Do any manufacturers ship computers with Qubes pre-installed?

I don’t think such a list belongs on the official website for the reasons explained here. However, if you’re willing to commit to maintaining such a list indefinitely here on the forum, we certainly link to your list from the official website.

I think that would be Purism. I’m not aware of any others.

It would probably not be terribly useful to have a list with only one entry, given that we already have the “just works” list.

In fact, now that I think about it, the proposed list probably shouldn’t exist now that we have the “just works” list. After all, any shady outfit can start selling laptops “preinstalled with Qubes OS” even if those laptops are completely unsuitable for Qubes. Any good laptops that come with Qubes preinstalled will already be on the “just works” list, so this new proposed list would just end up being a (less reliable) subset of the “just works” list.

1 Like


I think that would be Purism.


["If you would like to try Qubes OS, you may purchase the installer on a USB Flash Drive. This option is an installer only, not a LiveUSB, and is only recommended for advanced users with a strong technical knowledge. Most users should stick with our default operating system, PureOS.

We do not offer Qubes OS pre-installed on our Librem devices, though Qubes OS runs well on our Librem laptops. It will not run on Librem smartphones — Qubes OS requires virtualization on the CPU and there is no port for ARM architectures.

Please direct all support questions pertaining to Qubes OS to the Qubes community."](FAQ – Purism)

any shady outfit can start selling laptops “preinstalled with Qubes OS” […] would just end up being a (less reliable) subset of the “just works” list.

Fully agree.

Oh, my mistake. Thanks for the correction.

1 Like

Related: Plans to Add Search/Filter Functionality to the HCL?

Nope. It was my mistake. Apparently I proposed that we add a empty list to the web page! I had thought some of the previous systems mentioned were coming with qubes.

I’m not promising anything, but lack of desktops shipping with qubes is serious enough of a issue that I’m considering setting up a “desktop with qubes preinstalled” option myself. (would become the only vendor that only ships with qubes preinstalled :slight_smile: )

1 Like

Since Qubes is programmed to be suspicious of USB, and Desktops use USB Mouse, and USB Keyboard. It is supposedly difficult to boot into Qubes.

Please let us know how you solve that problem.

hi folks,

some interesting points brought up in this thread!

from my perspective, i think we should be emphasizing that (at least currently) all certified hardware sell Qubes pre-installed. I think this should be part of our template of announcing new certifications and part of information on the page.

I also think that it should be part of the certification requirements, which @adw and i can discuss with marek. or at minimum that should be the assumption, with exceptions as necessary/requested/made-explicit.

there actually is one computer (which happens to be a desktop) that is not certified but does sell Qubes pre-installed, Nitrokey’s NitroPC:

i will also follow up with @adw and @marmarek to understand what prevents it from being certified (i see it doesn’t come with TPM but i don’t see that as listed as required for certification). would be nice to have a desktop option on the certified list.

1 Like

@michael wrote:


My guess is the lack of PS/2 keyboard & mouse. Having to rely on USB makes it very easy for less experienced users to completely lock themselves out of their machine (e.g. disable autostart for sys-usb and reboot). There are ways back in, but they involve rescue mode, editing grub, and probably a couple of posts with forum members giving encouragement and step-by-step instructions.

Not the experience I’d expect from a certified machine.

1 Like

talking to Marek and you are correct it’s USB-related – they are currently trying to get it certified and there are issues because it comes with only one USB controller (as it’s a mini-PC), we’re trying to figure out best approach. i don’t know if we’re going to see new desktops come out with PS/2 (keyboard especially useful) but we’ll highlight to manufacturers and we’ll see. even just having multiple USB controllers would help in this instance, which a normal-sized desktop would likely have.

The point would be to specifically select hardware that worked, so the answer is simple: Ship hardware with a PS/2 port and ship with a PS/2 keyboard (a keyboard that’s good enough that they would be willing to actually use it).

Shipping a PS/2 mouse could be done too, but has a additional problem that everyone’s hand is different, so people would tend to want to replace the mouse with something that better fits their hand.
If they did replace it, and the replacement was USB, and they locked themselves out of their new USB mouse, then I guess at least they would still have a PS/2 mouse laying around to use while they are trying to get their USB mouse working again.

I had once thought to suggest that a version of Qubes where the USB was not inhibited, to allow someone to test out Qubes. I can buy a tower at Good Will for ten dollars. So a person might test out Qubes, see if they could tolerate it.

However, human nature being what it is, people would decide to just keep using that security flawed version of Qubes when real security is needed.

There was a story several years back where a computer person, who lived on the west coast, ordered a new keyboard from a company on the west coast. Took a suspiciously long time to arrive. No one clued in the shippers. Whose list of intermediate destinations included a stay of several days in Virginia.

Unfortunately the second hardware issue that trips people up is the “hardware virtualization” (VT-d?), which will not be at good will for 10 dollars (or if it is, then i want the number of your local good will place! :slight_smile: )

If you wanted to go the good will route, then maybe use version 3 of qubes (which I believe doesn’t require hardware virtualization)?

I had once thought to suggest that a version of Qubes where the USB was not inhibited,

Is this what you meant by “over spoke” (I can’t find the original to the quote). In any case just to clarify for later readers:

  1. You can use Qubes OS with a USB mouse and keyboard and it is by no means “inhibited”.
  2. As long as Qubes OS is not configured to ignore USB upon startup, there is no issue. If one creates a sys-usb qube without reading and understanding the respective documentation this can happen.
  3. Even if it does happen, there are ways to restore. This involves booting a live system and editing the grub config. That’s the step inexperienced users will struggle with.

There are ample warnings in the installer and the documentation. So as long as one reads what’s on the screen and in the documentation and thinks before acting there should be no issues.

I’m using USB key/mouse. I’m a new user and installed 4.04 a couple weeks ago without having to do anything special. I didn’t have to create a sys-usb qube. I recall there was something related to USB, possibly sys-usb, greyed-out during the install. Is there something I’m missing?

Nope, everything worked as intended. Creating the sys-usb qube was grayed out precisely because it could lead to you not being able to enter the decryption password on boot.

There are three possible configurations:

  1. No USB qube (sys-usb). That’s the one you have right now. This means your USB controller(s) are managed in dom0, which could potentially lead to a compromise IF someone has physical access to your machine and plugs in a “bad” USB device.

  2. Creating a USB qube, which means the USB controllers are isolated in a dedicated qube and a bad USB device / actor is contained within that compartment. However, by default when creating a USB qube a boot parameter gets added to your grub config that tells dom0 to ignore USB controllers. That’s the safest option, because Qubes simply won’t touch USB until your USB qube is started. However if your only keyboard is a USB keyboard you are now unable to enter the decryption password and you are locked out.

  3. You can have a USB qube, but right after creating it (via the salt config) you need to edit your grub config to remove the parameter that tells dom0 to ignore USB. Or you create your USB qube manually. Both options require that you know what you are doing. In that case, dom0 will manage USB controller(s) until the USB qube starts and it will take over from there. That means you can enter your decryption password with your USB keyboard, but also that a thread actor with a malicious USB device can compromise you during that time window or by rebooting your computer (but then they don’t have your password …). It get’s complicated.

Bottom-line: if you have a PS/2 keyboard (e.g. a laptop) config 2 is best. If you don’t then config 1 is best. Config 3 get’s you maybe a little more protection, but not really.

So I guess: make sure your desktop can only be physically accessed by you.


So My PC also has USB qube but It has one USB controller with no strict reset and other with full reset option. Should I hide all usb controller from Grub and Efi?
I tried to hide from efi like following documentation but there is no file /boot/efi/EFI/qubes/xen.cfg
I am on 4.1 fepitre iso (4th September 2021).

I over spoke because I mentioned things already used. Like I mentioned the Nitro Key Mini, which others had already mentioned. I should look through the whole thread before posting, instead of posting from memory.

I thought part of the issue with USB is that whatever one does to get the USB working, goes away with an Update. And we are looking for folks to start using Qubes, and require doing it from a no knowledge standpoint. Plus, a more powerful tower which can easily have a bunch of RAM, is easier than purposing a Laptop, Laptops can cost more money.

But Sven makes a good point. I don’t have an extra tower now, but I will think about sending some fool, who does not care about Covid, into the Good Will Store to find me one just to – try this out. Before Covid they have several used towers from a company that used them for Video Editing. Had a Windows 7 sticker, Dual Core Xeon, 32 GB RAM. then for $199.00. I might have to settle for a $25.00 model.

I believe the operative word there is understanding. I read the warnings, but since I had not used qubes yet, I did not understand what they meant.
Of course now that I’ve used qubes, I know what they mean and would probably have trouble imagining anyone not being able to know what they mean if I hadn’t gone through it myself.

There can also be a strange keyboard latency, and a occasional keystroke loss that can happen here. (this happened in a couple of the many combinations I tried before getting a successful qubes install)

I had this too but it was caused by a hub. After plunging directly into the computer never seen again.


1 Like