Re: [qubes-users] Qubes Certified Desktop
I did contact them, but they have their own arguments and according to them the FSF-RYF certification is more than sufficient. They say as it is compatible with coreboot version 4.11 and Qubes OS works as expected, there is nothing more to be done in that direction. I don't have a technical answer to that. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_GWgfiF37zT8GmO616Q6N57SPfmweLN%2BNqRZWBRH2W%2BQ%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
On Friday, May 1, 2020 at 4:41:16 AM UTC-4, Anil wrote: > > > Nope I can't. You would have to search around for parts following this > doc, do some soldering to adapt spi chip, buy it, reprogram it with > firmware built from source, buy compatible RAM and fastest CPU, case, power > supply and ssd. Information is scattered around. When I said adventurous, I > meant adventurous. > > OK. That means I will have to first spend some time learning more > about this. I can do the soldering, if I know exactly (or find out) > what has to be soldered to what. > > https://github.com/osresearch/heads/issues/712 > > > > > Port and upstreamed doc > > https://www.raptorengineering.com/coreboot/kgpe-d16-status.php > > > > https://libreboot.org/docs/hardware/kgpe-d16.html > > > > Build instructions are valid: > > http://osresearch.net/Building > > > > Status report on heads. No TPM support as of now. But rom can be > remotely attested by libremkey if really really adventurous without a TPM. > Less secure since no internal root of trust. TPM is desired. > > https://github.com/osresearch/heads/issues/134 > > This will certainly help. Thanks. > > > > > It needs adventurous developers or funding to get mainstreamed. Since > the board got dropped by coreboot, I lost a bit of interest pushing for > that last blob free platform in this lonely path. There is developers ready > to do the needed work to bring it back. But funders refused the grant > application. Skilled developers are willing to do required work to bring it > back but I hesitate to completely self fund the whole project right now > since priorities changed, but would be willing for joint partnership. > > > > Anyone interested in bringing back that beast to life contact me at > insurgo at riseup dot net. This is last RYF x86 platform ever for sure. > > I strongly hope some people do that. People working on > laptops/desktops and phones, but not seemingly on servers. It may not > be for a data centre, but at least some personal website. > > > >Or even just as a desktop, will the setup be nearly as secure as > > >PrivacyBeast? > > > > TPM support lacking under coreboot 4.8.1, present under 4.11. Would love > to see that beast fully supported and would even sell it myself under > insurgo umbrella. But I wont do it all alone this time. Partners welcome. > > If I am able to get the hardware and set it up, I can do some routine > part of the work that is not too technical in the sense of knowing the > internal details of TPM or OS kernel etc., with some help, if that can > reduce the effort required. > > > Have funds? > > Not really. At most I can buy one. > > Regards, > > अनिल एकलव्य > (Anil Eklavya) > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b120d949-a977-4082-8d94-927c6cf7974a%40googlegroups.com.
Re: [qubes-users] Qubes Certified Desktop
On Fri, May 01, 2020 at 11:19:45AM +0530, Anil wrote: > system perhaps? Or better, some older version of NUC or other mini PC? NUCs will not allow you to do anything weird with the firmware, so no me_cleaner or coreboot or so. they work reasonably well with qubes. > I know Purism is selling a mini PC, but other than that. asrock deskmini works well for me. didnt bother with coreboot, but me_cleaner works like a charm. asrock does not seem to have firmware checksum/signature checks, and has a good recovery path, so no external hardware/flasher/soldering needed to apply me_cleaner, including for unbricking. another option would be chromeboxes. with official coreboot and linux support. but rather limited in terms of hardware choices. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200501095613.GA54173%40priv-mua.
Re: [qubes-users] Qubes Certified Desktop
> Maybe they would be willing to give back to the community? If you do not have > funds but some time to spend, showing your interest to them of this kind of > partnership would mean the world me, pointing here, and have a total > different impact then if I was the one contacting them. Potential customers > have a lot more impact then they think they have. Show that you want > something and rust thing will exist. Wait for it to happen or do it on your > own and it might go instinct just like it did and never get revived. I will contact them and hope they take it up. > I'll take this public space since I don't do it enough. Watch my > presentation, but most importantly, read the slides 45+ attached to the talk: > https://fosdem.org/2020/schedule/speaker/thierry_laurion/ I will go through this. > But if everybody showed their interest for it, it.would happen. See? Yes. I know it from a different, but coding related context. Since this mail is on the mailing list, perhaps many others can do the same. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8onawVOUQ9yEK%3DfN8%3DUjnTstc1_xtAHtpTzZnDLZ%2BTNw%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
On May 1, 2020 8:40:57 AM UTC, Anil wrote: >> Nope I can't. You would have to search around for parts following >this doc, do some soldering to adapt spi chip, buy it, reprogram it >with firmware built from source, buy compatible RAM and fastest CPU, >case, power supply and ssd. Information is scattered around. When I >said adventurous, I meant adventurous. > >OK. That means I will have to first spend some time learning more >about this. I can do the soldering, if I know exactly (or find out) >what has to be soldered to what. > >> >> Port and upstreamed doc >> https://www.raptorengineering.com/coreboot/kgpe-d16-status.php >> >> https://libreboot.org/docs/hardware/kgpe-d16.html >> >> Build instructions are valid: >> http://osresearch.net/Building >> >> Status report on heads. No TPM support as of now. But rom can be >remotely attested by libremkey if really really adventurous without a >TPM. Less secure since no internal root of trust. TPM is desired. >> https://github.com/osresearch/heads/issues/134 > >This will certainly help. Thanks. > >> >> It needs adventurous developers or funding to get mainstreamed. Since >the board got dropped by coreboot, I lost a bit of interest pushing for >that last blob free platform in this lonely path. There is developers >ready to do the needed work to bring it back. But funders refused the >grant application. Skilled developers are willing to do required work >to bring it back but I hesitate to completely self fund the whole >project right now since priorities changed, but would be willing for >joint partnership. >> >> Anyone interested in bringing back that beast to life contact me at >insurgo at riseup dot net. This is last RYF x86 platform ever for sure. > >I strongly hope some people do that. People working on >laptops/desktops and phones, but not seemingly on servers. It may not >be for a data centre, but at least some personal website. > >> >Or even just as a desktop, will the setup be nearly as secure as >> >PrivacyBeast? >> >> TPM support lacking under coreboot 4.8.1, present under 4.11. Would >love to see that beast fully supported and would even sell it myself >under insurgo umbrella. But I wont do it all alone this time. Partners >welcome. > >If I am able to get the hardware and set it up, I can do some routine >part of the work that is not too technical in the sense of knowing the >internal details of TPM or OS kernel etc., with some help, if that can >reduce the effort required. > >> Have funds? > >Not really. At most I can buy one. What is weird is that needed work would be the cost of buying 4 already made servers if not less. Could reach out to technoethical and Vikings one last time, which profited of work that was paid by Leah Rowe originally to sell their d16 branded stuff. Maybe they would be willing to give back to the community? If you do not have funds but some time to spend, showing your interest to them of this kind of partnership would mean the world me, pointing here, and have a total different impact then if I was the one contacting them. Potential customers have a lot more impact then they think they have. Show that you want something and rust thing will exist. Wait for it to happen or do it on your own and it might go instinct just like it did and never get revived. The actual reason why that board was dropped by coreboot was because not enough people showed they cared.for it to be maintained. Maintainership is a hard problem. I'll take this public space since I don't do it enough. Watch my presentation, but most importantly, read the slides 45+ attached to the talk: https://fosdem.org/2020/schedule/speaker/thierry_laurion/ The more time between a board being dropped upstream under coreboot and the time it is put back under compliance the more expensive it will be. Now.would be a good time for collaboration. If this community showed interest in having a RYF certified server/desktop under Heads, it would happen in a snap. Chicken and egg problems everywhere. But if everybody showed their interest for it, it.would happen. See? > >Regards, > >अनिल एकलव्य >(Anil Eklavya) -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/D504D4DD-7E04-446A-83D3-CF704A5C551F%40gmail.com.
Re: [qubes-users] Qubes Certified Desktop
> Nope I can't. You would have to search around for parts following this doc, > do some soldering to adapt spi chip, buy it, reprogram it with firmware built > from source, buy compatible RAM and fastest CPU, case, power supply and ssd. > Information is scattered around. When I said adventurous, I meant adventurous. OK. That means I will have to first spend some time learning more about this. I can do the soldering, if I know exactly (or find out) what has to be soldered to what. > > Port and upstreamed doc > https://www.raptorengineering.com/coreboot/kgpe-d16-status.php > > https://libreboot.org/docs/hardware/kgpe-d16.html > > Build instructions are valid: > http://osresearch.net/Building > > Status report on heads. No TPM support as of now. But rom can be remotely > attested by libremkey if really really adventurous without a TPM. Less secure > since no internal root of trust. TPM is desired. > https://github.com/osresearch/heads/issues/134 This will certainly help. Thanks. > > It needs adventurous developers or funding to get mainstreamed. Since the > board got dropped by coreboot, I lost a bit of interest pushing for that last > blob free platform in this lonely path. There is developers ready to do the > needed work to bring it back. But funders refused the grant application. > Skilled developers are willing to do required work to bring it back but I > hesitate to completely self fund the whole project right now since priorities > changed, but would be willing for joint partnership. > > Anyone interested in bringing back that beast to life contact me at insurgo > at riseup dot net. This is last RYF x86 platform ever for sure. I strongly hope some people do that. People working on laptops/desktops and phones, but not seemingly on servers. It may not be for a data centre, but at least some personal website. > >Or even just as a desktop, will the setup be nearly as secure as > >PrivacyBeast? > > TPM support lacking under coreboot 4.8.1, present under 4.11. Would love to > see that beast fully supported and would even sell it myself under insurgo > umbrella. But I wont do it all alone this time. Partners welcome. If I am able to get the hardware and set it up, I can do some routine part of the work that is not too technical in the sense of knowing the internal details of TPM or OS kernel etc., with some help, if that can reduce the effort required. > Have funds? Not really. At most I can buy one. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8%2BYx1LwadkO3fe56v%3DOHkxs1zwU-Dm56T93uR87pcxXg%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
> Kgpe-d16 is supported under heads, is blobless and supported by coreboot 4.11 > and heads under coreboot 4.8.1 as of right now with plans of Can you give an approximate price (right now no one is shipping, so they are not showing the price either)? Any particular processor that is more suitable? The Asus page says it works with Opteron 6000 series processors. Also the price of the processor. > Using it as a server personally. With a qubesos supported video card and > jumper set to deactivate onboard integrated graphic (which offers really poor > graphics) that could be an awesome project, but adventurous. Someone wrote that Qubes OS is meant to be used as a laptop/desktop OS. How much effort is required to set it up as a server? As I understand, the compartmentalization provided by Qubes OS can be useful in some contexts. Or even just as a desktop, will the setup be nearly as secure as PrivacyBeast? Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu-1tkeUOwrwJJSmazsDV8LeyRsJM04jpR9Xwk_nL74usQ%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
Kgpe-d16 is supported under heads, is blobless and supported by coreboot 4.11 and heads under coreboot 4.8.1 as of right now with plans of upgrading to latest version supporting it before support got dropped since not enough attention nor love was given to it to justify upstream maintainership. This is an adventurous path though, since noone took the venture of making that refurb hardware ready for consumers as of right now. Using it as a server personally. With a qubesos supported video card and jumper set to deactivate onboard integrated graphic (which offers really poor graphics) that could be an awesome project, but adventurous. Insurgo On May 1, 2020 5:49:45 AM UTC, Anil wrote: >I know there is at least one Qubes Certified Laptop. > >Is there an analogous setup for Desktop? Or at least some desktop >hardware >that can be setup in the same way as ThinkPad x230, with ME neutered >etc. >and which is considered as suitable as x230? It could be an assembled >system perhaps? Or better, some older version of NUC or other mini PC? > >I know Purism is selling a mini PC, but other than that. > >Regards, > >Anil Eklavya >-- >अनिल एकलव्य >(Anil Eklavya) > >-- >You received this message because you are subscribed to the Google >Groups "qubes-users" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to qubes-users+unsubscr...@googlegroups.com. >To view this discussion on the web visit >https://groups.google.com/d/msgid/qubes-users/CAAPfsu9BizQzXh53yf0%2BjJDF9HM_sA0cLJ6YH_M9T-qABokbaQ%40mail.gmail.com. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ACB437AD-7D46-468E-8F65-71F2C0C5F650%40gmail.com.
