The NitroPC Pro is Qubes-certified!

News
1

It is our pleasure to announce that the NitroPC Pro is officially certified for Qubes OS Release 4!

The NitroPC Pro: a secure, powerful workstation

The NitroPC Pro is a workstation for high security and performance requirements. The open-source Dasharo coreboot firmware ensures high transparency and security while avoiding backdoors and security holes in the firmware. The device is certified for compatibility with Qubes OS 4.X by the Qubes developers. Carefully selected components ensure high performance, stability, and durability. The Dasharo Entry Subscription guarantees continuous firmware development and fast firmware updates.

Photo of NitroPC Pro

Here’s a summary of the main component options available for this mid-tower desktop PC:

Component Options
Motherboard MSI PRO Z690-A DDR5 (Wi-Fi optional)
Processor 12th Generation Intel Core i5-12600K or i9-12900K
Memory 16 GB to 128 GB DDR5
NVMe storage (optional) Up to two NVMe PCIe 4.0 x4 SSDs, up to 2 TB each
SATA storage (optional) Up to two SATA SSDs, up to 7.68 TB each
Wireless (optional) Wi-Fi 6E, 2400 Mbps, 802.11/a/b/g/n/ac/ax, Bluetooth 5.2
Operating system (optional) Qubes OS 4.1 or Ubuntu 22.04 LTS

Important note: When configuring your NitroPC Pro on the Nitrokey website, there is an option for a discrete graphics card (e.g., Nvidia GeForce RTX 4070 or 4090) in addition to integrated graphics (e.g., Intel UHD 770, which is always included because it is physically built into the CPU). NitroPC Pro configurations that include discrete graphics cards are not Qubes-certified. The only NitroPC Pro configurations that are Qubes-certified are those that contain only integrated graphics.

Of special note for Qubes users, the NitroPC Pro features a combined PS/2 port that supports both a PS/2 keyboard and a PS/2 mouse simultaneously with a Y-cable (not included). This allows for full control of dom0 without the need for USB keyboard or mouse passthrough. Nitrokey also offers a special tamper-evident shipping method for an additional fee. With this option, the case screws will be individually sealed and photographed, and the NitroPC Pro will be packed inside a sealed bag. Photographs of the seals will be sent to you by email, which you can use to determine whether the case was opened during transit.

The NitroPC Pro also comes with a “Dasharo Entry Subscription,” which includes the following:

  • Accesses to the latest firmware releases
  • Exclusive newsletter
  • Special firmware updates, including early access to updates enhancing privacy, security, performance, and compatibility
  • Early access to new firmware releases for newly-supported desktop platforms (please see the roadmap)
  • Access to the Dasharo Premier Support invite-only live chat channel on the Matrix network, allowing direct access to the Dasharo Team and fellow subscribers with personalized and priority assistance
  • Insider’s view and influence on the Dasharo feature roadmap for a real impact on Dasharo development
  • Dasharo Tools Suite Entry Subscription keys

For further product details, please see the official NitroPC Pro page.

Special note regarding the need for kernel-latest

Beginning with Qubes OS 4.1.2, the Qubes installer includes the kernel-latest package and allows users to select this kernel option from the GRUB menu when booting the installer. At the time of this announcement, kernel-latest is required for the NitroPC Pro’s graphics drivers to function properly. Therefore, all potential purchasers and users of this model should be aware that they will have to select a non-default option (Install Qubes OS RX using kernel-latest) from the GRUB menu when booting the installer. However, since Linux 6.1 has officially been promoted to being a long-term support (LTS) kernel, it will become the default kernel at some point, which means that the need for this non-default selection is only temporary.

About Nitrokey

Nitrokey is a world-leading company in open-source security hardware. Nitrokey develops IT security hardware for data encryption, key management and user authentication, as well as secure network devices, PCs, laptops, and smartphones. The company was founded in Berlin, Germany in 2015 and already counts tens of thousands of users from more than 120 countries, including numerous well-known international enterprises from various industries, among its customers. Learn more.

About Dasharo

“Dasharo is an open-source firmware distribution focusing on seamless deployment, clean and simple code, long-term maintenance, professional support, transparent validation, superior documentation, privacy-respecting implementation, liberty for the owners and trustworthiness for all.” —the Dasharo documentation

Dasharo is a registered trademark of and a product developed by 3mdeb.

What is Qubes-certified hardware?

Qubes-certified hardware is hardware that has been certified by the Qubes developers as compatible with a specific major release of Qubes OS. All Qubes-certified devices are available for purchase with Qubes OS preinstalled. Beginning with Qubes 4.0, in order to achieve certification, the hardware must satisfy a rigorous set of [requirements], and the vendor must commit to offering customers the very same configuration (same motherboard, same screen, same BIOS version, same Wi-Fi module, etc.) for at least one year.

Qubes-certified computers are specific models that are regularly tested by the Qubes developers to ensure compatibility with all of Qubes’ features. The developers test all new major versions and updates to ensure that no regressions are introduced.

It is important to note, however, that Qubes hardware certification certifies only that a particular hardware configuration is supported by Qubes. The Qubes OS Project takes no responsibility for any vendor’s manufacturing, shipping, payment, or other practices, nor can we control whether physical hardware is modified (whether maliciously or otherwise) en route to the user.

This is a companion discussion topic for the original entry at https://www.qubes-os.org/news/2023/09/06/nitropc-pro-qubes-certified/
11 Likes
2

Any available promo codes for the users on this list/Forum?

Sincerely
Max

1 Like
3

This is great to hear. I’ve been eyeing this desktop PC for quite some time and now will definitely be purchasing it.

2 Likes
4

Can I use dasharo anonymously? Can I just donate to the development without a subscription?

1 Like
5

What is the crazy price for the optional 4090 lmao 3k

6

Important note: When configuring your NitroPC Pro on the Nitrokey website, there is an option for a discrete graphics card (e.g., Nvidia GeForce RTX 4070 or 4090) in addition to integrated graphics (e.g., Intel UHD 770, which is always included because it is physically built into the CPU). NitroPC Pro configurations that include discrete graphics cards are not Qubes-certified. The only NitroPC Pro configurations that are Qubes-certified are those that contain only integrated graphics.

4 Likes
7

Is it possible to opt out of dasharo or use it anonymously

8

Sorry, I’m not sure if I understand your question. Dasharo coreboot is the firmware that comes preinstalled. It replaces the proprietary BIOS or UEFI that you would normally have.

1 Like
9

Especially:

§ 4. Subscription

4.1 The Service Provider provides a personalized digital Subscription service under which:

a) Service Recipient accesses the latest version of Dasharo and an exclusive newsletter containing curated content and invaluable insights relevant to their interests and requirements:

    • comprehensive and meaningful release notes,
    • in-depth feature documentation,
    • initial deployment and update procedures,
    • Software Bill of Materials (SBOM) details,
    • Compliant Supply Chain Information,
    • full access to Test Results Spreadsheet and test logs;

b) Service Recipient receives special updates, including early access to updates enhancing privacy, security, performance, and compatibility. These updates are released more frequently than community releases, with transparency of reproducible binaries, signature chains, and an open-source code supply chain;

c) Service Recipient is granted access to the Dasharo Primer Support invite-only Matrix channel, facilitating direct engagement with the Dasharo Team and fellow subscribers with personalized and priority assistance;

d) Service Recipient has the opportunity to influence the direction and development of new features, ensuring that the Dasharo firmware evolves to meet their specific needs and industry demands;

e) Access to the Service is obtained by obtaining an access key and password.

This is a personalized subscription or not?

So they need some data from me? @adw

1 Like
10

Awesome!

The computer itself is actually a good deal, if you buy the parts yourself:

  • PSU (I took an average 850 Watts silent PSU)
  • Case (it’s a be Quiet! Pure Base 500)
  • CPU (ref in the specs)
  • Memory (ref in the specs)
  • Mainboard (ref in the specs)
  • their nvme SSD are quite cheap

I get something like 1100 €, they sell the same thing for 1039 € but they provide coreboot + dasharo and deactivable Intel ME, you don’t have to buy and assemble the parts, and in case of issue you have someone guaranteeing the whole product.

However, it’s not clear if their price includes VAT, otherwise it’d +20% but that would still be in the same price ranges. Congrats :clap: (just don’t take an extra NVIDIA card :laughing: )

Edit: price includes VAT + shipping :+1:

4 Likes
11

According to “Frequently Asked Questions (FAQ) | Nitrokey”

“Accordingly, the gross price (incl. VAT) for German private customers equals the net price (excluding VAT) for all customers outside of the EU. This approach has been audited and is legally correct.”
So, I think we’ll have to add VAT to total.
PS. On the order page I can’t get to completion - keep getting this error
“Please choose exactly one mandatory product” with or without the
Dasharoo subscription (multiple browsers).

2 Likes
12

The price is with VAT, you can see the price without VAT when you pay.

As I understand the FAQ, they just add the VAT to the netto price if you are outside the EU.

13

@pietrushnic, could you help shed some light on this?

14

I think I missunderstood something before with the subscription modell, I had a chat with him today. Waiting for his next answer, then everything should be clear to me.

15

Could you share what you understood once it’s clear for you? :slight_smile:

16

@Poison I’m tacking very similar question here:

Please let me know if it explains the potential use of the Dasharo subscription anonymously.

1 Like
17

There is no way to opt-out if you are buying hardware from 3mdeb or our partners (e.g. Nitrokey). If you want to opt-out, you can build the same configuration and compile source code from Dasharo GitHub.

18

What do you mean by that?

Yes, we need your email to which we will provide all mentioned additional services.

19

I understood @Poison 's question as «Do I need to share personal data for the subscription or can I receive some key anonymously»

20

Hi Solene, you need to provide an email adress, which theorerically could be correlated with your delivery adress, and if you download their updates without hiding your ip, also with your IP/ISP. There is no option to opt out. But you could just use a tempmail or some fake email and download the updates hiding your IP. Is this right @pietrushnic ?