A concluding remark from my side:
Sorry, I shouldn’t have called someone a clown!
I don’t like this “clever” way of being quoted out of context and twisting what I was saying instead of exchanging arguments. Of course, the questions I was asking have been ignored.
That being said, I encourage everyone who is seriously interested in flashing different thinkpads with coreboot and have helped people in the past. But I also think it is important to at least tell people what they are getting into.
In my experience “flashing coreboot” (meaning everything that has to be done) for someone who hasn’t done this before has been rather a matter of days than hours even with the old models that don’t have to be completely disassembled. Of course, you’d need a bunch of tools to begin with, most of which can be bought cheaply but they add up to the costs as well and for example the quality of a SOIC clip varies and can contribute to being successful or not.
Reading out the BIOS chip with a very cheap clip can be very frustrating.
The Nitropad adds Heads and neuters the Intel ME (as far as I know they use two ways combined: setting the bit to disable and overwrite parts of the binary blob), as well.
I don’t know if coreboot is write-protected there which would add security because you’d need to access the chip in order to change anything.
If you add coreboot yourself you can decide to leave write-protection and then you can flash the latest coreboot internally from your OS.
Yes, these security focused laptops are expensive and you can do the measures yourself but where there is a market people can choose. There are often developers involved and part of the money will help in the process. I think there is no need for dubious insinuations without proof.
Thank you for all your answers! I think I will go for NitroPad because my time is unfortunately too limited to do everything by myself. I hope this company can be trusted but I would probably never know.
What do you think about new version that they started selling about two months ago, i.e. NitroPad T430. I don’t see it on Hardware Compatibility List on QubesOS website to be fully supported with in most configurations. I wonder why they haven’t added it to the supported list. Do you know whether there is any ongoing QubesOS certification for NitroPad T430?
I also wonder whether I should provide Polish characters in personal information for PGP key or better to replace them with English characters.
What do you think about new version that they started selling about
two months ago, i.e. NitroPad T430. I don’t see it on Hardware
Compatibility List on QubesOS website to be fully supported with i7.
The HCL contains multiple ThinkPad T430. There is an i7 version with
R3.2 and there is a i5 version with R4.0
I wonder why they haven’t added it to the supported list.
It’s a great idea, I hope they read this. Also: if they offer it with
Qubes 4.0 pre-installed it stands to reason they have tested it. But I’d
ask them before buying.
This sounds like big news, because as far as I understand it’s now possible to install Heads on the T430. The T430 can come with a quad processor, which should be significantly more powerful than the best x230.
Looks like ill get a T430 and put heads on it and do the guide then. Given theres a “t430-flash” variant of heads, then its likely the t430 has the same SPI ROM setup as the x230 so it should literally be the same as the x230. But ill know more once ive done it.
FWIW - I never understood why Nitropad offers the T430 with 3840QM - the other processor options (and I believe the hardware for cooling) are all 35TDP. Whereas 3840QM is 45W TDP. Does anyone have any experience with using the 3840QM in a T430 under heavy loads?
The Moderator moved a similiar discussion of this subject onto . . .
You want to look at 1vyrain
and to use Core Boot and then later HEADS, Git Hub Skulls
Skulls, is meant to install the latest version of Core Boot automatically with using Skulls.
As you notice from the Skulls webpage, One of the issues is neutralizing the part of the Intel Management Engine which allows Intel to Remotely, and without my knowledge, change the basic firmware of the computer. Like steal passwords, watch what I am doing, and so on.
Flashing the Intel ME requires opening the case, and some hardware items to Flash. Not as cheap as 1vyrain, buying parts, waiting for them to arrive.
Some of these kinds of discussions might be better at;
yes am aware of the use of the GPU pipe in non-GPU machines as a kind of heat soak but if there is a GPU in use (or laptop is operating in a warmer environment) I would expect thermal issues. I will be testing it out as ive ordered to 3740QM to drop in and run some benchmarking with the specific combo of 45wTDP + Heads + QubesOS
I do have a T430 with a 3840QM (45W TDP) and the GPU-heatsink in a non-GPU laptop.
I’m running Ubuntu on it, not Qubes, but I do run into thermal throttling scenarios where video playback becomes almost impossible.
I have liquid metal thermal paste (conductonaut) on it, and thought that this might be enough, but it does not seem so. I’ll still have to check whether the paste actually makes good contact with the heatsink…
Not having read all here I’ll post for the first time anyway!
Getting Qubes up & running has been perhaps the greatest experience since I first got started with Suse in 98, and then VMware around 2000.
For the first time ever I have a realistic chance of compartmentalising all my apps, users, needs and tracked identities.
My main goal is simply to get way more privacy than I have now, I should have no powerful adversaries that I know of.
So getting an old X230 paid cash here in Asia & then installing worked very well - and I’m into really learning how to use Qubes the right way.
I totally would have bought a Nitro X230 instead if Bitcoin had not given back a little, might still do so later just to be able to compare
It is super important that services like this exist. Although I can figure out most in terms of both hardware and software myself this is not what I prefer using my time for.
What I totally will spend a lot of time doing is to get used to sorting all my activities into the right Qubes, as well as getting all my kinda important apps installed in my own templates and so on.
Leah has a bad reputation for failing to deliver, failing to refund, and poor supply.
Her delivery times are as nebulous as Purism.
I would avoid minifree at all costs.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
Tiny update: the X230 died this winter, probably the graphics card didn’t like me often leaving it running for longer periods…
Got a very good deal on another X230 this week, with i7 and an extended battery. So for now the disc of the first one is running just fine, although it is 4.0.
Will probably just install 4.1 on another disk & then migrate the qubes, better than maybe missing some config or settings that should be different.
Also I’ll look into ways of monitoring & limiting temperature, don’t want to wreck an i7…
Btw, can anyone tell me what advantage does picking the option Wifi + Bluetooth Atheros AR9462, ath9k) provide? They seem to charge +25 EUR for that modification. Are these hardware working better than the default Intel, Broadcom hardware? Do they have free software firmwares?
I don’t think anyone has issues with the default hardware on x230
The issue is that the Atheros has free firmware,and is often
swapped in for that reason. (You have to replace the default BIOS to e
able to do this.)
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
Do you know if NitroPad comes with this done by themselves? Or would I need to manually do the BIOS thing in order to take advantage of the the free firmware that Atheros has?