I had no idea that ps/2 ports were still on some laptops! Thanks for pointing this out. There is not one on the Framework computers for sure though. They support USB C and USB A for peripherals and an integrated headphone jack as the only non-swappable port (the Framework laptops support swapping all the ports for things such as HDMI, DisplayPort, SD card reader, etc.) It s a very cool system.
No, I am not talking about physical connectors, not about real PS/2 ports on laptop case. But about how it is connected inside. Thinkpad T16 Gen 1 has both keyboard and trackpoint connected in the way that if sys-usb hangs, keyboard still works flawlessly. Because those are not connected internally via USB at all (unlike touchpad) but in some different way, probably PS/2. Maybe your Framework has the same.
Please answer this comment of mine to understand the situation: Framework Laptop 13th Gen, Intel i5-1340P - #12 by balko
The NV41 is certified, which means functionality is tested and ensured by the dev team. It is also available from Nitrokey, which might be more responsive to your inquires.
I guess you are in a first world nation with plenty of disposable income and need to have brand new shiny hardware. Good for you.
Other people might have other needs and perspectives. Some (like me) might find it intolerable to run ME and rather take a hit in performance, some might not have the budget or opportunity to buy a new computer. This has been discussed many times.
You are imposing your needs and perceptions on everybody. Others (like me) might think X230 and T430 are the only acceptable choices. In fact, we have four tiers of hardware choices for users to choose from:
- certified (just works, the dev team makes sure)
- community-recommended (just works, the community evaluates and to a degree supports)
- HCL (positive reports may still need troubleshooting and workarounds)
- system requirements (roll the dice and make it work on your own)
(1&2) are for users who need a reasonably secure laptop now and don’t have the time, will or skill to troubleshoot and apply workarounds. (3) is for folks like you: able to reason about their requirements, making an informed decision and then do what’s need to make it work and (4) is for the brave 
4 Likes
I was not saying that old 10+ years laptops should be removed from the list, just in case you misunderstood me that way. I proposed them to be separated similar to what @fsflover proposed before.
I am concerned about modern versions of laptops in the recommended list. It has 2 options that are not easy to buy world-wide because those are not mass market options.
1 Like
I don’t think that will change anytime soon.
R4.1 (dom0) is based on Fedora 32, which in turn was released in April 2020. That means any computer newer than early 2020 will probably have some issues when you attempt to use it with R4.1.
R4.2 will be based on Fedora 37 which was released November last year.
You will always be better off using Qubes OS on a machine that is 3+ years old depending on how recent the last Qubes OS release was. We kind of joked about this before, but it’s true.
1 Like
Hello @balko ,
I just saw your comment on one of the laptops we offer.
@Sven thank you for already pointing to some of the points I am mentioning here again. To you, I would like to let you know that the NV41 Series has the ability to disable Intel ME by using the HAP disabling method. It’s a UEFI firmware option.
I do not have the certified
NovaCustom NV41 Serieslaptop, but to my opinion currently it looks a bit shady.
We are not a brand that is as big as Lenovo, unfortunately. This is why less information might be available. Still there are some important things to consider.
Despite the fact that the NV41 Series being the most sold Series of NovaCustom, there are not so many reviews about this device. This is mainly because we had a technical issue with our review system for months, which has been solved now. The NV41 Series has been reviewed at least twice:
NV41 Series 14 inch coreboot laptop - NovaCustom → tab review
Trisquel 11 on NV41PZ: First impressions – Simon Josefsson's blog
The fact that there are so few issue reports of this laptop series is rather a good thing. This isn’t a surprise, as the laptop is Qubes OS certified, meaning that the firmware is being tested with Qubes OS before every new firmware update. Likewise, each new Qubes OS version is tested by Qubes OS main developers on the laptop before a new version of this operating system is released.
You can find more details about the laptop on the Specifications tab of the first link. For example, the laptop supports S3. If you are missing any important info, I would be happy to answer your questions. You can also point me to unanswered questions if you would like.
I’m not sure if our keyboard and touchpad are initialised as PS/2 device. If anyone knows how I can check this, I would be glad to know it. Same for the USB controller and the WiFi card: I would be glad to know what output you need.
We are working on Heads integration. I suggest to join the Dasharo Users Group (DUG) online, or to visit or follow the Qubes OS Summit in Berlin in the weekend of the 7th of October this year.
4 Likes
What I and probably other possible buyers would be interested in:
- What USB Controllers connected to. The HCL says it has 3 of them, but by itself it does not mean a lot (based on Thinkpad situation). Can you please provide information about what USB devices are shown in Qubes OS (run
qvm-usb) and what exactly 3 USB controllers are connected to, including the physical USB ports on the laptop.
E.g. something like:
- USB Controller 1: two physical USB 3.0 on the left side, one type-C on the right.
- USB Controller 2: keyboard and touchpad.
- USB Controller 3: nothing.
-
About keyboard and touchpad connection as PS/2, PCI or something else non-USB. it is kind of important.
You can check it by running Qubes OS withsys-usbthat manages all USB-controllers. When you shutdownsys-usbwhat happens with keyboard input or touchpad, how are they affected? Do they still work, do they freezes during shutdown process (it may happen in case it is passed back todom0). Maybe, @Sven can provide more easy-to-understand explanation of what I am trying to ask. -
The HCL table is missing information about TPM in your laptop, it will be better to fill it, too.
Thank you for supporting FLOSS and and all.
4 Likes
I just note, that the questions about laptop specs were once again ignored by NovoCustom representative.
Not ignored, just didn’t have the time to gather the needed information until now. Why not just asking what is the status @balko? Or tag me so that I get a notification .
-
Running
qvm-usbonly returnssys-usb:2-10 8087_0026. -
I’m not sure what exactly you would need to find it out, but according to the following output of the command
cat /proc/bus/input/devices, I believe the keyboard is not USB based.
input-devices.log (4.0 KB)
- About TPM: the laptop supports TPM 2.0 only, which isn’t supported by the current Qubes OS release, but seems to be introduced for the next version: https://github.com/QubesOS/qubes-core-admin/blob/main/qvm-tools/qubes-hcl-report#L252
1 Like
@novacustom
Well, I expected you would acknowledge the questions somehow, like “Thank you, I will gather information and reply you later”. I will tag you explicitly in messages addressed to you, if it is more convenient to you.
About your reply, I am afraid you did not completely understand what I was asking about in the first two questions. In case of the first second, of course you should populate all the USB slots to understand which is which (at least it is a simple way to find out). About the second question, I explained what can be done to check if the touchpad and keyboard connection is not USB, I am not sure that cat /proc/bus/input/devices can tell it reliably (note that you did not mentioned where you run it, dom0? sys-usb?)
If you are new to Qubes OS, then maybe somebody from the Team who is responsible for testing certified hardware can answer questions about the situation with USB controllers and USB devices?
Or maybe there is an advanced Qubes OS user of this laptop on forum that can help to do it? Let me know.
@balko
Thank you for your reply and for tagging me, it’s more convenient indeed.
The commands were executed in dom0.
There are 2 x USB 3.2 Gen. 1 port (Type A) ports, 1 x USB 3.2 Gen. 2 port (Type C) with Thunderbolt™ 4 support and charging over USB-C and Display Alt Mode (up to two external displays via USB-C) as well as another 1 x USB 3.2 Gen. 2 port (Type C). The command qvm-usb returned sys-usb:2-10 8087_0026. I’m not sure if this controller is responsible for all USB ports. I don’t know how to find that out. So if you or anyone could assist me with that, I would be glad.
Of course I can populate all the USB slots, but I don’t know what conclusion you can make by doing so - what output is expected, etc.
As you see, my Qubes OS knowledge is limited, indeed. I can follow up instructions, but I don’t use Qubes OS as my daily driver, so I’m not very familiar with its environment and commands.
We outsource the realisation of the firmware and the certification. So any effort will have to be paid for and will come off development time, which is why we are cautious with this. So it would be my preference if someone could give me instructions on what exactly to run where to make certain conclusions.
Thank you for understanding.
1 Like
According to their current product page the Librem 14 “With an Intel processor you get years of coreboot development and a disabled Intel Management engine.”
So either they are falsely advertising, or they have implemented it since your post?
I think purism’s use of the term “disabled” may be quite different than
minimized and “neutralized”. If I understand correctly the Comet Lake
based Librem 14 you linked to is “disabled” via the soft-disable bit
whereas @fsflover earlier model was “neutralized”; to use purism
terminology.
c0d3z3r0’s open issue #340 ME cleaner still working for newer
platforms in the me_cleaner github appears to give more technical details.
To be totally honest I’m not sure what method purism is using on the
Librem 14 you linked to @ubersecure. Maybe there is minimal
minimization, maybe it’s just that they’re flipping the soft-disable
bit and calling that disabled.
I’d guess purism is playing semantic games, but hope I’m wrong. If you
or someone knows for sure, I hope they’ll chime in. Wish I knew more.
Best regards…
Edited
10-15-23 : Minor adjustments
1 Like
I think this is accurate:
So now I have a newer ME (version 11.0.18.1002) that is disabled thanks to the HAP bit
They invented simple words “disabled” and “neutralized” and stick to them. What’s wrong with that? IMO it makes it easier for the public to understand compared with “HAP bit”.
2 Likes
Is there an exhaustive list of devices that are used by CI for Qubes OS development? It’s natural to assume that these devices has continuous compatibility assurance, and are frequently tested against updates that has yet made their way into stable repo, so update-introduced instability is likely to be ruled out, thus may act as a list of recommended devices that should work well with Qubes OS.
1 Like
The certified machines.
1 Like
The certified machines.
The certified machines, yeah, they are regularly tested. However I believe that CI workers include but not limited to certified machines. For example, worker 9001 Qubes OS openQA: Worker hal9001:1 can be identified as HP ProBook 445 G7/8730 through its journal, but that machine is not certified.
My purpose here is to extend the list of recommended laptops / dekstops, and openQA workers are a great addition to the list.
2 Likes