Maybe, someone should suggest, While the cost of getting any hardware you might choose is not a problem for you.
If you have never used Qubes, you might decide that you do not like it very much.
It is more like a geeky background person’s version of a an Operating system tool kit. Not a polished OS with easy to install Apps.
Any third party program that you add, increases your security risk. Increases your 'Attack Surface." At least for that Qube.
In hardware that you acquire, there is a frustration with how long it takes for a Qube to spin up. Trying to maintain a high security computer can be frustrating.
I am devoted to using Qubes. but I frequently wish I had a recent experience of four years of University classes with three courses each semester on Linux, Networking.
I want to use Qubes, and I have spent far too many hours tinkering with it. Learning how Qubes wants me to obey its needs, requirements, quirks.
Then the internet itself, is not a friendly resort. More like discovering one has been kidnapped and dumped off in the bad part of town, where most you meet want to make me their victim.
It depends on your threat model. I personally use the Librem 14 v1, and the experience is still sublime; the link below is my HCL report a few weeks ago after installing Qubes R.4.2.0.
That was the first thing I did, searched their forums for both qubes and coreboot. They have no intention of supporting coreboot “maybe some day” and a few people mention getting qubes installed and running, but no official support.
The parts changeability looks interesting at first, but after thinking about it, how flimsy will those parts get after daily usage? Wouldn’t want the keyboard falling out every time I lift the lid, stuff like that.
I own a librem 14 and i strongly advise you to not get one, pureboot is amazing but the hardware is bad. Ive sent mine in for 2 repairs. My USBc charging capability is gone, my barrel charger arcs every time i plug it in unless I unlplug the charger and power down my laptop first. Librem says that is normal and not to worry, even though they replaced the main board last time when it died after sparking when plugging in. Purboot is so cool, but the hardware is just not there. That being said, it runs qubes no problem, its cpu does the job, and i run 64gb ram so that isnt an issue. Its just the hardware quality that breaks it. Framework 16 is on order for me, I just hope my librem 14 survives until it gets here lol
I’m writing this from a Librem 14, and I never experienced the hardware problems you’re describing. Can only recommend this amazing, fast machine. Did you try to update the EC firmware?
They did make more than one lol. Everything is up to date, except pureboot. I had to roll back after the most recent update blacked my laptop screen until after boot.
Because it’s running XEN and not really Linux, which has a poorer hardware support. Then Xen boots and starts Linux in dom0 (the “admin” VM) and delegates it a lot of devices.
I haven’t had any hardware issues since updating the firmware. Before that, the battery was the only issue I had. I mentioned in another thread that some USB devices had problems, but I’ve confirmed that those were problems with the peripherals and not problems with the laptop. I bought the laptop pretty soon after it was announced - I forget if it was technically a pre-order, if not I got it within a month of release - so unless later iterations shipped worse hardware I don’t think it’s a general issue. It’s unfortunate, but no manufacturing process is perfect and some percentage of items will turn out defective no matter how high the quality standards are.
While it does have worse hardware support than most distros from reading through past post lately it seems it’s been getting a lot better. If you’re willing to be a couple gen behind on device you can still get really good devices especially in the Thinkpad range. For the most part people can get Qubes working on many devices if you’re able and have the knowledge to tinker. I personally picked the T480S, I visited the HCL List and found a device that was green across the board and was still relatively modern and I havent had any issues. It appears one the main limiting factors of new devices being “Qubes Certified” is they all have TPM 2.0 which currently doest support coreboot. If you travel with your device a lot or if a physical attack on your device is in your threat model you may be stuck to either 1. older certified laptops 2. privacy specific brands who have support for boot protection tools.
TrenchBoot is a framework that allows individuals and projects to build security engines to perform launch integrity actions for their systems. The framework builds upon Boot Integrity Technologies (BITs) that establish one or more Roots of Trust (RoT) from which a degree of confidence that integrity actions were not subverted is derived.
From what i was reading on Trenchboot is that it’s not ready for the limelight and isn’t a complete project? I had asked for confirmation on here if Trenchboot is a viable solution for Qubes now but I didn’t get a response on that one unfortunately. I’ll have to do some more searching and see if this is a viable solution now.
I’ve read this one also, but I’m kind of hesitant to rely on it. Seems like it’s better than nothing but not on the same level as coreboot etc.
This is similar - like a continuation - of this thread. I’ve seen a HCL report regarding a Lenovo P73. This machine offers good performance.
For me an older maxed out ivy bridge is good enough, having the better classic keyboard and a good ssd. As a next step I’d opt for a Purism Librem because of more ram, but this is just personal choice (having Intel ME disabled is a nice “non”-feature too).
I’ve been doing a lot of research on this lately, I want to build a machine with IME neutered, which means Ivy Bridge. In my research the best laptop would be a W530 with Skulls, but it seems dual monitors isn’t an option which kinda sucks.
Next to that is the T430, Sven has worked quite a bit on this and has two HCL’s posted but the T430 is capped at 16gb RAM…
I bought a used Librem 14, flashed the EC to the latest version and installed Qubes OS. This is my first time using the Librem 14 and Qubes OS. So far I’m very happy with both.
This is what I thought as well, it has been suggested to stick with the t430 for the reason of it being already on the HCL a few times and is functional, but the allure of 32gb RAM, a faster CPU and better monitor out of the box have me on the fence. It’s really too bad one can’t neuter IME on anything past Ivy Bridge…
