As to whether “/all/ relevant things are just better for newer CPUS”,
this depends on what better means to you, and what you count as
If price is relevant, no.
In many situations, if anonymity is relevant, no.
Is getting one of the certified hardware laptops (eg Nitropad) with Qubes pre-installed ok?
The Qubes OS Project certifies only that a particular hardware configuration is supported by Qubes OS and is available to purchase with Qubes OS preinstalled. We take no responsibility for any vendor’s manufacturing, shipping, payment, or other practices; nor can we control whether physical hardware is modified (whether maliciously or otherwise) en route to the user.
I’ve heard a few people say it’s better to install a clean version of the OS yourself for maximum safety?
You can do that. You can even build your own heads version and flash it (with hardware clips if you want to be really sure). At that point however you could just as well buy a used X230 or T430 and perform all the work yourself.
The certified laptops are meant for people who are not able to do this themselves (time, skills etc.).
One can at least tweak some components as they have some kind of modular concept. Moreover, are their notebooks manufactured in Germany and their service is great too!
In my experience they work very well with Qubes OS!
First of all does it perfectly support its hardware requirements so that if you follow the standard installation procedure everything usually works out-of-the-box even “suspend” and every single 4.1 release candidate ran through without any issue at all.
BIOS settings for Intel ME are also great as they allow to easily import xen and grub efi’s - if one want to trust Intel ME to secure your boot chain of cause…
In my opinion, working sleep must be among the criteria to include in this list, especially given that Qubes OS does not have hibernation. If the machine doesn’t wake up from sleep, the standard system menu misleadingly suggests to users to loose all their data unless it’s saved beforehand.
We should go through the list and mark/mention when sleep doesn’t work for any particular machine. I am not sure I’ll get to it before the weekend, so if you want to take a stab at it…
If the user is aware that sleep doesn’t work, it won’t hinder the use of Qubes OS in any way. I’ve been using both a DELL and the Lenovo P51 without sleep for years. Sleep is a minor convenience that comes with a pretty big impact on security (in the wrong direction). So I would not support any notion to consider it “critical” or part of the “just works” criteria.
It strongly depends on your threat model. The main goal of Qubes AFAIK is to protect you from online and USB threats, and it does it very well. If you also care about physical access of you machine, you open a huge can of worms, which is likely unimportant for most users. I am not sure Qubes protects from it as strongly. Having suspend doesn’t prevent you from switching off your machine whenever you feel a threat. Most people work from home now btw.
Suspend saves a lot of time for me every single day: I do not need to open a ton of documents, windows and browsers anew and put them at the right places on the screens and virtual desktops. I wish Qubes had hibernate instead, but it seems like a big work (and not good for SSDs).
I’ll try to add as much as I can, although I disagree that such machines should be in the list.
@Sven I added “HCL reports” line to the laptop pages with links. I think it helps to evaluate which information we have and easily find it. I did not touch the certified laptops, since they do not have enough reports anyway. This technically makes them not “community-recommended” in my opinion (but I already expressed that before).
I also found that a lot of forum links in the HCL got broken after you moved posts to machine-specific topics.
My impression is that nobody understood what I mean when I suggest to separate certified laptops from developer-test and from the community-recommended in this list. Below I try to show how I see it. Feel free to ignore it if makes no sense. In my opinion such view has less clutter and more structure.
This indeed looks tidier and more systematical, no doubt at all.
But, if anyone would ask me what I’d prefer compared to CTRL+F in a HCL list is - filtering as detailed as possible, and it shouldn’t be hard to achieve that.
We all have some starting point - mine is CPU, so, first I’d choose CPU from ark.intel.com, then would search for laptops with this CPU offers to see what I could expect regarding the price, then would come back to HCL list, filtered it to chosen CPU then to all other criteria I’d like to have, then would browse for detailed specs for filtered laptops’ bios characteristics and chipsets, then would go back to ark.intel.com to check chipsets, then would try to find reviews on a notebookcheck.com, and then would try to check availability, and at the end I’d insist to enter bios and to start Qubes installation from USB flash.
So, as can be seen, at least for me, HCL list is not crucial, but is more a supportive spot that I made a proper choice.
Once filtering is present, it is less important for me how the table itself is organized…
Pretty good @fsflover, also, while we might be at it, a section that properly addressed DIY or self-built systems might be nice. Note that currently a lot of DIY gets shoved into Motherboards & any future DIY should probably focus on motherboard/CPU/GPU combo as there really is about a tri-fecta of core components with independent manufacturer & model names which provide the core details for someone looking at HCL. I’m thinking about posting further on the associated topic of more info from installations (HCL inclusion of select portions of lspci outputs) as pertains to bridged devices & how to help everyone be more prepared for the Qubes installation process (fight?).
I won’t quibble with you much @fsflover but, as of this date/time, the link (which is a closed thread) which you provided has a single entry for Desktop & that entry is decidedly not a DIY. Proprietary/commercial offerings that are repurposed as Qubes systems is not what I meant. But I understand, this is a topic that isn’t likely to go anywhere - mostly to put a cross on the T, dot on the I, you know. I was also likely pointing back at the HCL as much as anything.
@kysstfafm, as far as the HCL goes we have the following classifications:
The first three are in my understanding for off-the-shelf (NOT DIY) systems, while the last covers all DIY systems. I have tried to catch all DIY systems that are currently listed as desktop and move them into motherboards.
I am one of the HCL maintainers and want to clean this up. I’d appreciate if you could point out to me all the systems that are currently misclassified. You can respond here or send me a PM, whatever you prefer.