Cleaning a used computer before installation

Hello everyone.

I just bought one of the computers mentioned in this recommended list :

I am aware of this installation guide, but I would like to know if I should take any precautions before installing Qubes.

After all, this is a used computer, and there is nothing to tell me that the seller didn’t leave “something” behind…

Here are some of my ideas:

  1. formatting the hard drive?

  2. cleaning the memory, but I don’t know if there is such a thing?

  3. install as much RAM as possible, before installing Qubes? Indeed, I often need a lot of resources for my professional activity.

yes

the memory is already “wiped”

can be yes depend on what laptop your using

there may more thing todo


no in this case, it should work out of the ‘box’

1 Like

Personally, I wouldn’t use the same disk: if I had to do so, I would wipe it
completely before reformatting it.
If you are capable, (and the option is available to you), I would flash
the EC and the BIOS chips,

Installing the fastest SSD and the max RAM will ease your Qubes use.

3 Likes

If you can, reflash the Coreboot, too.

G’day Phil,

With a few used x230, personally I have:

  • tried to verify hardware is working (cautiously without networking)

  • installed / re-installed vendor BIOS updates

  • opened case and inspected hardware for obvious tampering

  • upgraded ram

  • replaced drives

  • replaced wifi (I like FOSS drivers and didn’t want previous owners’ “digital trail”)

  • detached unwanted components (e.g. bluetooth, fingerprint reader)

  • installed heads

That’s why I said “BIOS chips” - do this whether you want coreboot
or not.

Hello everyone and thank you for your answers!
I should receive the material in a few days.
I will keep you posted.

I’d also check the mainboard for obvious chips that don’t belong there. It’s rather easy to solder a chip onto the mainboard that just passively listens and (maybe) sends something or has a backdoor in it. Actually more of a concern if you get hardware back from government actors (eg. police) but I could definitely see some rather anonymous vendors employing the same methods. Again, this isn’t that complicated if you know what you’re doing or have a good guide available.

Completely agree from a security perspective but from a cost perspective you might be forced to reuse the drive. In that case I’d check if anything has been soldered onto it or replaced (if so, you might wanna ditch the whole computer - at least get rid of the disk) and if nothing suspicious comes up just overwrite the disk with random bytes a few times and you should be good to go.

If I were a newbie, I would never understand what that means or how to find it in a search engine. For this reason, I highlighted the most popular and recommended possibility.

Here it is! I received it!

It’s a Thinkpad 480S i7-8550U 16GB RAM

So I’ll take your advice from the beginning…

Currently, I’m working on an equivalent computer (except for the RAM which is only 8 MB) under Windows 10, and I’m quite satisfied with it: it’s not “ultra fast”, but it’s not too slow either; it’s OK.

Basically, all the following applications are running in parallel: Thunderbird, WhatsApp, Telegram, Chrome and Firefox (with many tabs open), Tradingview, Excel, Skype, Google drive stream, libreOffice, Boxcryptor, Dragon (speech recognition).

The processor is used at 60% and the RAM at 95%. But I imagine that the machine adapts according to its capacity: i.e. if I increase its RAM, it will obviously benefit from it!

I will have to continue, for a while, to work with Windows 10 for my professional activities. On the other hand, for my private life, I will use more reassuring systems.

So I will do the same (pro) work on the same machine … but with 16 GB of RAM instead of 8 GB.

Should I add another 8 GB of RAM to the 16 GB already present? Would there really be a significant difference if I only use a qube with Win 10?

Another question is about the SIM card reader on the back of the computer: I’d like to use it with Qubes because I’m more of a nomad… Will it be possible? No problem ?

16 GB RAM should be enough to get good performance if you stick to 1-2 qubes. If you wanna scale up later you can add more ram anyways. Concerning the SIM card reader… is it a PCI or USB device? You can attach both kinds of devices to qubes but in my experience the usb manager sometimes doesn’t work perfectly.

The SIM card reader is built into the laptop. Therefore, you probably want me to open it to see if it is a USB or a PCI? Actually, I’m not used to opening laptops…

If the SIM card reader doesn’t work with Qubes, will I have to launch the computer with a selection: launch Qubes or Windows? Is this safe enough to guarantee 100% anonymity and non-disclosure of my personal data on Qubes?

It can be done but (without significant effort and expertise) it is a risk factor. While it preserves a lot of the features of qubes, a (hypothetical) compromise of your windows system could allow an attacker to modify your /boot partition or firmware of the laptop, thus compromising qubes as well. While this might be somewhat far-fetched for a low-skill low-ressource attack, an adversary with a higher skill level who specifically targets you could be expected to pull this off. You’ll have to decide if it’s worth the risk. Anyways, most likely your SIM card reader is going to work just fine regardless of it’s connection.

1 Like

Qubes OS enables security by compartmentalization. This means you split your digital live into many compartments and setup your system accordingly. That way, if an attacker takes over your private email compartment they cannot move from there to get to your work files, different projects, private banking etc.

Obviously that only works if all those things are in different qubes and the ones with valuable data are always offline.

If I understand you correctly you are planning to install Qubes OS, make one (1!) qube with Windows 10 and then use that one for everything? What is the point of using Qubes OS then? It won’t magically make you more secure if you don’t use it as intended. In that case you may just as well run Windows and enjoy better performance.

1 Like

As I understood it OP wants to switch from Windows to Linux and needs his programs to work in windows temporarily while he switches to Linux. OP also suggested to dual-boot Qubes with Windows 10, as I understood it.
@Phil corrections welcome :slight_smile:

1 Like

I think Sven didn’t understand my idea: I was saying that if my SIM card reader built into my computer didn’t work with Qubes, the only solution would be to “boot” :

  • or on Windows
  • or on Qubes.

I thank you (both) for your thoughts on the lowering of the security level, if I adopt such a solution: I will therefore start installing Qubes “normally”.

Just one last question: if I find out that I need to add 8 GB to the existing 16 GB, will I have to reinstall everything?

1 Like

Anyway, I really feel that Qubes answers my “cautious state of mind”: I feel that we are few people who are aware of the importance of protecting our privacy, and eventually our professional information.

1 Like

No, you shutdown your PC, install the RAM, and boot into your old system. It should just work.

1 Like

My work is in Western Europe, but I still live in other parts of the world. I guess I have to choose the Western European time zone? I guess there won’t be too many consequences? Not even on a possible authenticator?

I would like to systematically my time zone real, because I know from experience that computers always work better when you are “real”. For my work in Western Europe, it would be enough to have a double time zone on my calendar, for example.