3rd gen vs 10th gen - Intel ME

CaesarVialpando · December 31, 2021, 4:24pm

Dear community,

I would like to ask you one thing that is not clear to me and I have not found an answer on the forum.

How is it possible that if we want to remove Intel ME, we have to use a maximum 3rd generation processor (Nitropad T430 for example) but purism offers a 10th generation Intel processor without ME. Is this (librem 14) a full ME removal?

Next I would like to ask what exactly is the reason why the Librem 14 laptop is not certified for Qubes. Is it because the certification process didn’t happen, or does the Librem 14 not meet something that is a requirement for certification? (For example, the difference in Intel ME versus Nitropad?)

Thank you!

unman · December 31, 2021, 4:46pm

Dear community,

I would like to ask you one thing that is not clear to me and I have not found an answer on the forum.

That is a good question.
The first part is wrong - we do not need to use a 3rd gen processor.
Most people use the me_cleaner script, which is tested and working up to 7th gen
processors.

Purism does offer a 10gen processor without ME, but how they do this
is unclear. Last time I checked their code simply included me_cleaner.
If they have adapted it, they haven’t (yet) given back - if they are
using something else, it wasn’t clear to me what it was.

The reason is that the certification process has not happened
There is some friction between Qubes and Purism, which has been covered
here in the Forum and in the mailing list.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

CaesarVialpando · December 31, 2021, 4:52pm

Thank you, so why is nitropad using the T430 and not the newer 7th gen version? Is there a technical reason?

unman · January 1, 2022, 2:30am

I would imagine it is because Nitro uses Heads, and that limits the range

These machines, the x230s and t430s, are cheap and there is great
community support.
Nitro do offer the NitroPC with a 10th gen Intel CPU.

fsflover · January 1, 2022, 11:15am

This is not entirely accurate. If you want to completely get rid of Intel ME, you can only do it on a laptop listed here: Laptops | RYF (beware that those machines are likely vulnerable to Spectre and Meltdown). Any other, more modern devices will have at least some parts of Intel ME. The Nitropad T430 does not have removed ME, it has “Deactivated Intel Management Engine”, which is not the same. This might be a bit misleading description on their side if people get confused here. I am not sure exactly what “deactivated” means, couldn’t find on their website.

Purism also do not offer full ME removal, it’s impossible for their CPU. They only offer “disabled Intel Management”. Their older laptops had in addition “neutralized” Interl ME. Details and the difference are here: Deep dive into Intel Management Engine disablement – Purism.

CaesarVialpando · January 1, 2022, 5:15pm

Thank you for the reply @unman , but the link you sent says it is also compatible with Librem 14. So what is the difference? Is it possible to say that Librem 15 or Nitropad is “safer” to use with Qubes?

If Purism can effectively disabled Intel ME and their deactivation procedure is trustworthy, does it even make sense to use older CPUs (approx 30% performance increase of 3rd gen i7 vs 10th gen i7 + lighter laptop, faster ssd, more ram, etc.)

Sorry for the possibly stupid questions but this matter is still not clear to me, I would like to buy a Qubes compatible laptop and I am deciding between a Librem 14 and a Nitropad T430. The requirement is deactivated (trustworthy) Intel ME, coreboot/heads. Then if both devices are identical the preference is which is lighter (frequent travel) and has faster RAM and SSD and more RAM.

Thank you very much

Sven · January 2, 2022, 12:24am

Another difference is of course price. A Librem will cost you anything in between $1,570 (8GB and 250GB SSD – useless for Qubes OS) and $3,366 if you want more 64GB RAM, 2TB SSD and actual heads/anti-interdiction services.

To make a fair comparison let’s configure 16GB RAM, 1TB SATA SSD, heads/Librem Key without anti-interdiction … Purism = $2046.00 / NitroPad = 1,314 € (~ $1,500). If you build that “NitroPad” yourself you can have the same machine for < $1,000 with even better specs incl. full HD screen (I have done it, building a second one in the next days). You could probably do the the exact NitroPad spec for < $700.

Those price differences might not be a big deal to you, but there are plenty of folks for whom that is the difference between possible and impossible. Finally, I can’t speak to how well Purism laptops are supported, but the T430 is pure pleasure. Everything is supported and works (makes sense since the tech is 10+ years old).