Re: [qubes-users] Re: Best Laptop for Qubes 4+ and Heads
> Did you install coreboot? Yes. bios: CBET4000 4.8-1344-g982c7555ad >Nice! glad that still works Ericsson F5521gw - 3G/GPS/HSPA work out of box in a dedicated USB VM but only clearnet/VPN/wireguard. For Whonix and Tor need reed this https://www.whonix.org/wiki/Security_Guide#Anonymous_Mobile_Modems. So, You can sit in the forest next to the telecommunications tower)) >The RPI is not an open source firmware device FYI and I recommend instead purchasing a beagleboard or novena. >G505S: * pre-PSP AMD quad core cpu (the A10 model - the others suck) * coreboot with open cpu/ram init (unlike the blobbed puri-craptop hw init via the intel fsp binary blob) * IOMMU that works with qubes 4.0 (Must apply latest microcode updates or qubes wont work) Blob status: video+EC but people are apparently working on freeing them and the IOMMU protects you from any DMA issues. Thanks for info :) I first wanted to take a try one W520 (i7 quadcore coreboot/32GB ram and Quadro 1000m/2000m) but http://www.cs.utexas.edu/~hyu/publication/pdf/wddd17.pdf https://wiki.xen.org/wiki/Xen_VGA_Passthrough_Tested_Adapters This cards not listed and intel news are sad:( So, idea - gpu passthrouth to hvm ?! unsuccessful I have 16GB ram - Xentop says 15GB are used 11 domains: 2 running, 9 blocked, 0 paused. Mem 16696288k total, 15389884k used, 1306404k free. which is quite enough, but hvm maybe eat more ram. but now I think it might be better to buy G505S for comparison :) Thanks :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67b3826a-5e35-460e-a337-df6188a42c3f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Best Laptop for Qubes 4+ and Heads
Also, you can build your own linux and integrate it into Bios chip. It is amazing. ;) https://www.coreboot.org/Payloads Payloads Linux-Kernel The Linux kernel can be used as a payload, and, if it fits into the flash ROM chip, even a distribution can be a payload. But it’s more common to let Linux load another Linux kernel using kexec. Several projects exist to build such a Linux kernel and an initramfs image. LinuxBoot Heads Petitboot – A kexec-based bootloader, How-to Petitboot for coreboot u-root You could download this floppy from KolibriOS website and add it to your coreboot.rom with this command : ./build/cbfstool build/coreboot.rom add -f ./build/kolibri.img -n floppyimg/kolibri.lzma -t raw -c lzma Then it will be available for selection at SeaBIOS boot menu when you would want to launch it and have fun ;) On Friday, August 10, 2018 at 5:00:43 PM UTC+3, jonbrown...@gmail.com wrote: > Heyo, > > I am looking for the best laptop for Qubes 4.0+ to take advantage of all the > features along with Heads. I know Heads only officially supports Lenovo > Thinkpad 230 but is that the best choice to future proof myself and take > advantage of all security benefits? > > How is the 230 on the binary blob front and other firmware? Is there any > other technology besides Heads that could enhance Qubes or provide > better/additional protection? > > Here is more info on Heads http://osresearch.net/ > > Any help is greatly appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/216fffeb-1f58-40bc-bb10-b027b3ca6201%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Best Laptop for Qubes 4+ and Heads
On Friday, August 10, 2018 at 5:00:43 PM UTC+3, jonbrown...@gmail.com wrote: > Heyo, > > I am looking for the best laptop for Qubes 4.0+ to take advantage of all the > features along with Heads. I know Heads only officially supports Lenovo > Thinkpad 230 but is that the best choice to future proof myself and take > advantage of all security benefits? > > How is the 230 on the binary blob front and other firmware? Is there any > other technology besides Heads that could enhance Qubes or provide > better/additional protection? > > Here is more info on Heads http://osresearch.net/ > > Any help is greatly appreciated. I use x220 tablet and it is great laptop for Qubes OS 4 1. Heads support (no problems, easy install, works on my machine, many great features kexec etc) https://github.com/osresearch/heads/tree/master/blobs/x220 Alternative : https://git.lsd.cat/g/thinkpad-coreboot-qubes ME disabled (works!) 2. Tomu support (30$ ) (works fine!) https://www.crowdsupply.com/sutajio-kosagi/tomu porting gnuk to tomu (opensource analog yubikey, needed to use heads) https://github.com/osresearch/heads-wiki/blob/master/GPG.md Dev: https://github.com/aze00/gnuk/tree/efm32 PR: https://github.com/im-tomu/tomu-samples/pull/35 Issue: https://github.com/im-tomu/tomu-samples/issues/4 Alternative - Nitrokey https://shop.nitrokey.com/shop/product/nitrokey-start-6 (based on gnuk) 3. https://inversepath.com/usbarmory nice compatibility (works without any issues) 4. for good work you need a bundle i7 2gen, 16 RAM and good SSD disk ( I completely lack 256 gigabytes ) main templates : archlinux artful bionic centos-7 debian-9 dev (buster) fedora-28 kali-rolling void-template whonix-ws-14 whonix-gw-14 works fine and easy build from https://github.com/QubesOS/qubes-builder + 8-10 services (vpn,tor,wireguard etc) + 3-4 disp vm's (internet browsing) + 8+10 domains Total disk usage : 20.4% lvm : 36.2% 77.4GB/213.8GB So, 256GB is enough. 5. You can use it like tablet ;) https://github.com/martin-ueding/thinkpad-scripts rotate/touchscreen works great and works on every VM machine. 6. TPM ownership/reset (work!) 7. 10 open vms temp 52 fan 3496 rpm 8. +3G modem or raspberry pi features Cheers! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58d09c29-c1a7-41f9-a76a-9903da01b621%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Archlinux template for Qubes R4 build is working
release 4.1 build success you need comment out "ttf-symbola" line # Particularly good Unicode coverage: $HOME/qubes-builder/qubes-src/builder-archlinux/scripts/packages.list --- Cheers ;) On Wednesday, May 30, 2018 at 6:37:17 PM UTC+3, qubes...@secmail.pro wrote: > Archlinux template seems to be fully working and building completely but > requires minor changes: > > run ./setup > release 4.0 stable > select archlinux > > edit the file > qubes-src/builder-archlinux/scripts/04_install_qubes.sh > > find the line: > echo " --> Registering Qubes custom repository..." > cut out what is in 4 lines after this one echo and paste this instead: > su -c 'echo "[qubes] " >> $INSTALLDIR/etc/pacman.conf' > su -c 'echo " #QubesTMP" >> $INSTALLDIR/etc/pacman.conf' > su -c 'echo "SigLevel = Optional TrustAll " >> $INSTALLDIR/etc/pacman.conf' > su -c 'echo " #QubesTMP" >> $INSTALLDIR/etc/pacman.conf' > su -c 'echo "Server = file:///tmp/qubes-packages-mirror-repo/pkgs " >> > $INSTALLDIR/etc/pacman.conf' > su -c 'echo " #QubesTMP" >> $INSTALLDIR/etc/pacman.conf' > > The build script has some problem with #comments. > Not sure why this fix works but different fixes were not, was about to > give up but then it worked. > > Another couple of edits (taken from 2 day old fix on github) > /qubes-src/gui-agent-linux/archlinux/PKGBUILD > In line 11 > > makedepends=(pkg-config make gcc patch git automake autoconf libtool > pulseaudio xorg-server-devel xorg-util-macros xf86dgaproto libxcomposite > qubes-vm-gui-common qubes-libvchan-xen qubes-db-vm libxt pixman) > > pixman is added just to be sure but im unsure how it helps, as said on > github too. > > within the same file edit line 62: > 'xorg-server>=1.19.0' 'xorg-server<1.21.0' > > changed from "1.20.0" to "1.21.0" > > and that would be it. Builds. > > The qubes repository with archlinux binaries has its pgp signature expired > for over 2 months so Qubes- stuff does not upgrade from within template. > [qubes-r4.0] > Server = http://olivier.medoc.free.fr/archlinux/current > thats why it does not matter (much) if it is left disabled by default. > > the only leftover would be to edit /etc/pacman.conf and remove last 3 > lines which were used during template build. > > Thank you all -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5029ff89-d2fd-4d89-b5c9-6c593153a519%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
