Do any manufacturers ship computers with Qubes pre-installed?

It is my opinion that new users can easily give up on qubes.
I think that the learning curve for new qubes users on attempting to use qubes is high enough and I suspect that the
the amount of effort involved in selecting and ordering “probably compatible” components, assembling, installing qubes, and then troubleshooting why it’s not working (for example, a model of dell being in the HCL does not mean it will work, because dell ships more then one type of hardware under the same model number (some variations of which do not have the needed virtualization instructions))… that the effort involved in this is too much for many users.

Do any manufacturers ship computers with Qubes pre-installed on them? This would give a option for new users that would allow them to start learning qubes before they gave up, and I think would be a good thing.

2 Likes

Do any manufacturers ship computers with Qubes pre-installed?

Yes, see here: Certified hardware | Qubes OS

You are totally right. This is why the Qubes community created a list of “just works” hardware.

Also, the first laptop in the latter list (Librem 14) can be shipped with a USB stick with Qubes OS (but not preinstalled). Upd: now, it can be also shipped preinstalled.

6 Likes

I had read the certified hardware list several times and had no idea that they came with Qubes pre-installed. They should really mention it on that page.

Well I guess that’s something in the right direction. I do notice a lack of desktop systems though.

Something seems wrong. I’ve read several times that “most qubes users are using laptops”. Is this because most qubes users are journalists, or is there some benefit to using laptops (other then the obvious portability) that I don’t understand? Perhaps one of my assumptions is wrong.
Some things I’m assuming:

  • I have been assuming that the price/performance for desktops is better then for laptops.
  • I have been assuming that ethernet is faster then 802.11
  • I have been assuming that laptops can add a full keyboard (but it would be USB), but cannot expand out to 4+ monitors.

Also, if I was going to order a laptop, I’d want to know if “integrated wireless” works like “integrated ethernet” works for Intel-ME , as I thought you were supposed to add a ethernet card to computers and use that non-integrated ethernet.

Well as long as the 3 certified systems come with it pre-installed, that gives people some options.

1 Like

Interesting. I think it’s actually just a coincidence that all Qubes-certified computers currently happen to offer the option to have Qubes pre-installed. I can easily imagine a computer that passes certification but doesn’t come with Qubes preinstalled. AFAIK, offering that option is not a requirement for Qubes hardware certification. Is that right, @marmarek? Of course, it makes sense to offer that option, which is probably why they do it. Seems like it’d be a relatively minor additional step to guarantee this option if one is going to the trouble of achieving Qubes hardware certification in the first place.

This is an interesting question. I have hypothesized that if the adversary was - a government, or a major power structure, that the ISP might be coerced to do things to a non-laptop user. That being, to fight off such a possible adversary one would need to use the correct Router, carefully configured and a VPN to get around the activities of an ISP (ISP intent on watching a home connection).

I had hope to read of someone writing on the check list of things to do for an at home connection.

Insofar as having options for Qubes on something more powerful than a laptop. Librem offers a mini, as does Nitro-Key, and (System 76 offers laptops with Intel ME disabled) System 76 has powerful towers, and a mini, I don’t see a promise that the Intel ME is Disabled, or that Heads can easily be used.

I would guess that the configuration for securely using Qubes from, say, an at home connection, includes the careful selection of Router, firmware and software for that router, and only using the Qubes computer with an Onion connection. Plus don’t let others use the Router or Connection.

I would be glad to hear from someone who actually knows, I am only guessing.

1 Like

If the adversary was powerful enough to coerce an ISP, then I’d say you’d need more than open source router firmware to protect yourself.

But downsides to desktop QubesOS are still real.

Such as some modern desktops don’t include PS/2 connections, forcing you to use a keyboard with sys-usb (if you’re not careful during setup, or if QubesOS has a bug, you might get locked out). Also you need to give up a USB controller to untrusted keyboard firmware (unless you have $300 to spend on the Launch keyboard by System76 with open firmware).

1 Like

if not mistaken, only Nitrokey has pre-installed qubes (Laptop and NitroPC),

also Librem can be shipped with USB stick with Qubes OS,
so maybe the buyer can request them to install Qubes, other than PureOS.

but i think, for any Linux distro,
there are very rare, for Laptop, to be shipped, with pre-installed Linux distro.
The pre-installed OS, usually are windows or macos.

also i think, there is no problem with this, because:

  • usually the laptop seller can help us install OS
  • maybe nowadays almost everyone can install OS
  • maybe Qubes user were being hacked before, so he has no option, but to learn installing secure OS

If the adversary was powerful enough to coerce an ISP, then I’d say you’d need more than open source router firmware to protect yourself.

@qubes-kernel-5.8

do you think, by using https and secure DNS server only,
we can protect ourselves, from information disclosure by ISP ?

from the stride threat model,
spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege,
what ISP and router firmware can do ?

@newbie Using https and some non-standard domain name system can help mitigate some tracking. Using https means the ISP can only see the domains (and subdomains) of websites you access, and having an encrypted connections can help mitigate man-in-the-middle attacks. I’m not very familiar with DNS, but there’s a section in the Hitchhiker’s Guide to Online Anonymity about DNS (hint: it’s very difficult to fully ensure your DNS requests are anonymized).

I’m not sure what “information disclosure by [an] ISP” would entail. ISPs most certainly try to record what you do on the internet, whether you’re using using a home router, public wifi, or cellular data. If you’re worried about this “dragnet” tracking, and are worried about ISPs “disclosing” the information they have collected on you, then there are reasonable ways to avoid it (i.e. https, somewhat private/secure DNS, VPNs, Tor, open router firmware). But certainly “by using https and secure DNS server[s] only” is not enough.


I’m not really familiar with threat modeling techniques, such as “stride,” but I’d assume that an ISP can: 1) spoof— fake or help fake some external connection for some man-in-the-middle attack, or direct you to new websites entirely; 2) tamper— censor or regulate your internet connection; 3) disclose information— sell data collected about you, but not necessarily target you; and 4) deny you internet or other services (i.e. limit what ports are open).

I don’t think an ISP could easily mess with some non-repudiable digital signature (i.e. from the QubesOS Team) and I don’t think an ISP could (easily) get “sudo” privileges to your devices (some ISPs can remotely control routers, but they’d still have to attack your devices from the router).

Hope this helps

That’s it!

I’m pretty confident that you have hit the nail on the head. Desktop users trying to evaluate qubes, even after reading that they “should” use a PS/2 keyboard, probably try to use a usb keyboard anyway since “I don’t need to be secure while evaluating, I just want to get some practice at qubes so I understand it better”. (That’s what I did)

The next step I went through many times with many variations, so my memory could be wrong, but I believe then I got to the question in setup where the qubes installer has auto-disabled the usb qube, in order to make the system work with the USB-keyboard, then asks what qubes should be automatically set up. And then naturally not yet understanding how the function of the USB qube works I was like “hey I want a USB qube”, enable it, and end up with a mouse but the keyboard not working (I think a working keyboard with a massive lag would happen some other times)(and on some computers i was getting the message that meant "your processor does not support virtualization even though your computers model is in the hardware compatibility list (because dell ships the same model number with different types of processors in it, not just different speeds of the same processor). My end solution was to try various different hardware over and over until I tried a ps/2 keyboard & mouse on a system with a CPU with the virtualization instructions and things worked.

Anyway, my point is that if this is happening to other people, then that could explain why there are so many laptop users… because desktop users probably run into the USB (and possibly other hardware compatibility issues) and give up on qubes. Then those people disappear, and that just leaves the laptop users!

2 Likes

Insurgo

Ok, I have a couple ideas. The first one is this:

I propose that to the qubes webpage, underneath the link for “certified vendors” we make a link for “vendors that ship with qubes preinstalled”. The top of that list would be “certified vendors that ship with qubes preinstalled (which we believe is all of them)”, then under that, we have “other vendors with qubes preinstalled”.

I’m willing to make the changes myself, but feel it should be discussed first before making a change like that. (or is the discussion supposed to happen on github?)

That’s not the only reason.

I think far more bigger reason is the simple fact that modern desktop computers doesn’t have PS/2 anymore. Some desktops like Lenovos have the capability, but you need to hunt down additional cable to make it work. Then the next problem is finding keyboard that actually works. Even bigger problem is finding keyboard with some specific mapping. I tried to search for weeks, and eventually gave up. Then I visited a local computer store (real, physical store) for finding some audio cable or whatnot and then just almost as a joke asked the guy if they still happen to have PS/2 keyboards. Turned out the owner was some sort of hoarder and he still had two Logitech PS/2 keyboards from early 2000’s. I bought both of them.

Maybe you don’t have such problems in bigger markets, but eventually PS/2 will die away.

1 Like

:point_up: good deal!

The PS/2 issue also forced me to get a notebook (replacing my NUC).

Which vendor is shipping Qubes OS pre-installed, but is not certified?

I don’t know where you are located, or what “specific mapping” you are
looking for.
For the record it isn’t hard to find PS/2 keyboard and mice new online, and they
need not be expensive. Trivial to find US, UK and DE keyboards.

More desktops are now coming with PS/2, particularly on gaming PC’s:
they are also common on motherboards. If you want them you can find them.

Finnish or Scandic. Not very easy to find, especially good, mechanical keyboards.

I disagree about “common”. I agree it is possible to find motherboards. And on many business PC’s it is possible to purchase extra cables, like I did for my Lenovo ThinkCentre.

Gaming angle is interesting. Maybe gaming will save PS/2? At least some very high end gaming keyboards come also with PS/2 because it is supposed to be more accurate than USB.

We’ll see. I’m not very positive about the future of PS/2.

I see you have pulled back from “modern desktop computers doesn’t have
PS/2 anymore”.

For keyboards server/gaming is where to look - but even for Nordic, it isn’t
hard to find (I cant speak to quality of course.)

My point is that if you want PS/2, you can get it relatively easily.

Yes, that’s not absolute truth.

Well that was just my experience. It was so hard for me that I let go of idea, but then got very lucky with the Logitech keyboards. I was looking for keyboards online, didn’t find anything. I found few second hand keyboards but that’s it. I actually thought it’s easier to install additional USB controller and dedicate that for kb/mouse. So I did. Now I have it available for something else, which I’m very happy about.

2 posts were split to a new topic: Using external keyboard and mouse in Qubes