I’m looking for a compacted, travel friendly mini computer that runs Qubes. Aside from the Purism Mini, any other candidates?
I use a Protectli Vault. Was easy to install and no problems so far. Its pretty heavy though so may not be a consideration for lots of travel.
I am running an Intel NUC11. It’s roughly 10 x 10 x 5 cm or 4 x 4 x 2 inches if my micrometer eyeball and memory work right.
https://forum.qubes-os.org/t/intel-nuc11tnhi7
Edit: 117 x 112 x 54 mm (length x width x height) so my eyeball isn’t too bad.
1 Like
1 Like
Is the IME disabled on this hardware?
Yes.
1 Like
The Nitrokey appears to have some other advantages over mine (like having an audio jack) but WOW by the time I configure it with the same RAM and the SSD I use for a “local” split veracrypt pool (and an intermediate backup area–off the “main” disk but not off of the box) it’s expensive. (And I haven’t even included the cost of having them install Qubes for you…I figure you will do that yourself.)
If you can find the RAM and the second SSD elsewhere (or you don’t care about the second SSD), I’d have to say you’d be better off with the NitroKey.
I haven’t compared the two boxes’ CPUs–I could never figure out Intel’s “code” since they stopped calling them Pentiums. But you’re going to want as much power as possible because I know you probably run a lot of VMs.
it’s expensive
You can buy the PC bare bone and get components elsewhere. Theoretically, you could also buy the original mini PC from China and flash Coreboot yourself but that requires an external flasher. That may result in an ever cheaper version but you must be a hardware ninja 
the second SSD
I would not recommend that. Those mini boxes get pretty hot quite easily, so adding more stuff inside adds even more heat. A standard laptop cooler under the box is a good idea IMO. For more storage use e.g. a USB hard drive docking station with all the drives you need (HDD or SSD). Then you can move your data easily too.
2 Likes
Maybe:
Sorry, just seen this. Yes, its disabled by default.
Nitro has a x230 laptop with HEADS that is perfect for Qubes.
I dont think any SBC or “mini” computers take Qubes very well.
I wondered like you about SBC. I wanted to find a non-Intel cpu sbc that had equivalent power. AMD Ryzen seemed like a good bet (that was before I found that AMD could be EMPed also).
+Does Udoo bolt v3, v8 work?
+Odessey x86 J4105?
There are Intel Celerons that might work.
+Rock Pi X
+Latte Panda Delta
What I really want to try someday is a CPU architecture way outside the “box” like RISC X. That’s years from now. Virtualizing systems like Qubes really only work with Intel powerhouse whether you like it or not. But with ME neutralized, is that really so bad?
@qubist You have the perfect user name by the way. #quban Haha!
I know so! How many kinds of computers have you tried installing on? Qubes is very particular. Heard about the “Qubes Certification” criteria, the HCL (Hardware Compatibility List) and YAML that can be generated from the specific hardware?
Kernels are tuned to the CPU and then there are particular drivers for the peripherals. You also have to have a type of CPU that can virtualize (such as Intel VT), is 64 bit, has instruction sets like SSE2 (for tor), etc.
Qubes also likes a lot of RAM. Multiple VMs running at once can crash it.
I also like TAILS OS. With TAILS, you want the most mass produced, unconnected serial or designator not associated with your identity sort of modern computer. Qubes also can get stronger with updates over tor through Whonix which is keen on anonymity. Now I’ve occasionally wondered, when there is hardware probing or profiling going on, probably the ideal is to have non-unique hardware just like you would want a non-unique browser fingerprint. SBC and mini computers would have to be tailored and specialized to meet the system requirements so they should be rather uncommon at the hardware level. How much information can leak out about the specific characteristics of the hardware from digital connections made by OS software? Maybe not enough to harm the system. Maybe enough to defeat that system’s threat model and purpose. But an SBC or mini is very convenient in terms of portability and economics.
@qubist You have the perfect user name by the way. #quban Haha!
I know so!
How? Please share your experience because when you say “any mini computers”, this implies no mini computers work well with Qubes OS.
How many kinds of computers have you tried installing on?
One.
mini computer put me back in the 80:s 
Although SBCs on the market today are NOT “old” (contra @_pitch) and could be the latest tech, they are resource minimalistic. They are meant for IOT, embedded, robotics, lite computing. That is why they are inexpensive. They can be assembled into clusters, however. Some CPUs are just multiples of Intel Atom cpus. A CPU can be composed of smaller CPUs (cores) with multiple threads (~virtual cores/cpus). I wonder if a cluster of SBCs could be integrated to approach the computing power required for Qubes. There are only a handful (some mentioned in my earlier post) of SBCs with a single socket physical CPU that has enough power. Intel Celeron probably almost could do it as well as AMD Ryzen. Any CPU smaller than that and Qubes isn’t going to work. Xen needs VT. Making VT out of a cluster of CPUs requires very advanced compsci knowhow.
One of the security advantages of small like an Atom is that it doesn’t have ME (@Emily) in it. No need for ME cleaner or Coreboot configurator. It would be a cool project to see if someone could cluster Atoms together, make a generic “homebrew” VT (like Coreboot: “homebrew” as in not corporate proprietary but still from Federal labs), and then see if Xen could run on top of it.
My recommendation is to try an AMD Ryzen (Udoo), which wont have ME in it but is the same class of processor as the i7 Intels that work well with Qubes.*Xen is apparently incompatible with Ryzen.
Some of the other respondents are providing links to mini desktops, basically a laptop without the peripherals attached. Those are nice and portable but why not just get one of the certified laptops?
These generalizations don’t answer the actual question.
Anyway, I did my best to answer the thread title, so I can’t contribute further.
@qubist I am very specific, absolutely precise at times. You cant be talking to me. Someone had a slave “for the (contrived, rigged) moment” so now everything has to be of no significance that is all. Ask @Emily if the question is answered. SBC is how I interpret “mini computer.” If not, dont bother and get a certified $1000+ laptop or a thinkpad like the x230 + external programmer and HEADS since she doesn’t want ME.
How about this for specific?
IBM x230 (Qubes Certified) has an i5 and this SBC has an i7. Should work.
Gizmo board bobcat AMD x86 might work if Qubes wasn’t biased towards Intel. Maybe someone can tell me why. Intel definitely seems to favor enterprise rather than libre/FOSS.
Topton s600! 12th gen i9, plenty of cores, cheap and runs perfect!