Hardware brands which you trust to run Qubes

While I do not dispute what you say, I would caution against thinking this has anything special to do with China or its ruling party. The same logic applies to Intel, AMD, Google, Microsoft, and many others, all of whom are U.S. or U.S.-based companies with long histories of collaborating with the United States government, sometimes willingly. They also all reside within the NSA’s backyard, for whom we do not really have a threat model because “they are somewhere between a usual state level attacker and Cthulhu”. Perhaps China’s 3PLA/4PLA is at a similar adversarial level, but the NSA likely remains chief among them in the pantheon.

I agree that Lenovo has a problematic history and its relationship with China is worrisome, though this should not be any different from a U.S. company unless your threat model for some reason includes the Chinese government and its APTs but not the U.S. or its—in which case, you are probably the U.S. government.

Currently, it is primarily the U.S. government that has prohibited Lenovo from use among its operatives for nationalistic reasons. If you agree with that assessment and include Chinese companies in your threat model, despite the lack of evidence that Lenovo has been used as a hardware attack vector outside of U.S. agencies (assuming even that is true), then you probably should view U.S. companies with similar concern. And when it comes to an eldritch abomination like the NSA, not even the anti-tampering and anti-interdiction services of NitroPad and Purism may be enough.

Regards,
John

P. S. To clarify, I am not saying to trust Lenovo; I am only saying to distrust it as much as you distrust any hardware tied to the U.S. and feasibly within its government’s reach. The current state of hardware trust and security is deeply depressing and unlikely to improve in any large amount (unless you count Google’s open hardware ventures to be an improvement), and this is only compounded by the adversarial nature of nearly all corporations and nation-states.

well no let me put it this way… first of all a (at least in theory) reasonably transparent democratic government with rule of law and limitation of power is very very very different then a dictatorship that could force any company to do whatever and send anyone to prison/have killed with a symbolic judge who’s aligned with the party arbitrary enforcment of the law no jury transparency etc

very very different… in the us sure the government can force companies to do a lot (but then often that won’t hold in court might be useful in a few situations like stopping of terrorism but you get the point)

also whistelblowers journalists and so on get some protection under the law unlike in well china where the authorities will kill you’re family to control you even if you’re for ample overseas and i can go on and on about the difference

china’s also very corrupt lacks supervision and so on

while getting anything from any goverment isn’t ideal china has been known before to compromise hardware and u know it’s horrible that so much of our manufactoring is there (taiwan is great don’t get me wrong that’s where i’d suggest you get you’re computer parts but it’s not without it’s issues)

the real issue is that you can never know… now ok with older parts for sure
they don’t after all at the end of the day compromise everything the issue is that there’s allways that risk

unless you’re willing to inspect everything to the teeth

oh and i clarified my argument against china

but let me also add on top of that, that yes indeed you should always worry about all governments and…
but personally while i’m not happy with the idea that the nsa would hae my data i can live with it (it’s not ideal and the goverment should not have that right/power!) many would not want this but still it is much better to have you’re data in the hands of a goverment with the rule of law
not one where if you’re “lawyer” does too good of a job he gets charged and prosecuted arbitrarily

a nation so corrupt where people w’d happely sell you’re data for a couple of bucks (and i don’t just mean credit card information i mean if you care about privacy you can have some blackmail able material on you’re system)
and yes i know this is all farfetched and unluckily anyway

but again a low or a high level bureaucrat accessing my information from the us is much less concerning then a high level “trustworthy” official from china

We may need to agree to disagree here, @rjo74618, because I honestly struggled to tell whether you were describing China or the United States in your replies above due to their mutual culpability in such behavior; and I consider neither to be transparent, democratic, governed by the rule of law, or limiting toward their own power. We apparently have radically different assessments of the U.S. government, it activities, its threat level, and the credibility of its claimed rationale for them. Here is not the place to discuss that however, since that strays too far from the topic.

We can both agree that the Chinese government is one of the most dangerous threat actors globally and any electronics produced under its auspices may pose a general threat to everyone, especially those purchased by companies and decommissioned for resale (such as is the usual stock of used Thinkpads). We can also both agree that Lenovo does not have an encouraging record, especially if the U.S. government’s allegations of it being a vector for supply-chain attacks are true, and that Lenovo’s products should not be apportioned any additional trust just because they make (or made, years ago) products with certain desirable qualities. Lastly, we can agree that any hardware produced in countries with powerful nation-state threat actors and governments with a record of mass surveillance and gross violations of basic human rights should be immediately suspect, especially for anything critical, and preferably avoided or at least assessed with a much stronger degree of scrutiny.

Regards,
John

This discussion is entertaining, but it probably belongs to its own thread (just like Discussion on Purism). @deeplow do you agree?

You are of course entitled to your opinion, but consider some official democracy rankings and the like designed by scientists, which clearly show the difference between China and USA and explain it.

Yes, I would say it may belong in the All around Qubes category (announced here).

I disagee. If the discussion is around choosing the hardware to trust (just like for Purism), then it should belong to the general forum topics. Otherwise Purism discussion also ought to be moved to All around Qubes, like any future discussion of any company. In the latter case the current thread will look unfinished and shallow to me…

I’m always charmed by the way that people advocate for the US.
In terms of global geopolitics I doubt there is a cigarette paper between
the US/UK/Israel and other democratic states, and the bogeymen of China
and Russia. In terms of attacks on privacy and security the US has
a long and inglorious record.

To try to pull back to the issue in hand, there’s very little that can
be concluded from an alleged targetted attack. The fact that the CIA
tried to kill Castro with poisoned cigars tells you nothing about the
safety of buying a cigar off the shelf.
In another thread, I think, someone said “It’s turtles all the way
down” - but it isn’t. Turtles all the way down is a reductio of such
arguments. Most people are very bad at assessing risk, and responding to
it.
Which is more likely? The CCP has inserted backdoor chips in to every
lenovo laptop and is gathering data on a global scale from every lenovo
user, or the CIA has targetted the small production line of a laptop avowedly
aimed at “privacy” - i.e those it considers will have something to hide.
We really need to start teaching people about security and risk in a
sensible way.

I do not wish to stray any further from the topic, so all I will say further on this subthread is that I do not consider such rankings to measure much of anything and that I fundamentally object to the abuse of the term “democracy” in mainstream political discourse, whose common definition has not resembled anything close to actual democracy for at least a couple centuries. While there are some differences between the United States and China, including regarding their relationship to “democracy”, little understanding of that can be gained through hegemonic narratives generated by actors with strong material and ideological interests in weaponizing concepts such as democracy for the purpose of perception management.

Understanding this helps place issues like hardware trust and brand credibility in a more comprehensive context, since the usual assumptions we may be making about the criteria by which we judge these things may themselves be products of social control, and so inadvertently result in conclusions against our interests and for those of our adversaries. This is why such considerations are relevant to topics such as trustworthy hardware brands, though I admit that they may still be off-topic due to the generalizing effects it has on the discussion.

If anyone would like to discuss the off-topic political dimensions of this, you are free to message me in private and I will respond when I have time, or we can start an #all-around-qubes thread if it is not deemed too off-topic for even it. I only pray this message itself is not taken as a continuation of any off-topic tangents here; it is meant to conclude them and assert their general relevance in assessing trust and risk in subjects such as hardware security.

Respectfully,
John

With that said, I wish I had more to contribute to this thread, but I am personally very pessimistic about the state of hardware security, as I said above, and I do not have high opinions of any hardware vendor, whether Purism or Lenovo or others. Those for which I have no particular concern, if only because I am not very familiar with them such as Raptor Computing Systems, I still have general concerns such as those related to the above. So, my unhelpful and unsatisfactory answer is “None”.

I would love to explain and defend which hardware vendor I can trust to secure Qubes OS and respect my privacy and freedom, but I do not have one and I doubt one exists. I am critical of thinking in terms of brand trustworthiness, as well, since brands tend to tell us nothing about the merits of the company and only the perceptions they have manufactured. Trust is something earned and very few companies have done anything to warrant any trust at all, at least when it comes to security and especially hardware security.

I do think favorably toward older Lenovo Thinkpads due to some of the qualities I appreciate in them, such as their repairability and ease of (dis)assembly and powerful computing relative to their competition; and I do admire the apparent efforts that companies like Purism make toward transparency and securing the supply chain and delivery; but I would not go so far as to say I trust those products or their vendors, especially not as brands. Would I prefer them over other options? Probably, but not necessarily for reasons related to hardware security, even though their hardware is more open and verifiable than most.

Nonetheless, I intend to be installing Qubes OS on a Thinkpad and a part of me wants a Librem 14 (but will never buy it due to cost), and I would consider Dell Latitudes as an alternative to Thinkpads. I suppose the best I can say on these matters is that there are some vendors and products I can distrust less (and mainly because I am more able to implement means of distrusting them more, like corebooting ), even though I cannot say I really trust any of them.

When it comes to hardware security, however, often what is more important is how and where you acquire a particular piece of hardware and not who produced it. For example:

• I am more willing to trust a new laptop I buy physically in-store from off a shelf than I can buying from an online vendor.
• I trust a used Thinkpad or Latitude bought second-hand from an end-consumer buyer more than I would one decommissioned from a government office or major corporation.
• I would trust a computer bought online directly from the manufacturer more than I would one bought on Amazon.
• And I can probably trust a company that provides anti-interdiction and anti-tampering services such as Purism or NitroKey more than I can trust one that does not, despite being a much likelier target for surveillance, interdiction, and tampering.

As I said before in the Lenovo trustworthiness thread, I extend “distrusting the infrastructure” to the endpoints and that includes the hardware, so I am more concerned with securing myself against the hardware on the assumption that it is untrustworthy and compromised (without any alternative) than with whether I can trust it at all. One can still want verifiable hardware security and a vendor one can trust, as I do, but the absence of that should not spell the end of one’s approach to hardware security (not that anyone is saying otherwise). So for me, I am less interested in brands and vendors, which I can trust only as far as I can throw them, and more interested in what they offer and how I can get it. Maybe that is implied in the topic question, but to me this is an important difference. Just some food for thought.

Regards,
John

Sub-discussion continuing in China vs USA in trustworthiness (category only available to long-time forum members)

It was moved as the discussion at and was getting too off-topic (and the public forum section is only for Qubes-related). Feel free to continue discussing here “Hardware brands which you trust to run Qubes”.

I think the question is not Qubes related at all, as Qubes can’t save you from bad/corrupted/compromised hardware…

An unfortunately there is no real (usable) open-sourced hardware out there - and probably newer will. So we have to make a compromise when selecting a harwdare. Moreover turst is not something measurable, and it is very much subjective.

So for me it is about tho choose the best available option in the time I buy a new hardware. But this always will be limited to you budget, and the market in your area.

I’m personally not trusting any of the vendors, but accepting the risk involved using their product.

Strongly agree. Nothing in this thread was Qubes specific and when you remove the “to run Qubes” form the subject line it is essentially the same as https://forum.qubes-os.org/t/how-can-we-ever-trust-our-hardware-supply-chain-attack/2846?u=sven

@deeplow I see you already split but in addition I think we should close down this thread or even move it in it’s entirety maybe?

I do love this thread and would like to see it continue, but not in this category.

How is this the same? Those are totally different threat models. In the supply chain attack, the company may be secure, while its suppliers are compromised. Here we discuss whether to trust companies themselves.

This is why I called it “brands which you trust”. It does not matter whether you trust the brands whose supply chain is compromised.

Fine. In any case this entire thread belongs into “all around qubes” and if I could move it I would. My point is that there is absoultely nothing Qubes specific about this thread and it’s the kind of thing we created “all around qubes” for.

Edit: I just realized that this thread did start in “all around qubes” and then was moved here by @deeplow following your suggestion. Although I disagree I do not mean to challenge that move. Let’s have it here.

https://frame.work/ … this poped up on ars today. Looks pretty nice, but there is not enough information there yet.

“Built-in hardware privacy switches give you complete control over access to the camera and microphones. Our embedded controller firmware is fully open source, and we don’t preload any extra software. You can even install a privacy focused OS on a Storage Expansion Card and take it with you.”

It seems they are focusing on repairability and longer lifetime.
But still using Intel CPU with ME included(?)
I assume they are not capable to create their own BIOS/EFI - so it will still include untrusted binary blobs from their chosen suppliers.

I Would be very surprised if the end result will just able to run Linux and supports all their hardware components…

There was several attempts to create “better” computers - but at the end, the users will choose the cheapest acceptable model on the market.
The enterprise is another question, their deals are based by political decisions only.

That’s what I see in the last 20 years - would be happy to se some changes, but…

Ivy and below Lenovo laptops are killer machines with amazing standards when it comes to manufacturing and really great support. But the argument is not about trusting Lenovo, because you obviously can’t/won’t trust Lenovo.
You trust the “community” of older Lenovo laptops, because that community has formed around quality and extensible laptops that are suitable machines for daily use and for these machines the community has cleared up BIOSes, made replacements and tested them. It’s really ridiculous the amount of modding that has gone to x220 and x230 and how many resources you can find on these compared to any other laptop model. But you don’t trust Lenovo, it could be any Company/Model combo.

On Hardware Brands for the original question, whatever Nitro will make in the future passes my standards and ofc Purism. Olimex also but no support for Qubes.

A voice of reason.

This sounds like the beginning of a misleading marketing misdirection.