Short list of laptops/desktops that work well with Qubes OS

User Support Hardware Issues
#175

the model I buy ends up working I’ll need many more units.

I see. In that case I would recommend you to download the HCL repo which contains all the reports in YML format and filter type=laptop, qubes=R4.0*, usb>1, works=yes (I don’t know how to do this with existing tools and would personally simply write a quick and dirty parser that does that. That would likely take less time than researching existing tools. YMMV)

That should give you a manageable list of computers to screen through whether they are still available to be purchased in bulk.

I suspect that whatever remains will be a quite short list. Each report has the name or alias of the reporter. You could then use the forum or mailing list to try and get in contact with folks owning these remaining machines in case you have any open question.

Please, if you end up doing the above work … share the result in the forum – it would be extremely helpful!

2 Likes
#176

I certainly will. For now, bought a 10th gen 6 core Xeon
ThinkPad P15v WS Gen 1 ( 20TRX00300 )
Thanks to Vincent for his HCL Hardware compatibility list (HCL) | Qubes OS

#177

For this reason, I’ve been considering purchasing a brand new laptop and immediately tossing it in the closet for the next 2-3 years to let it age (like a fine wine?) before it becomes my next Qubes machine. Is that perverse?

5 Likes
Qubes does not boot or is not seen
#178

purchasing a brand new laptop and immediately tossing it in the closet for the next 2-3 years to let it age (like a fine wine?)

That’s the most rational reaction I’ve heard regarding this entire topic. :slight_smile:

2 Likes
#179

I’ll add, to be helpful, that Lenovo does not accept non-US issued cards for payment when the order is to be shipped to continental US. This rules out new and refurbished Thinkpads. I would assume security conscious users don’t want unnecessary 3rd parties (previous users, computer stores, resellers) in their “supply chain”.

#180

I would assume security conscious users don’t want unnecessary 3rd parties (previous users, computer stores, resellers) in their “supply chain”.

There is an argument to be made that it would be a lot harder to target you buying from a random seller on eBay then intercepting a shipment from a big OEM or reseller.

1 Like
#181

This doesn’t strike me as helpful.

What you have said is untrue.
I assume you mean “Lenovo does not accept non-US issued cards for
payment, if the order is shipping to continental US”.
I do not know if this is true.

Lenovo uses authorised resellers in various zones.
There’s a repeated argument that a previous user/random computer store
purchase is likely to avoid any targeted attack, and therefore may be
more secure

1 Like
#182

Yes, thanks @unman, I had meant to write that Lenovo US is not accepting non-US issued cards.

This part is probably off topic but it seems that as of today I can’t order a laptop from Lenovo with a US issued card going to an address in the continental US either.

It is unfortunate that we depend on either obscure niche suppliers (System76 seem perpetually out of stock on the Lemur Pro; many have raised issues about the the Purism laptops) or a single major corporate for the bulk of Qubes compatible systems.

If I have a small biz with 9 employees in Europe and North America how do I onboard the company to Qubes efficiently?

#183

Sure, that’s a good argument. For most of us who don’t need to worry about state level actors and supply chain interdiction it is more likely that the previous owner didn’t take precautions with the device and it has picked up some persistent firmware level malware from e.g. bad USB?

#184

Looks like a question for a separate thread.

#185

I think that showing the year of hardware release would be much more helpful for all (especially inexperienced) users, as suggested in this table. The specific CPU model can always be seen in the specific laptop threads.

#186

year of hardware release

What is useful about it? How is this MORE useful than listing the CPUs?

this table

I’m curious to see if it will ever grow beyond the X230 and T430 without changing the criteria.

1 Like
#187

W530 AFAIK meets criteria, (and AFAIK you can get Heads onto W530 ‘relatively’ easily - see: https://github.com/osresearch/heads/issues/616). I’ve not abandoned the thread, I’ve just been busy & since I created it I’ve also gone down some rabbit holes of firmware - and learnt alot about the existing models (see the thread for some cool X230 hacks).

For upto Intel ME 11.x (that’s intel-core gen 7/8), there are more coreboot options (and will open-up to a 64GB RAM laptop for the list). It’s currently in discussion to change the requirements. so anybody is welcome to add to the discussion - all feedback is welcome.

EDIT:
W530 added to list @Sven

#188

W530

Unfortunately we only have a single HCL report from 2014 for the W530 and it’s for R2rc1.

If anyone is actually using a W530 with Qubes OS R4.x it would be greatly appreciated if they could send in fresh HCL reports.

It would be quite sweet as it allows for 32 GB on the quad-core CPUs.

2 Likes
Lenovo W530 (R4.1)
#189

Let us imagine that a non-technical user looks at the list of recommended laptops. The list says gibberish things like i7-3840QM, i7-10710U, i5-7200U etc. (Ok, maybe the user can guess that i7 is better than i5, but I’m not sure.) The corresponding links say even more unclear stuff. Only maybe the number of cores and CPU frequency are somewhat understandable. But aren’t all relevant things are just strictly better for newer CPUs?

#190

The list says gibberish things like i7-3840QM, i7-10710U, i5-7200U

With the exception of the Librem laptops, I believe all the other models come in multiple variants with different CPU. Some of those variants won’t work with Qubes OS. So in order for the list to be useful, we need to call out the model+CPU as a basic identification of which computer is verified by the community.

But aren’t /all/ relevant things are just strictly better for newer CPUs?

It appears to me that your perspective of the list is, that the typical user will look at it and quickly try to identify the fastest/newest/“best” option and then attempt to purchase it. This would be reasonable, if all Qubes OS users would live in places and situations that allow them to get their hands on pretty much any of the computers listed.

I believe that perspective might be better served by this thread, while at least my understanding of the “community-recommended list” is meant to be helpful to a global audience of non-technical Qubes OS users.

The most important information is the list itself: these computers will install Qubes OS without issue. In a next step the user then checks the availability of each of these computers in their region and within their budget. For the vast majority of people on this planet including journalists, activists and people living in oppressive regimes that will narrow it to very few options. Neither the Librem nor a recently released high-end ThinkPad is likely to be one of them.

#191

A post was split to a new topic: Lenovo W530 (R4.1)

#192

Thank you for this reminder.

As to whether “/all/ relevant things are just better for newer CPUS”,
this depends on what better means to you, and what you count as
relevant. Obviously.
If price is relevant, no.
In many situations, if anonymity is relevant, no.

1 Like
#193

Lenovo ThinkPad T470s with core i7, is working great too

#194

Would you mind sharing the HCL report with us? Do suspend, WiFi work well?