I came across a laptop that had every requirement for running Qubes OS, even all the recommended except TPM and the look and layout was like made for me. So I’m now struggling with finding answers for how much would I give up with not having a TPM.
I’ve read even some articles that all new computers have TPM, so it is really confusing.
I’m talking about SNUC Book, (Note: Nemesis and Cobalt are different with just OS, and the two options are different with just a dedicated GPU, everything else is the same) Unfortunately there is not a precise description of the product that I could go over.
Second option for me would be Toughbook 55 with TPM 2.0, but they are really expensive and draw too much attention, so I’m still searching qubes/hcl and trying to find laptop I would like.
If you have any info that could help me I would be flabbergasted and happy. Thank you.
I came across a laptop that had every requirement for running Qubes OS, even all the recommended except TPM and the look and layout was like made for me. So I’m now struggling with finding answers for how much would I give up with not having a TPM.
I’ve read even some articles that all new computers have TPM, so it is really confusing.
The TPM is what allows “Anti-Evil Maid” (AEM) and similar boot
protections to work, so the core question here is: is someone with
physical access tampering with your machine in your threat model?
Alternatively, do you dual boot and are worried about the other OS
manipulating your boot record.
I would also note that most TPMs these days are TPM 2.0, which is not
supported by AEM, so even with a TPM, you may not get the benefit unless
you configure it yourself.
The TPM and AEM would help alleviate this, but you also need to ask
whether this is within your threat model.
Qubes on second SSD for everything else. (Since Qubes is probably good OS for games using Nvidia)
Not sure what you mean about Qubes being good for games. I’d say that’s
exactly the thing Qubes is worst for. Nvidia drivers making even that
harder.
Dual boot could compromise my data within Qubes ?
If the attacker couldn’t break into your Qubes system, but could break
into your other OS, unless you have some kind of boot device security,
they would be able to alter the kernel/Xen image of Qubes and gain
access to Dom0. This is not an easy attack, but is possible.
The more simple solution is to remove the Qubes SSD when you boot into
the gaming OS. Doesn’t solve firmware attacks, but you have made life
drastically harder for the attacker.
I’m just staying in United States and European Union countries and Switzerland
I think right now I’m not at risk of somebody with high-end skills to physically break into my computer
This is the answer. If you don’t worry about this, it is outside your
threat model, meaning that aside from the dual boot question, you don’t
need the TPM.
and 