware list, very suspicious.
It is not suspicious. I see just a list of easy available hardware where coreboot could be installed.
AMD have more secrets in hardware initialization than Intel, so AMD is much less researched and rare AMD hardware have coreboot ported to it.
Qubes is very unique in that the entire os is a virtual machine, and every application is run in its own virtual machine container with very strict conduits between them
You could easily do it with any other distro. Just start your application within qemu, or, if you are satisfied with privilege separation of namespaces, use firejail. You could also use lxc containers on your own. And do it only for programs you do not trust.
Containerisation of virtualisation have overhead, sometimes significant over running program natively. You don't need to run calculator of CAD in container/VM.
Network access is just an additional option for qemu/firejail. You also could allow only specific hosts for selected program using regular linux tools.
And most imoirtant thing - if you are not aware of how to do all that things in linux and how they work, no special distro where all that things tuned for you by some third-party will help you at all.
Again - privacy is in your head, in your understanding how your computer work, not in some magic distro.
From: Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date: 2007-10-24 1:14:13
> Virtualization seems to have a lot of security benefits.
You've been smoking something really mind altering, and I think you
should share it.
x86 virtualization is about basically placing another nearly full
kernel, full of new bugs, on top of a nasty x86 architecture which
barely has correct page protection. Then running your operating
system on the other side of this brand new pile of shit.
You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can't write operating
systems or applications without security holes, can then turn around
and suddenly write virtualization layers without security holes.
You've seen something on the shelf, and it has all sorts of pretty
colours, and you've bought it.
It will run on any x86_64 hardware, including AMD like any other linux distro.
However AMD also have ME-like shit named PSP and it is less reverse engineered for now than Intel ME.
Hardware in list could run coreboot with ME disabled. If you are onto privacy, then you definitely will want to install coreboot on your computer, effectively disabling ME stuff. AMD have much less support in coreboot than Intel - https://coreboot.org/status/board-status.html so it is logical that you will have only Intel hardware in the list.
Howvever, Tails/Qubes/whatever are not something special, you could get exactly same level of privacy with any other distro. Moreover, using some special distro could play bad game attracting unneeded attention unlike some usual Debian/Ubuntu with same high-privacy configuration.
Key for privacy is not specific distro, it is your brain, really. And using some super-private Linux distro without flashing coreboot instead of factory BIOS/UEFI have no any sense.
It is not suspicious. I see just a list of easy available hardware where coreboot could be installed.
AMD have more secrets in hardware initialization than Intel, so AMD is much less researched and rare AMD hardware have coreboot ported to it.
You could easily do it with any other distro. Just start your application within qemu, or, if you are satisfied with privilege separation of namespaces, use firejail. You could also use lxc containers on your own. And do it only for programs you do not trust.
Containerisation of virtualisation have overhead, sometimes significant over running program natively. You don't need to run calculator of CAD in container/VM.
Network access is just an additional option for qemu/firejail. You also could allow only specific hosts for selected program using regular linux tools.
And most imoirtant thing - if you are not aware of how to do all that things in linux and how they work, no special distro where all that things tuned for you by some third-party will help you at all.
Again - privacy is in your head, in your understanding how your computer work, not in some magic distro.
https://marc.info/?l=openbsd-misc&m=119318909016582
From: Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date: 2007-10-24 1:14:13
> Virtualization seems to have a lot of security benefits.
You've been smoking something really mind altering, and I think you should share it.
x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of shit.
You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.
You've seen something on the shelf, and it has all sorts of pretty colours, and you've bought it.
That's all x86 virtualization is.