Nitrokey has miniPC w/no IME, and Qubes preinstalled

Announcement here: NitroPC - Powerful and Secure Mini PC

  • Intel Core i7-10510U processor
  • Disabled Intel Management Engine
  • Pre-Installed Qubes OS

Looks interesting…

1 Like

Great.
It has no built-in keyboard and we would need a USB keyboard.
Is there any way for being protected from BadUSB?

Wonder if a USB adapter on a PS/2 keyboard would work…

By using exclusively a different USB hub via sys-usb. By the way, how many USB hubs does it have?

Maybe the keyboard itself will be safe, but the problem with other devices will persist: USB Devices | Qubes OS.

Specs say:

USB: 4x USB3.0, 1x USB 3.1 Type-C, 2x USB2.0

Looking at the case configuration it has ports on the front and back, so I assume there would be different hubs involved for that.

This is not necessarily true. In Purism laptops they have USB ports on two sides, but only one hub, which is a pity.

I have no more insight into this PC board beyond what is provided by NitroKey on their site. Would it be possible that they are providing USB 2, 3, & 3.1 on one single hub? Might they have separated these? I’m just making assumptions…

Recently, I purchased one of these devices (barebone, memory and ssd added on my own) and now I’m on the way to learn using Qubes with it.

Anyone else using the same device?

It certainly is possible. I’m currently working on my new Qubes workstation with pretty much similar specs (Lenovo ThinkCentre), and it has only one USB controller. This workstation has PCIe expansion slots available, so I’m purchasing additional USB controller.

Based on the image above, the Nitrokey PC doesn’t have PCIe slots.

But I’d be amazed if they didn’t take this into consideration, so it might just have more than one controller. PS/2 is dying breed anyways, it’s hard to find good keyboards and new mechanical keyboards don’t “speak” PS/2. So I think any modern Qubes wks should have at least two USB controllers.

2 Likes

This is the actual lspci output created using Qubes 4.1 Beta:

[salevajo@dom0 ~]$ lspci
00:00.0 Host bridge: Intel Corporation Comet Lake-U v1 4c Host Bridge/DRAM Controller (rev 0c)
00:02.0 VGA compatible controller: Intel Corporation CometLake-U GT2 [UHD Graphics] (rev 02)
00:04.0 Signal processing controller: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem (rev 0c)
00:08.0 System peripheral: Intel Corporation Xeon E3-1200 v5/v6 / E3-1500 v5 / 6th/7th/8th Gen Core Processor Gaussian Mixture Model
00:12.0 Signal processing controller: Intel Corporation Comet Lake Thermal Subsytem
00:14.0 USB controller: Intel Corporation Comet Lake PCH-LP USB 3.1 xHCI Host Controller
00:14.2 RAM memory: Intel Corporation Comet Lake PCH-LP Shared SRAM
00:17.0 SATA controller: Intel Corporation Comet Lake SATA AHCI Controller
00:1c.0 PCI bridge: Intel Corporation Device 02bf (rev f0)
00:1d.0 PCI bridge: Intel Corporation Comet Lake PCI Express Root Port #10 (rev f0)
00:1d.4 PCI bridge: Intel Corporation Comet Lake PCI Express Root Port #13 (rev f0)
00:1f.0 ISA bridge: Intel Corporation Comet Lake PCH-LP LPC Premium Controller/eSPI Controller
00:1f.3 Audio device: Intel Corporation Comet Lake PCH-LP cAVS
00:1f.4 SMBus: Intel Corporation Comet Lake PCH-LP SMBus Host Controller
00:1f.5 Serial bus controller [0c80]: Intel Corporation Comet Lake SPI (flash) Controller
01:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)
03:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/980PRO```

This is the actual lspci output created using Qubes 4.1 Beta:

[salevajo@dom0 ~]$ lspci
00:00.0 Host bridge: Intel Corporation Comet Lake-U v1 4c Host Bridge/DRAM Controller (rev 0c)
00:02.0 VGA compatible controller: Intel Corporation CometLake-U GT2 [UHD Graphics] (rev 02)
00:04.0 Signal processing controller: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem (rev 0c)
00:08.0 System peripheral: Intel Corporation Xeon E3-1200 v5/v6 / E3-1500 v5 / 6th/7th/8th Gen Core Processor Gaussian Mixture Model
00:12.0 Signal processing controller: Intel Corporation Comet Lake Thermal Subsytem
00:14.0 USB controller: Intel Corporation Comet Lake PCH-LP USB 3.1 xHCI Host Controller
00:14.2 RAM memory: Intel Corporation Comet Lake PCH-LP Shared SRAM
00:17.0 SATA controller: Intel Corporation Comet Lake SATA AHCI Controller
00:1c.0 PCI bridge: Intel Corporation Device 02bf (rev f0)
00:1d.0 PCI bridge: Intel Corporation Comet Lake PCI Express Root Port #10 (rev f0)
00:1d.4 PCI bridge: Intel Corporation Comet Lake PCI Express Root Port #13 (rev f0)
00:1f.0 ISA bridge: Intel Corporation Comet Lake PCH-LP LPC Premium Controller/eSPI Controller
00:1f.3 Audio device: Intel Corporation Comet Lake PCH-LP cAVS
00:1f.4 SMBus: Intel Corporation Comet Lake PCH-LP SMBus Host Controller
00:1f.5 Serial bus controller [0c80]: Intel Corporation Comet Lake SPI (flash) Controller
01:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)
03:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/980PRO```



Single controller - what a shame

1 Like