Re: [qubes-users] Number of cores and other CPU characteristics

2017-02-04 Thread WillyPillow 
 Original Message 
Subject: [qubes-users] Number of cores and other CPU characteristics
Local Time: February 2, 2017 9:50 AM
UTC Time: February 2, 2017 9:50 AM
From: groups-no-private-mail--contact-me-at--contact.v6ak@v6ak.com
To: qubes-users 

Choosing the right CPU is about choosing the right tradeoff. The tradeoff is 
not only between price, power consumption and performance. We can also balance 
single-core performance to multi-core performance, or we might want some 
enhancements for some specific tasks, like AES-NI. And many more.

I'd like to ask how should Qubes affect my choice (looking at Qubes 4 and 
newer):

* Obviously, it needs to meet the requirements mentioned at 
https://www.qubes-os.org/doc/system-requirements/ .
* I might want TXT for AEM (this is not performance-related, though).
* Qubes has GPU for all VMs emulated on CPU. (I believe the GPU emulation runs 
in the VM itself or in its stubdom.) This might increase need for multiple 
cores. (Unsure how much.) This might become more important when considering 
hiDPI or other GPU-intensive tasks.
* Qubes will typically use encryption (at least for data storage), which makes 
AES-NI potentially useful. It might also utilize an extra core.
* Qubes typically runs multiple VMs at once. I believe this introduces just a 
minor CPU overhead – while you have more OSes running at once, one VM will have 
fewer processes. Typically, IMHO at most one VM is performing CPU-bound tasks.

There are my more specific questions:

1. Does Qubes affected desicion between dual-core and quad-core CPUs? While 
Qubes will more likely utilize multiple cores, I believe that dual-core should 
be enough in most cases.
2. Is there anything wrong with Intel's U-series? One of considered CPUs is 
Intel i7 7500U, which seems to provide excellent single-core performance with 
low power consumption.

AFAIK, [this 
attack](http://blog.ptsecurity.com/2017/01/intel-debugger-interface-open-to.html)
 only work on the U-series.


3. Should I be picky about integrated graphics? Since it is used in dom0 only, 
I don't think its performance is important in QubesOS. Maybe it will become 
important when XenGT is integrated in QubesOS (which is not sure if it happens 
at all).
4. Is there anything else I should be aware of when looking at recent i7 (or 
maybe i5) CPUs?

Regards,
Vít Šesták 'v6ak'

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/509f624e-267a-407e-aadb-5672f562dd35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--WillyPillow
--
https://blog.nerde.pw/
PGP fingerprint = B57E 7237 B211 419C 35C4 AF5B EB4D 3264 A318 73CB
--

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/If3P9npSvWYiqwpqZhWK0FlICfwGvItZBIukXTipuHwtQ4DAUN8yEy49DRcq3oXSJ5N3t8S73cW0Yd86hthwBvWeIRn2z8H9_1vldIQaVDQ%3D%40nerde.pw.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Number of cores and other CPU characteristics

2017-02-02 Thread Vít Šesták 
Sure, we can't say definitely anything about conpatibility with Qubes 4. Maybe 
I'll buy the laptop after the release of at least Qubes 4 RC1. Now, we can 
estimate. Performance requirements are hopefully estimatable now.

Multiple USB controllers: I am aware of this (must have for me, because I have 
external Ergo Ergodox keyboard), but this has already been mentioned in 
requirements.

On AES-NI: I agree.

ECC RAM: Good point. Unfortunately, those laptops I found with ECC are very 
very expensive, say $2000 (plus VAT) or more.  

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20affc9b-becc-4bf9-bf68-907d268368b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Number of cores and other CPU characteristics

2017-02-02 Thread Chris Laprise 

On 02/02/2017 04:50 AM, Vít Šesták wrote:

Choosing the right CPU is about choosing the right tradeoff. The tradeoff is 
not only between price, power consumption and performance. We can also balance 
single-core performance to multi-core performance, or we might want some 
enhancements for some specific tasks, like AES-NI. And many more.


I'd say its the details that the PC vendor execute on the motherboard 
that matter more than anything. The specific way chipsets are wired, the 
way the BIOS initializes certain features, peripheral chips that might 
not be FOSS-friendly, etc. Plus, the number of USB controllers and the 
way the keyboard is wired (PS2 vs USB). These things make or break 
compatibility with secure Qubes configurations.


So, until we have a running pre-release of R4, we won't really know 
which models work.


As for the CPU itself, AES-NI seems like the must-have to me. IIRC it 
can prevent side-channel attacks whereas software AES cannot. Luckily, 
its a common option on x86 processors aimed at PCs. Of course, I'll also 
recommend TXT and TPM if it makes Anti Evil Maid work.


RAM is also a security issue because of attacks like rowhammer. Some 
people recommend an ECC-capable CPU or chipset to help mitigate them.


   4. Is there anything else I should be aware of when looking at recent i7 (or 
maybe i5) CPUs?

Hmmm... 'Evil Inside' perhaps?

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd53a3a7-6c43-dffa-41a8-39647763af7a%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.