On 02/26/2018 03:47 AM, Zbigniew Łukasiak wrote:
On Tue, Feb 6, 2018 at 2:01 PM, Utility Panel
<[email protected]> wrote:
Meanwhile, the machines I'm currently replacing are both server workstations
with 96 gigs of EEC RAM. I'm looking to upgrade to something comparable, and
I'm pretty certain at this point that I'll start building with either the
KCMA-D8 or KGPE-D16. I've got one year after the release of 4.0 to make the
transition, so I've got time to collect all the bits before 3.2 reaches
end-of-life.
Did you consider Dell workstations? I am also looking for some
high-end workstation and I was considering HP Z8 - thanks for the
warning!
I would go with a D8 or D16 as they have libre firmware available for
both the board and the BMC, they are owner controlled as there is no
hardware code signing enforcement or ME/PSP and thus are a much better
choice for security.
Another excellent choice is the OpenPOWER9 libre firmware/hardware TALOS
2, while xen doesn't support POWER so you wouldn't be able to use qubes
it is a significantly faster and more secure choice than x86_64 even vs
the non ME/PSP stuff like the D8/D16.
It supports IOMMU-GFX so you can attach a video card to a VM, installing
some video cards and having a secure KVM switch would result in a high
level of security.
So maybe Dell T7820? The plus is that you can request them with Linux
- so at least some of the compatibility problems go away.
Not exactly, they will probably require proprietary firmware modules and
or drivers which will stop working once they are out of support.
I am not so eager to build something - as you can get into the same
compatibility issues with any part be it mother board, video etc.
The KGPE-D16 and KCMA-D8 work well with qubes and they support all the
4.0 features (obviously besides intel's dynamic measured launch features
but that is a gimmick, you receive better security by signing your
kernels/initramfs and using a grub that supports the signing as your
coreboot/libreboot payload while disabling internal firmware flash)
I recommend an AMD video card as nvidia adds bugs to their drivers and
does many other things to make virtualization and linux more difficult.
and then the issue just gets more complex (and also the recommended
KGPE-D16 looks old).
While the board is old it supports CPU's which are good enough to play
new video games at max settings with a decent video card (it and the D8
also supports Crossfire XDMA for dual graphics) I recommend either the
6328 (equiv FX-8320) or the 6386SE (equiv dual FX-8300) or with the
KCMA-D8 the 4386
For the KGPE-D16 if you are on a budget the 6282SE is a decent 16 core
deal for around $100 on fleabay.
Newer x86-64 stuff is not and will never will be owner controlled and it
has either Intel ME or AMD PSP which is why for real security either you
need to get POWER (such as the libre firmware/hardware TALOS 2) or
settle for older x86-64 stuff.
A KGPE-D16 with dual 16 core opterons and 128GB RAM will be just as fast
as an equivalently priced brand new non-free dell.
MSRP:
KGPE-D16 $415
KCMA-D8 $315
Used opterons:
(buying a new cpu is pointless)
6386 - $200
6328 - $100
4386 - $80
I highly recommend obtaining a KGPE-D16 while you still can as they no
longer make them and supplies will soon run out, they are the last and
best owner controlled x86-64 devices if you still need to run x86-64
applications (otherwise a TALOS 2 is a much faster and better choice
with a higher freedom level)
https://www.coreboot.org/board_freedom_index
6282SE - $100 (not as fast, but affordable 16 cores)
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d79bf739-9936-f740-b9f0-00ca54e1caf3%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
