I'm upgrading from a t430 to more modern hardware. The NitroPad NS50 or NV41 seem perfect. Here's my thoughts on them and some questions I had

When I first bought the Thinkpad T430, it was because I wanted a cheap laptop that I was sure wouldn’t give me any issues with qubes, and wouldn’t have wasted lots of money had I decided that qubes wasn’t for me. Since then I installed qubes with heads and after using it as my daily driver for a while now everything has been working great! However, the T430 is definitely showing its age and so I’m doing research on a more modern laptop. I like both the NS50 and NV41, and I’m probably going to go with one of those two in the end.

I use my laptop as a desktop computer 95% of the time, but I still want the portability that a laptop has which is why I don’t want a desktop. Because of this, the NV41 would’ve been my first choice due to its smaller form-factor. The only issue I have with it is that it doesn’t come in black (only grey). This is kind of more of an issue with me as it might seem to you, but I really wish it came in black. I know I can buy vinyl decals to change the color but I’d really rather not.

From what I can tell, the NS50 is pretty much the same as the NV41 except it’s in a different color and has a 15.6-inch screen rather than 14. My computer is either on or off, never in suspend so the s3 suspend resume problem on the ns50 is not an issue for me.

According to this I would be able to change the keyboard lighting on both. Also, according to the HCL reports both of the laptops have 3 usb controllers (please correct me if I am wrong), so there won’t be a problem with using an isolated usb keyboard qube.

Another great thing about the laptops is that they feature the power button on the side. Does anyone know if this means that I can power on the laptop without having to open the lid? I’ve always had my laptops on a vertical stand and hated having to lift it out, open the lid, and push the power button before placing it back just to turn it on. This way I can just press the power button without having to take the laptop out. Although if the NS50 and NV41 are built so that powering on isn’t possible while the lid is closed, I would have to take it apart to remove the magnetic switch that most laptops use to sense when they’re closed and hope I didn’t mess anything up.

I also want to buy the laptop from Nitrokey without the logo and just have a blank lcd back cover. Is this possible? These laptops come from the original manufacturer without any logos and there are other businesses offering these devices along with thier other variants with no logo or even allow you to have a custom-made one (but without qubes or heads). I don’t know if I can buy one from Nitrokey like this, but I’ll send them an email too. It seems I would be able to buy the back cover online and install it myself but I don’t want to do this. I broke the clips off of my old thinkpad taking it apart to flash the bios and had to buy a new casing for it. I don’t want that to happen on this new laptop.

I also wanted to know what the usage of the thunderbolt port was like in qubes, and what the hardware configuration of the usb controller responsible for the thunderbolt port was like on the NS50/NV41. I am assuming they would have the same configuration. I don’t like how I need to have multiple cables for my current setup. Right now I have the charging cable, a combined cable for keyboard and mouse, the display cable for the external monitor, and a short usb extension cable that I am using so the usb port on the laptop doesn’t wear out or get damaged. I know I would always need a separate usb controller for flash drives but it would be great if I could really just use one port for power, display, and input. The best-case scenario for this would be if qubes saw the display as separate from the input device. This way, I should have no problems using a usb keyboard vm while still being able to have the display output to my external monitor. However, I don’t think this is likely to be possible because of needing to pass the entire controller to the vm. I wanted to know for sure.

On the other hand, I am uncertain that a usb keyboard vm is even needed at all. I would not be using the thunderbolt port for anything else other than power, display, and input. Because a compromise of the usb keyboard vm is equivalent to a complete compromise of dom0 I think I should just be able to leave the thunderbolt port connected to dom0 without any loss of security, right? Again, I would need more information about how this controller is configured in the hardware to really know. If this controller is connected to additional ports it would also be something to consider.

So basically, what I wanted to know was:

• Can power on the NS50/NV41 without having to open the lid?
• Can I buy the NS50/NV41 from Nitrokey with a blank logo?
• What is the exact hardware configuration of the thunderbolt controller?
• Do I even need a separate, dedicated vm for input devices in my situation?

I would much appreciate it if anyone have more information about any of this. I’m also interested in hearing your thoughts too.

Could you just cover the NitroPad logo with a sticker?

That or buy one of the blank ones from elsewhere and install Qubes, Heads and Coreboot to them once you get them (I assume you installed Qubes yourself on your T430).

The NV41 does have 3 USB controllers, yes, but setting up a separated USB keyboard may not be trivial. One controller has the camera, bluetooth and at least the two USB Type-A ports, one has the Thunderbolt-4 port and the other one I’m not sure about, but it probably has the other USB Type-C port. I’m limited in my testing by lack of appropriate devices and cables, but I have not gotten either USB Type-C port to work so far. For the TB4 port it’s to be expected, as QubesOS does not support PCI hotplug, so you’d have to plug everything in before booting, which I don’t want to test; the other port, however, is supposed to be a normal USB (type C) port and should work like the type A ports, but again, the problem in testing might be that the device I was testing is malfunctioning or not compatible or something as it’s really old and I don’t have any other compatible device / cable combination right now.

Sadly no (NV41).

I don’t think so, but you can buy the NV41 from NovaCustom, who are also offering Heads integration (check “Firmware options”)…they offer one more year of warranty and far more customization options than Nitrokey, including no logo.

The NV41 power button is on the right side, I tried to power it on with the lid closed and it worked

I received one today and I’m writing a review at the moment, I hope to make it available for next week

Hmm strange, maybe once I update the firmware the behavior will change; are you using Heads or “normal” coreboot?

I look forward to reading the review to see what I have missed

Normal coreboot

However I don’t get the use of powering the laptop without the lid because of full disk encryption blocking the boot process anyway ?

I think I get it now: @excitts wants to be able to use a usb keyboard and mouse and an external screen from boot, so that the laptop doesn’t have to be touched at all (except for pushing the power button).

I also tested it again on my NV41: the power button does work if the laptop is plugged in (power), but not if it should boot on battery, in which case the lid needs to be open when the button is pressed.

Thanks! Yes, @Bearillo is right, I want to just be able to press the power button and be able to use kb/mouse from boot.

I think I’m going to get the NovaCustom one then. For nitrokey, I don’t think there’s an option to buy just the laptop without the nitrokey. I also don’t think I really mind having the USB Type-A ports on the same controller as camera and bluetooth since sys-usb isn’t going to have anything installed to be able to make use of camera or bluetooth functionality so it should be safe. Wondering about the Type-C port though. I’ll wait for @solene 's review.

what do you want to know exactly about it? If it’s on a separate controller?

I’d also like to hear about it, specifically if it works on your machine at all (hotplug) and if it’s on a separate controller (same with the other type-C, which is the thunderbolt port and definitely seems to be on a separate controller).

Ok, so there is a single device named “Intel Corporation Alder Lake PCH USB 3.2 xHCI Host Controller” that holds:

• the two usb 3.2 type A ports
• the two usb type C ports
• the webcam
• the bluetooth device

I used an usb-c dock on both usb-c ports, it worked fine, and USB devices plugged on the dock appeared as separate USB device in the USB applet.

If I started sys-usb only with the thunderbolt devices, my USB-C dock only showed its ethernet device, but it was also shown with the other usb device, that’s surprising, but anything else connected to it isn’t recognized at all.

Let me know if you want to me to test something else.

I don’t know the NS50, but the NV41 is really quiet and don’t burn my lap even when loading it to the maximum, the cooling is impressive (if this is an important feature for you)

Thank you for the update!
Can you clarify that you hotplugged the dock as well, so plugging into a running QubesOS or did you only test with it plugged in before boot?
Also: you still see three different USB controllers in dom0’s lspci, though, right? Do I understand correctly that you think the two, which don’t hold the camera etc., are both for thunderbolt? In my lspci it shows like this:

00:0d.0 USB controller: Intel Corporation Device 461e (rev 02) (prog-if 30 [XHCI])
	Subsystem: CLEVO/KAPOK Computer Device 4041
	Flags: bus master, medium devsel, latency 0
	Memory at 80840000 (64-bit, non-prefetchable) [size=64K]
	Capabilities: <access denied>
	Kernel driver in use: pciback
	Kernel modules: xhci_pci

00:0d.2 USB controller: Intel Corporation Device 463e (rev 02) (prog-if 40 [USB4 Host Interface])
	Subsystem: CLEVO/KAPOK Computer Device 4041
	Flags: fast devsel, IRQ 17
	Memory at 80800000 (64-bit, non-prefetchable) [size=256K]
	Memory at 80874000 (64-bit, non-prefetchable) [size=4K]
	Capabilities: <access denied>
	Kernel driver in use: pciback
	Kernel modules: thunderbolt

00:14.0 USB controller: Intel Corporation Device 51ed (rev 01) (prog-if 30 [XHCI])
	Subsystem: CLEVO/KAPOK Computer Device 4041
	Flags: bus master, medium devsel, latency 0, IRQ 23
	Memory at 80850000 (64-bit, non-prefetchable) [size=64K]
	Capabilities: <access denied>
	Kernel driver in use: pciback
	Kernel modules: xhci_pci

Which is why I thought that only one was a thunderbolt controller…maybe next week I’ll just buy a cable for testing my type-C ports…

Yes, if you take a look at the devices in a qube settings, it’s easier to read IMO,

Using the thunderbolt controllers only in sys-usb, that doesn’t work when i hotplug it indeed. If I connect it at boot, I have my ethernet device of the dock (and only that, I don’t know if the rest is available to be honest, that’s a bit harder to test…) for passthrough in sys-usb. But in this situation, if I connect an usb mouse to the dock, it’s not seen, so I guess that only work for some components of the dock.

The ethernet card of the dock is also seen on the regular usb controller though (along with usb stuff connected to it and the multi card reader). So maybe the thunderbolt controller is selective

So… this basically means that everything is connected to a single usb controller? Damn.

Yes

I think I remember reading somewhere on this forum that docking stations add usb controllers, maybe I could do something with that. I don’t really need the dock to work when hotplugged either.

I have a dock that uses a single port. I would like to have it working when using a separate keyboard/mouse qube. And still be able to use a separate controller for flash drives.

I tried an USB-C dock, as stated above:

• connecting it with sys-usb holding the USB controller, the USB A ports of the dock are working but not seen as a new controller
• connecting it with sys-usb holding the thunderbolt controller, the USB A ports of the dock aren’t working, only the ethernet port is working

I double checked, by running a qube with the thunderbolt controller attached, rebooting (otherwise it’s not recognized), there is no new device in the controller list, and connecting usb devices on the dock triggers absolutely nothing in dmesg output