Novacustom V54 14" vs. Lenovo Thinkpad P14s Gen 5 Intel (Advanced Questions)

I need to buy a new laptop within the next few weeks.
After my research (that also includes brands like frame.work, hp, dell and purism) these 2 devices ended up on top of my list:

  • Novacustom V54 14"
  • Lenovo Thinkpad P14s Gen 5 (Intel Version)

I sent novacustom a couple questions but unfortunately some of the answers are different than expected.

According to novacustom, it is NOT possible to disable TPM (2.0) in the (Dasharo) UEFI/BIOS.
They even re-verified that after me pointing out there is an option “disable” (in the right of the picture) to be seen in the dasharo docs.
They don’t know why that option is there (i should contact dasharo directly regarding this) but it’s definitely not possible to disable the TPM Chip.
https://docs.dasharo.com/dasharo-menu-docs/device-manager/#tcg2-configuration

I already contacted dasharo but can any novacustom v54 owners verify that it is not possible to disable TPM? (In Dasharo UEFI)
Can anyone (owner or not) explain WHY that is? Especially since the option “Disable” seems to exist?

They also said it’s not possible to disable Measured Boot and Verified Boot.
According to my research disabling TPM 2.0 would also disable Measured Boot but if you can’t disable TPM that obviously wont help.
Also AFAIK Measured Boot and Verfied Boot only make sure the UEFI Firmware has not been compromised, in this case i would not have to disable them anyway. (Please correct me if i’m wrong)

Again AFAIK and correct me if i’m wrong:
Linux (in my case debian based distros) does not use the TPM Chip by default for anything. The user has to manually opt-in for the TPM to be used by the OS or Applications.
It’s NOT like Windows 11 “We encrypt your internal drives, you have no choice and we’re not even letting you know that we do it!”.
But still i’m not very happy with not being able to disable the TPM Chip.
Especially if i should have to run Windows (which IMHO you cannot trust anymore these days) at some point in the future - hopefully not - that would be fatal. (I know that officially requires TPM, but there are still workarounds at this point)

On the other hand i could buy a Lenovo Thinkpad P14s Gen 5 (Intel Version) for a lot less money.
On this device it is possible to disable the TPM (2.0) Chip: Lenovo BIOS Simulator Center (Select Model then go to Security → Security Chip)
You can also disable the Microphone, Camera, Wifi, Fingerprint Reader & Secure Boot in UEFI.
Unfortunately these Thinkpad always come with a Microphone and (in case of the Intel Version) Fingerprint Reader installed. You cannot opt-out of these Hardware components.

I’m wondering if it would be possible to physically remove/disconnect (cut wires etc.) the microphone and fingerprint reader on the Thinkpad? (I know you can just put tape over the camera)
Or is this not possible on a Thinkpad of this Generation because these components are part of the mainboard / you cannot disassemble them at all? (The Fingerprint Reader seems to be integrated into the on/off switch)

Let me know what you think.

BTW i’m NOT looking to run Qubes and i’m also not looking to encrypt ANYTHING.
I’m just trying to buy a computer instead of a surveillance machine.

Kind Regards,
Michael

1 Like

Hi @Michael24,

Welcome to the forum! As such your post is off-topic and only fits the “All around Qubes” category, to which you’ll only get access after participating for some time in the other (on-topic) categories of the forum.

It would make a great “All around Qubes” topic, though.

As a case-by-case measure, I’ll let the post be visible, but set it to close automatically in a few days, hoping you’ll get some quick responses.

1 Like

To specify the All around Qubes category, use this Markdown code:

#all-around-qubes

@discobot has an advanced Discourse tutorial explaining this feature, among others.

1 Like

Hi! To find out what I can do, say @discobot display help.

1 Like

Since this topic automatically closes in 9 days.
Here is the official response from Dasharo on Github:

In short it is NOT possible to Disable TPM except you re-compile and re-flash the Firmware with disabled TPM drivers yourself.

According to a Lenovo Thinkpad expert i’ve asked it would be possible to mechanically disconnect the fingerprint reader, camera and microphone but it would also disable standby on/off when you open/close the P14s Intel.

1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.