-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear Qubes Community,
It's no secret that hardware selection is one of the biggest hurdles Qubes users face. Finding a computer that is secure, trustworthy, and compatible is more difficult than it should be. In an effort to address the compatibility aspect of that problem, we introduced the Qubes-certified laptop program [1] back in 2015. So far, only one laptop has been Qubes-certified: the Purism Librem 13v1. A number of users purchased this laptop comfortable in the knowledge that it would be compatible with Qubes, and it served them well in that regard. However, the Librem 13v1 is no longer being manufactured, and the Librem 13v2 has not undergone Qubes-certification (nor has any other laptop yet). This means that the need for compatible hardware is more pressing than ever. It's important to remember that Qubes-certification is only about *compatibility* -- not security, trustworthiness, or anything else. Being Qubes-certified has always meant that a computer has been tested to ensure that it runs Qubes OS well -- nothing more, nothing less. But we know that security-conscious users care about more than just compatibility, which is why we announced updated requirements for Qubes 4.x certification [2] last year. So far, no third-party manufacturers have produced a computer that satisfies these requirements. However, ITL has entered initial talks with a promising partner with whom we can foresee creating a true Reasonably Secure Laptop. Our plan is to introduce a tier-based model of laptop support: - *Level 0: Qubes Compatible Laptop.* As with the Purism Librem 13v1, this will be a laptop that comes with no guarantees regarding security or trustworthiness. We'll guarantee only that the laptop is compatible with Qubes OS. In practice, a vendor who wishes to introduce a Level 0 laptop will typically have to allow for specific choices regarding the GPU, Wi-Fi, and Bluetooth modules. The vendor will also have to be willing to "freeze" the configuration of the laptop for at least one year. - *Level 1: Qubes Certified Laptop.* In addition to meeting all the requirements of Level 0, this laptop will also have to conform to our updated requirements for Qubes 4.x certification [2]. - *Level 2: Qubes Stateless Laptop.* For details about this, please see Joanna Rutkowska's paper State Considered Harmful [3]. We can foresee multiple levels of compatibility here. However, we expect that it will be at least two years before a true stateless laptop can be created. In the immediate future, therefore, we intend to pursue a Level 1 laptop. Please note that laptops on the Qubes Hardware Compatibility List (HCL) [4] do not have a specific level. This is because neither ITL nor the Qubes OS Project makes any affirmations regarding the vast majority of laptops on this list. Rather, the list is compiled from voluntary contributions from members of the community like you! This is just the beginning. There's a long road ahead before we can make a Reasonably Secure Laptop a reality, but the need is too great to ignore. [1] https://www.qubes-os.org/news/2015/12/09/purism-partnership/ [2] https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/ [3] https://blog.invisiblethings.org/papers/2015/state_harmful.pdf [4] https://www.qubes-os.org/hcl/ This post can be viewed on the Qubes website at: https://www.qubes-os.org/news/2017/07/08/toward-a-reasonably-secure-laptop/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZYZu5AAoJENtN07w5UDAwPMoP/joGmGegmibHq8bJ8/rmtLZv UH+J+njz2jl7VYYNKgnkrO4gkXk8SLaxsH74zZWDjMw4TZVwNYabX64qjUKx3doe L6M6dAerm8MhvEJqKq3YctiRQvByD2FY/f2lLc27UjLYFYC/y5r+fbh8WJDLgV72 k1TbYWY1ZKQSnmV/8vULFRHHkRpGf4LqH8AEXNTBe9LyEDOL5dUXmjPLKqBeA7bZ spT2/cl2NY/iDX+1MfN2iO+ig3dW8h+z4CJf5Z4S5RX/ikbr4VEQEl1+zIje4mOG S3LUnvM5KoHGtgCG4/qsDrjE5Sr46POapiAW3zklCy6k7l97iFk4OicYUh0lB5M3 Aaleti5crLP/PCncv/M8fD2b7GO0LxnF5hIfHP71sKnYv2eStXSzZGYog0SjfmJ4 MZ6uSQD2+ZI/Gbmqd5iAcLlZ+dwa66iRpW5uW6Kl28KvkR+GpPc4UjvOjYvWkheL /txuJf5s7taQ/zyF6gVoaKM2RNm2eGK2L3bENqROQwGDpdaxsgDCHfbfIRCMBjuX XFXTRfvLPBdSUlpPVgySQLb+vy+KvhnDZJAYaXEn1sDkL3TKM9D1eTOpseC6F5bj doZ2pNGty/FF0kWM2SQNhBBL19WoophnsXSR0Lqd90IQfdL7sCg61jilKDZUsAxJ ElGF0/3S+ikI5T1N9cxy =O6e+ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f41ea93-4ca3-0b4d-2b5e-8ecb699e4d48%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.