I have many posts on this but since you have an .edu and made a long post yourself here are two great options.
You wanna assemble stuff yourself which is pretty easy - I did my first at age 12 and it worked on the first power on. Libre motherboards that work with qubes 4: * KCMA-D8 (90 used on fleabay from china) and one or two 8 core socket C32 4386 opteron CPU's plus ECC RDIMM RAM in 8GB sticks (for 64 total) or 16gb (for 128 total) * KGPE-D16 ($130 on fleabay brand new) and one or two 16 core 6386 CPU's or 8 core 6328 CPU's (60 on fleabay brand new) which supports up to 192GB RAM. Since they support libre firmware it doesn't matter that you are getting used hardware although I believe newegg still has the KGPE-D16 if you must have new hardware. Both support Crossfire xDMA and IOMMU-GFX for gaming or cad in a VM, all the devices have their own IOMMU groups and it supports ACS. The D8 and D16 are the last and best owner controlled x86 motherboards and they support coreboot-libre or libreboot, and also OpenBMC for secure libre remote access with the ASMB4 or ASMB5 chip - it comes with the new in box KGPE-D16 but they also crop up time to time on fleabay for a few bucks. I would say that TPM's/AEM is a not needed if you implement kernel/initramfs code signing in grub as a coreboot payload, set the write lock bit on the flash chip and then put a lock on your case but if you still want a TPM it has a header for a v1.2 device make sure to buy a supported model. Other options are the Raptor Computing Systems Libre Firmware OpenPOWER systems such as the TALOS 2 and the more affordable Blackbird which are the future of owner controlled computing[1] although currently qubes/xen doesn't have a POWER port so you would have to use POWER-KVM which arguably is better security wise than xen+black boxed x86 junk and again is the future not a dead platform. I am an expert on this topic, let me know if you need any help and if you think my advice is patron-grade. [1]x86 is dead freedomwise, both AMD and intel have a variety of anti-features that make you just a licensee not an owner - OpenPOWER is the only owner controlled performance CPU arch luckily it is now more affordable than equivilant x86 performance enterprise hardware and you get more features+freedom :D It is impossible to disable ME/PSP or make libre firmware for a new gen x86 system. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/febf11d7-74fe-63fc-142a-02f3ae7009a7%40gmx.com. For more options, visit https://groups.google.com/d/optout.
