On 04/11/2018 01:21 PM, Andrew B wrote:
> Sorry to beat a dead horse. I am sure folks here are sick of answering
> hardware questions.
>
> So I understand the dev team currently seems to like the Lenovo Thinkpad X1
> Carbon 5th gen. I assume best to get with 16GB RAM (max) and an SSD. I assume
> you get with Windows10 or 7 and wipe it clean for your Qubes install or even
> need to install some new BIOS?
The only carbon that supports coreboot is the first gen model, but it is
pretty much a crappier thinkpad.
> I know some folks here have recommended for example the W520 or W530 but
> these would have to be bought used since they are no longer for sale?
Yes but you can still buy CPU upgrades and the parts on fleabay to
replace worn keyboards, armrest etc.
There are also some companies selling already refurbished ones that look
new in case you don't wish to do it yourself but of course that costs more.
> Would we expect the X1 to have similar feature compatibility with Qubes 4 as
> the W520 or W530? Better the 5th Gen than the newest 6th Gen?
It could work yes but you would be stuck with lenovos proprietary
firmware full of bugs and backdoors.
The most free Q4 laptop option is the G505S which has no ME/PSP plus
coreboot with open hw init for the cpu/memory.
Laptop options from best to worst:
Lenovo G505S (no ME/PSP, blobbed video/power control BUT they are
controlled via IOMMU)
W520 (ivy bridge cpu upgrade suggested - 32GB RAM max available)
X220
T420 (ivy bridge cpu upgrade suggested)
Libre firmware desktops:
KCMA-D8
KGPE-D16 (still easily available new for MSRP)
D8/D16 can play new video games in a VM at max settings via IOMMU-GFX.
they are great.
The D16 comes with the ASMB4 or ASMB5 module you need for the OpenBMC
open source secure remote access firmware.
For your non-qubes virtualization needs there is also the TALOS 2 which
is a brand new very fast libre firmware workstation/server platform
running a POWER9 CPU with the IBM OpenBMC (better than the D16's
facebook OpenBMC)
x86 is dead freedomwise, the future is POWER which is now the only owner
controlled performance CPU arch, if you have the money I would get it as
it is really great and you can set up a nice secure virtualization
platform it also supports IOMMU-GFX for video acceleration in VM's.
Puricrap isn't on the list because they falsely claim their laptops have
open source firmware which they don't, and that their ME is disabled
which it isn't.
> I want Qubes because I am interested in security and therefore am willing to
> pay more for the right machine. An ideal machine might be more oriented to
> open source than the Lenovo machines.
If you have money to burn I would buy a KGPE-D16 and a G505S.
And of course for your non qubes computing needs the Talos 2 is the most
free computer on the market right now, it is the first computer sold
with libre firmware from the factory and the first that is released
along with its CPU arch thus it is brand new - POWER9 is incredibly
fast and has 4 SMT threads per core.
> In that vein I looked at the Thinkpenguin Y machine, which seemed to have
> nice specs plus the ability to get 32GB RAM
> https://www.thinkpenguin.com/gnu-linux/penguin-y-gnulinux-laptop
> however Thinkpenguin sales told me:
>
> "I wouldn't expect it to work right given Qubes4 is based off an older driver
> stack. If there is a rolling update to the driver stack I'm not aware of it.
> I believe the core is based on Fedora which has frequent releases rather than
> a rolling driver stack which I think means based on the version of Fedora
> currently used Qubes4 is slightly too far out of date to have support for the
> latest generation hardware. I think even the latest release of Fedora might
> not be adequate as I don't think its listed on either laptop as a supported
> distribution but that might just be the result of nobody checking thus far."
Thinkpenguin is an honest company, way better than the dishonest
puri.diots and system76 (now S76 claims they make their laptops in
america which is a lie as there are no us made intel CPU's)
> Is that right? So is it generally better to try and setup older hardware with
> Qubes from a strict features-compatibility standpoint?
Generally yes.
Hey feel free to email me directly for libre computing advice.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/02438013-09d4-1c14-ed3b-299144714f3f%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
0xDF372A17.asc
Description: application/pgp-keys
