An in-depth ME-'free' laptop thread

I will consider this. But given that the T430 & X230*, (*which I am just double-checking meets requirements), can both be upgraded to quad-core - I cannot actually think of a relevant device that is limited to dual core? The ‘system’ in the table is defined as a ‘model’. I.e: you can have dual core, but this list is intended for those who want to keep a system to 4.1 stable (whenever that may be) and beyond; (and are highly likely to pin cpu0 to dom0) - hence I am keeping it for now (unless I am missing something else??).

x230 is not quad-core in any Lenovo factory configuration, nor any Qubes-certified configuration. Which quad-core CPU does x230 support?

1 Like




1 Like

Wow, okay, I did not know this mod was available. Thanks for the link…

Don’t thank me, thank the dev.s gods from slack :slight_smile:
Edit: (link added to credits :wink:

Moved this thread into “User Support/Hardware Issues” because it is about what hardware is currently supported by Qubes.

It was clearly off-topic in “All About Qubes” where we discuss things of interest to Qubes OS users, but that are not directly related to Qubes OS.

1 Like

6th/7th-gen Core platform devices (Skylake/Kabylake), as well as Kabylake Refresh (KBL-R) 8th-gen devices use ME 11.x, but not 8th-gen Coffeelake-U/Whiskeylake-U/Cannonlake platform devices – those are ME 12.x

1 Like

Welcome, @MrChromebox. @airelemental I must confess: I ‘stole’ the link from this guy :wink:

Whilst searching Intel Ark for some 64GB ram <= gen 5 equiv. processors with laptop-level TDP, I came across some ‘spooky’ ‘communications commercial temp’ processors (and chrome died:(
For example:

Here is the ARK-dork:

I would really like to know what products use(d) these CPUs, and where I can buy one :slight_smile:

im new to qube os. Does the computer lenovo x230 have to be production model from year 2012 and earlier, rYar 2012? I more or less have to buy it used? Do I have to do ME cleaner on the motherboardchip like shown in this movie, with a Raspberry pie or similar?

DIY: Disabling Intel ME ‘Backdoor’ on your Computer

the answer is yes. Or you can pay someone to do it. Or buy it from some company that does it for you.
Be aware that these machines do not have microcode updates anymore, and intel platform seems to be melting with a neverending stream of bugs that can not be addreessed in software. Meaning, these machines are not as secure anymore.

1 Like

Ok, but I can swap the cpu for this cpu [i7-3615QE] and I have to do the ME cleaner and then install coreboot or libreboot?

What about the router, If i install pfsense on a device with Intel ME or amd PSP wouldnt this be a problem? If i want a home server too I would essentially need three thinkbad x220 laptops from 2012 and earlier with ME cleaner and coreboot. One for computer, one for router and one for server?

Would it be possible to use AMD Ryzen 5000 series CPU with integrated graphics on cube OS for better graphics in gaming or would you have to pass throug theis gpu to the virtual machine like any other gpus in the motherboard PCI?

If i install libreboot on thinkpad x200 core duo, would I be able to play games on it with an external gpu or would the cpu be bottleneck? Im thinking 1080p 120 fps, games like dota 2 or pubg (pubg is not linux, but just an example).

Would not that mean that it’s clean from start even with default firmware and bios? And then already more secure and privacy respecting then most laptops out there?
Or do people need coreboot to remove PSP? Is it a fact that its hardware is clean even? How do you know this?

You can’t use coreboot to remove PSP, it’s similar to ME, it integrated into the hardware.

You need open source firmware to be able to audit bios source code, and for that coreboot is pretty much your only option.

1 Like

But in this case (he quoted the G505S) the answer is in brackets: “predates AMD PSP” meaning no PSP.

No need to remove anything that isn’t there. :wink:

You make it sound like there couldn’t be a backdoor in the bios firmware, which probably is a lot more likely than someone placing a backdoor in the PSP.

So yes, even without PSP there could be something to remove in the firmware.

I just wanted to point out that there is neither ME nor PSP when talking about the G505s, nothing more, nothing less.

Edit: @renehoj
Maybe there’s been a misunderstanding from my side. In order to use this laptop with Qubes you have to run Coreboot. So when defending this laptop as a nice alternative to more expensive laptops I always talk about it under the assumption that it has been flashed with Coreboot.

How do you know, though? So are you telling me that there is no difference between the default bios and firmware, and coreboot then? It should be nothing there in the hardware… If you are right. :slight_smile: So how do you know it predates amd psp?

Ok, so they can still spy on people with the default firmware then? Even if there is no AMD PSP in the hardware? How would that look like? It’s not a separate cpu and they could not download stuff as with intel me even after the machine is off then right?

So could not users in theory see the traffic then? Or would that be hidden, and how would that look like? Just asking. Kinda curious. Thanks

True, but the point is i they still spy on people. and how. And how users would remove that with the default bios. Would they have to install coreboot for that to go away then? Thanks Peace


1 Like