I’ve decided that I am moving away from the apple Eco-system. I am currently looking for a laptop to run Qubes on as I am in favor of maximum security after being exploited in the past.
After reviewing the supported devices, I seem to have decided upon:
If you’re set on Qubes or your threat model requires it, I’d recommend a T480 with 32-64GB RAM. Qubes won’t prevent you from getting exploited but may help mitigate being exploited. I’d actually recommend against Qubes if you’re planning to consume video. It might be better to run a “regular” OS and learn good security practices instead.
on 16GB, if the system overloaded, In my experience MS Teams video conference calls cause the whole system lag, audio, choppy and your own voice because choppy too.
I would recommend a 32GB machine, if you can find it.
Isopropanol doesn’t damage the ThinkPad rubber coating, it’s normally what people use to clean them.
If the chassis is damaged and needs repair I wouldn’t buy it, it’s most likely not possible to repair the chassis, and it could mean there is damage to the electronics as well.
Both the T480 and T480s works with Qubes OS, the T480s is slightly smaller but the T480 can be upgraded to 64 GB memory.
@FollowTheRabbit If you’re after the “maximum security”, I would suggest a laptop supported by the opensource BIOS firmware like coreboot. Preferably a laptop without the ME/PSP “hardware backdoors”. I.e. the quad-core AMD Lenovo G505S , when fully upgraded (16GB of RAM etc.), may be suitable for your needs: it is supported by this opensource BIOS, doesn’t have ME/PSP at all, and doesn’t suffer from 20+ Intel-only vulnerabilities like Meltdown and Zombieload (for which the performance-crippling patches are required and even have to disable the Hyper-Threading)
I have P50 based on Xeon, one of my favorite laptops.
But i cant recommend it. I bought this laptop on well known marketplace and year ago it stop working stable (shutdown itself randomly). Change bios/cmos/ssd/nvme/memory/power supply didn’t help.
For your tasks best possible Qubes laptop is x330 from xyte.ch
Its more portable and have all benefits : 1080p/2k screen, 4 core 8 threads, heads/coreboot and classical ibm keyboard, ax210 wifi (you can also attach airpods) and nvme mod.
(one only disadvantage - custom eDP cable and the stock cooler is noisy - but it possible tuned too)
This is an interesting choice from a security perspective, but I have found my G505S to be rather slow (I use it as a file server now).
My daily driver for Qubes 4.1 is a Thinkpad T14 Gen1 Ryzen 4750U, and it seems this model got “lucky” with firmware updates fixing the system timer bugs plus CPU frequency scaling works, too. The only thing I would not rely on working with Qubes at this point is suspend/wake. Oh, and it is pretty fast…
@tasket Did you upgrade your G505S with 16GB of 1600MHz CL9 RAM ? It really means a lot here…
If more power than G505S is desired without sacrificing any security - and a desktop isn’t out of a question - you can go with the other coreboot-supported AMD boards like A88XM-E (with A10-6700 or A10-6800K) or even KGPE-D16 with two of 16-core Opterons, for a level of security even slightly better than G505S
Otherwise, if you really need a more-powerful-than-G505S laptop for Qubes, may pick the fastest coreboot-supported laptop regardless of ME/PSP status - at least it should give you the much better firmware security than the sloppily-coded proprietary UEFIs, and you could also do the stuff like “me_cleaning” as an extra measure. Haven’t checked for a long time, maybe there are coreboot-supported AMD Ryzen laptops by now (yes, with a PSP, but hopefully still better than Intel)
