Hey everyone! NewbieQubey here.
This post ended up being much longer than intended (sorry!), so I added what I’m currently trying to understand here towards the top and numbered them. There are additional questions below that I wouldn’t mind input on, too, but (again) I realize how long this post is and it may take a miracle to get them answered here. I find it difficult to post via mobile and I hope that it at least makes sense. Any assistance is greatly appreciated!
I’m thinking of (attempting) flashing a coreboot bios to my system.
Setup
- Qubes newest release (4.2)
- HP Elitebook 840 G7 10th gen Intel i7 with latest HP firmware. Unsure if other specs would assist in recommendation considerations. If so let me know.
- Had planned on having 2 separate SSD’s (1 Windows 11, 1 Qubes) and swapping them as needed directly on the single m.2 slot, or potentially using the Windows drive via external USB enclosure. I realize the USB 3.0 enclosure method won’t be nearly as fast.
-
Enabling secure boot for when booting Windows is best, apparently, but perhaps just leaving it off all of the time wouldn't hurt? -
A non-issue if I use coreboot/others, I imagine? - Am now leaning towards using the same drive and dual booting, but do not want to create any additional attack vectors of decently high criticality. Is Ventoy the preferred method for this if I go the dualboot method?
- Does anyone have fresh input in if there is something else I should consider instead for my use case? I want to be as secure as possible, with minimal concern for actual physical access to my PC (now) as I lock my storage/PC’s and even commonly used Bluetooth devices in my safe now if I am away from the house.
- I do not believe the laptop is, but I do not have 100% certainly that my system board, or other firmware, isn’t already infected. Will coreboot, or another custom firmware disable/clear it?
2a. If the above does not clear any potential infection, are there recommendations for a detection tool that can give me piece of mind that my current factory firmware is clean?
I realize the best practice if concerned about the firmware being compromised would be to replace the system. However, having been laid off of my tech job a couple months back, after 16 years there, has me pinching pennies, so to speak, and really isn’t feasible at the moment.
I apologize if all of this information is laid out elsewhere already, but there is A TON of information on the forums, docs, and Reddit. Some of it is conflicting, I’ve found, or a bit old. This is not a knock on the Qubes community, it’s just the nature of…everything…as almost nothing in life is static. Things can change quickly, so hoping for some fresh info on direction to take before I lock myself in to a path, or prevent said ‘locking’ altogether. I’m referring to things like clearing Intel ME, and other things, that I’ve learned cannot be undone through the reading.
This is not the reason for my post, but some backstory, which may alter any recommendations I receive in relation to my use case:
The reason I chose to try Qubes out now is because I I have some nasty and very sneaky malware, and am not sure how long I’ve had it, and so unsure what else it infected as far as storage devices and what-not. It was quiet with almost zero hint of it’s presence. A couple of weeks ago things changed and whatever it is/was became aggressive and things were being uninstalled while in use and I could no longer do some regular actions, etc. I am fairly certain someone got into my LAN and am not sure if any other devices have been compromised, and if so how many/which. I do believe a neighbor may be behind my issues spelled out a bit more below. We were acquaintances a while back, but then he got weird and our family about them now. In hindsight I realize he got weird around the time I started noticing strange things happening on my phone, PC’s, LAN, etc. I have started implementing mitigations related to that and it’s a work in progress. While indirectly unrelated to Qubes, I spelled this out as some additional backstory because it may help others understand the reason for my second question above.
Feel free to skip this next paragraph as I plan on creating the appropriate posts as needed if a reimage does not improve my situation.
Unfortunately, I’ve had nothing but issues so far after what appeared to be a seamless install, so I’m thinking this will not be my only post. Other posts will (probably) be more concise… The positive out of the struggles that I’ve faced is that it has helped me learn a lot, which I feel is the best way to learn, but it’s been fairly frustrating. Especially last night after learning I was missing some key pieces of a typical install to get my Qubes to function. For instance, after around 3 days of tinkering I saw a post (on Reddit?) stating that there should, indeed, be an icon to help connect to WiFi. After not seeing anything obvious on first boot, or proceeding boots, my expectation was that once I finally got sys-firewall to work while having sys-net as it’s network Qubes I’d be able to learn quickly how to connect to a network. However, a known bug where apps are missing from the default dvm, and the networkmanager service is, too. I got the nm service going but after many attempts to get the applet to show I decided I’m going to just try to reinstall the OS and see if that helps.
I’ve almost solely used Windows except for use in the various Pi’s I have and short stints trying out other distros. So, I have some Linux experience, but still feel quite novice and have to search for how to perform many actions in any Linux distro that were mostly brain ‘muscle memory’ in Windows.
I’m using mobile and apologize for any poor grammar and typos I’ve missed, and again, for the length of this post.
I’ve noticed that there are a lot of friendly and knowledgeable people in here, and perhaps one day I may be able to contribute in some way to the community. When (if I ever?) get my rig running I can share troubleshooting steps it took if found helpful.
Cheers!
. I had a mess of electronics and me and what was meant as a quick post quickly expanded.