Re: [qubes-users] Re: Best Laptop for Qubes 4+ and Heads
> So, idea - gpu passthrouth to hvm ?! unsuccessful You can't pass a primary GPU. > > I have 16GB ram - Xentop says 15GB are used > > 11 domains: 2 running, 9 blocked, 0 paused. > > Mem 16696288k total, 15389884k used, 1306404k free. > > which is quite enough, but hvm maybe eat more ram. RAM is dynamically allocated as part of ram sharing - if you launch another VM it will take a little bit away from the ones currently active. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b9fc74d-6034-699b-8e9d-265f585ef05f%40gmx.com. For more options, visit https://groups.google.com/d/optout. 0xDF372A17.asc Description: application/pgp-keys
Re: [qubes-users] Re: Best Laptop for Qubes 4+ and Heads
> Did you install coreboot? Yes. bios: CBET4000 4.8-1344-g982c7555ad >Nice! glad that still works Ericsson F5521gw - 3G/GPS/HSPA work out of box in a dedicated USB VM but only clearnet/VPN/wireguard. For Whonix and Tor need reed this https://www.whonix.org/wiki/Security_Guide#Anonymous_Mobile_Modems. So, You can sit in the forest next to the telecommunications tower)) >The RPI is not an open source firmware device FYI and I recommend instead purchasing a beagleboard or novena. >G505S: * pre-PSP AMD quad core cpu (the A10 model - the others suck) * coreboot with open cpu/ram init (unlike the blobbed puri-craptop hw init via the intel fsp binary blob) * IOMMU that works with qubes 4.0 (Must apply latest microcode updates or qubes wont work) Blob status: video+EC but people are apparently working on freeing them and the IOMMU protects you from any DMA issues. Thanks for info :) I first wanted to take a try one W520 (i7 quadcore coreboot/32GB ram and Quadro 1000m/2000m) but http://www.cs.utexas.edu/~hyu/publication/pdf/wddd17.pdf https://wiki.xen.org/wiki/Xen_VGA_Passthrough_Tested_Adapters This cards not listed and intel news are sad:( So, idea - gpu passthrouth to hvm ?! unsuccessful I have 16GB ram - Xentop says 15GB are used 11 domains: 2 running, 9 blocked, 0 paused. Mem 16696288k total, 15389884k used, 1306404k free. which is quite enough, but hvm maybe eat more ram. but now I think it might be better to buy G505S for comparison :) Thanks :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67b3826a-5e35-460e-a337-df6188a42c3f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop for Qubes 4+ and Heads
On Thu, Aug 23, 2018 at 5:08 PM, taii...@gmx.com wrote: > On 08/20/2018 01:21 PM, stallmanro...@gmail.com wrote: > > > > ME disabled (works!) > > It is a nice laptop and I recommend it sometimes BUT: > > As someone with your screen-name I would hope you know that it is > impossible to disable ME. > > In your case the BUP module still runs along with any mask roms - more > than enough to add a backdoor to your machine. > > Of course in terms of laptops it is still better than newer intel stuff > like the skylake puri-craptops where the bup AND the kernel run on their > "disabled" ME - they changed the definition of disabled just like they > did with the definition of "open firmware" :[ > > The best and most free laptop is the lenovo G505S of which there is a > thriving little coreboot-qubes4 community thanks to me telling many > people to get it :D > > G505S: > * pre-PSP AMD quad core cpu (the A10 model - the others suck) > * coreboot with open cpu/ram init (unlike the blobbed puri-craptop hw > init via the intel fsp binary blob) > * IOMMU that works with qubes 4.0 (Must apply latest microcode updates > or qubes wont work) > Blob status: video+EC but people are apparently working on freeing them > and the IOMMU protects you from any DMA issues. > > Thanks! Is there somewhere a tutorial to do all that? > In terms of other laptops the X230t (with better *20 series non chiclet > keyboard) I recommend if someone wants a tablet and the W520 if someone > wants a mobile workstation with 32GB RAM - both are of course a much > better choice than a puri-craptop as they have open source hardware init > via coreboot and the ME can be nerfed. > > > > > > 2. Tomu support (30$ ) (works fine!) > > https://www.crowdsupply.com/sutajio-kosagi/tomu > > > > porting gnuk to tomu (opensource analog yubikey, needed to use heads) > > > > https://github.com/osresearch/heads-wiki/blob/master/GPG.md > > > > Dev: https://github.com/aze00/gnuk/tree/efm32 > > PR: https://github.com/im-tomu/tomu-samples/pull/35 > > Issue: https://github.com/im-tomu/tomu-samples/issues/4 > > > > Alternative - Nitrokey > > https://shop.nitrokey.com/shop/product/nitrokey-start-6 (based on gnuk) > > > > 3. https://inversepath.com/usbarmory nice compatibility (works without > any issues) > > > > 4. for good work you need a bundle i7 2gen, 16 RAM and good SSD disk ( I > completely lack 256 gigabytes ) > > > > main templates : > > archlinux > > artful > > bionic > > centos-7 > > debian-9 > > dev (buster) > > fedora-28 > > kali-rolling > > void-template > > whonix-ws-14 > > whonix-gw-14 > > > > works fine and easy build from https://github.com/QubesOS/qubes-builder > > > > + 8-10 services (vpn,tor,wireguard etc) > > + 3-4 disp vm's (internet browsing) > > + 8+10 domains > > > > Total disk usage : 20.4% > > lvm : 36.2% 77.4GB/213.8GB > > > > So, 256GB is enough. > > > > 5. You can use it like tablet ;) > > > > https://github.com/martin-ueding/thinkpad-scripts > > > > rotate/touchscreen works great and works on every VM machine. > > Nice! glad that still works > > Did you install coreboot? > > > > > 6. TPM ownership/reset (work!) > > > > 7. 10 open vms > > > > temp 52 > > fan 3496 rpm > > > > 8. +3G modem or raspberry pi features > > The RPI is not an open source firmware device FYI and I recommend > instead purchasing a beagleboard or novena. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/b13a5dc1-e446-888c-4d96-1e62abdf7e0b%40gmx.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qDk8qxaSSQQT3DW1F-MVaxk-60i9pHCNCMRtiL8fLpMpw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop for Qubes 4+ and Heads
On 08/20/2018 01:21 PM, stallmanro...@gmail.com wrote: > > ME disabled (works!) It is a nice laptop and I recommend it sometimes BUT: As someone with your screen-name I would hope you know that it is impossible to disable ME. In your case the BUP module still runs along with any mask roms - more than enough to add a backdoor to your machine. Of course in terms of laptops it is still better than newer intel stuff like the skylake puri-craptops where the bup AND the kernel run on their "disabled" ME - they changed the definition of disabled just like they did with the definition of "open firmware" :[ The best and most free laptop is the lenovo G505S of which there is a thriving little coreboot-qubes4 community thanks to me telling many people to get it :D G505S: * pre-PSP AMD quad core cpu (the A10 model - the others suck) * coreboot with open cpu/ram init (unlike the blobbed puri-craptop hw init via the intel fsp binary blob) * IOMMU that works with qubes 4.0 (Must apply latest microcode updates or qubes wont work) Blob status: video+EC but people are apparently working on freeing them and the IOMMU protects you from any DMA issues. In terms of other laptops the X230t (with better *20 series non chiclet keyboard) I recommend if someone wants a tablet and the W520 if someone wants a mobile workstation with 32GB RAM - both are of course a much better choice than a puri-craptop as they have open source hardware init via coreboot and the ME can be nerfed. > > 2. Tomu support (30$ ) (works fine!) > https://www.crowdsupply.com/sutajio-kosagi/tomu > > porting gnuk to tomu (opensource analog yubikey, needed to use heads) > > https://github.com/osresearch/heads-wiki/blob/master/GPG.md > > Dev: https://github.com/aze00/gnuk/tree/efm32 > PR: https://github.com/im-tomu/tomu-samples/pull/35 > Issue: https://github.com/im-tomu/tomu-samples/issues/4 > > Alternative - Nitrokey > https://shop.nitrokey.com/shop/product/nitrokey-start-6 (based on gnuk) > > 3. https://inversepath.com/usbarmory nice compatibility (works without any > issues) > > 4. for good work you need a bundle i7 2gen, 16 RAM and good SSD disk ( I > completely lack 256 gigabytes ) > > main templates : > archlinux > artful > bionic > centos-7 > debian-9 > dev (buster) > fedora-28 > kali-rolling > void-template > whonix-ws-14 > whonix-gw-14 > > works fine and easy build from https://github.com/QubesOS/qubes-builder > > + 8-10 services (vpn,tor,wireguard etc) > + 3-4 disp vm's (internet browsing) > + 8+10 domains > > Total disk usage : 20.4% > lvm : 36.2% 77.4GB/213.8GB > > So, 256GB is enough. > > 5. You can use it like tablet ;) > > https://github.com/martin-ueding/thinkpad-scripts > > rotate/touchscreen works great and works on every VM machine. Nice! glad that still works Did you install coreboot? > > 6. TPM ownership/reset (work!) > > 7. 10 open vms > > temp 52 > fan 3496 rpm > > 8. +3G modem or raspberry pi features The RPI is not an open source firmware device FYI and I recommend instead purchasing a beagleboard or novena. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b13a5dc1-e446-888c-4d96-1e62abdf7e0b%40gmx.com. For more options, visit https://groups.google.com/d/optout. 0xDF372A17.asc Description: application/pgp-keys
Re: [qubes-users] Re: Best Laptop For Qubes
On Tuesday, July 4, 2017 at 9:16:12 PM UTC-4, pixel fairy wrote: > On Tuesday, July 4, 2017 at 2:23:56 PM UTC-7, J. Eppler wrote: > > > However, the initial question was what is the best or rephrase the > > question: "what laptops work well with Qubes OS"? ThinkPad was mentioned a > > couple of times and Purism. Are there any other brands or options which > > have not been mentioned until now and are working well with Qubes 3.2 and > > will work properly with Qubes 4.0? > > many of dell xps and lattitude models work well. their sales droid told me > the inspiron 15 would also work, just make sure you get it with an i5. i would double check the hcl list though, for example most the xps 15 don't support iommu, but one model does supposedly. very hard to choose for laptop cause the oems don't really give you a bios manual i don't think? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3cafe3fd-23a6-4898-b12f-8e2c46698b21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On Tuesday, July 4, 2017 at 2:23:56 PM UTC-7, J. Eppler wrote: > However, the initial question was what is the best or rephrase the question: > "what laptops work well with Qubes OS"? ThinkPad was mentioned a couple of > times and Purism. Are there any other brands or options which have not been > mentioned until now and are working well with Qubes 3.2 and will work > properly with Qubes 4.0? many of dell xps and lattitude models work well. their sales droid told me the inspiron 15 would also work, just make sure you get it with an i5. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/74b0e933-d1f3-4b05-aa5d-927e447f918e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
I have to agree with @cooloutac $ 500 for just the motherboard and a keyboard is very expensive. You have to add the price for at least the CPU, power supply, memory, housing (optional), storage, monitor, mouse to be able to compare it slightly with a laptop. However, the initial question was what is the best or rephrase the question: "what laptops work well with Qubes OS"? ThinkPad was mentioned a couple of times and Purism. Are there any other brands or options which have not been mentioned until now and are working well with Qubes 3.2 and will work properly with Qubes 4.0? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f8a6205-3ff9-43ec-bbe0-4da5c79c5a32%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On Friday, June 30, 2017 at 2:19:53 AM UTC-4, tai...@gmx.com wrote: > On 06/28/2017 09:57 PM, cooloutac wrote: > > > On Wednesday, June 28, 2017 at 2:39:19 PM UTC-4, tai...@gmx.com wrote: > >> On 06/27/2017 10:20 PM, cooloutac wrote: > >> > >>> its common sense to me man. Server boards are designed for servers. I > >>> gave some tips on how to get something compatible which I think is > >>> priority. Another one is to research the board on linux forums and see > >>> if its used alot or not or if it has problems. > >> "Designed for servers" The IC's are identical to their desktop > >> counterparts, just with different features burned in. > >> > >> I want you to explain to me what makes a desktop board and CPU different > >> from a "server" board and CPU, real technical differences not marketing. > >>>Its like wanting to use centos as a gaming os. is it possible? > >>> probably, anything is possible, but is it practical? > >> CentOS and fedora are literally the same thing, what do you think makes > >> them different? > >>> But Jean brings up good points whats "best" is subjective. > >>> > >>>But I have to say talking someone out of buying Purism that supports > >>> Qubes and free hardware like you want, calling it overpriced, and then > >>> recommending expensive as hell server boards and 100 dollar keyboards as > >>> a little strange. I mean you balked first. > >>> > >> For the last time, purism is NOT free hardware. > >> Whats free about it? Why don't you explain that to me. > >> > >> I paid $500 total for my setup including the $300 motherboard and I have > >> actual free firmware, $80 more gets me a great keyboard that lasts 30 > >> years - compared to that a 2K quanta rebrand is simply overpriced. > > i only saw it for 475 just the motherboard alone, and I presum > > compatibility problems with it just cause its not a popular board. 100% > > libre is nice and all but so is being part of society lol. can you link > > me cheaper deals? lol 100 dollars for that keyboard. > The KCMA-D8 MSRP is $315, and the KGPE-D16 is $415 (available on newegg) > - I can't understand as to why you want to convince people to buy a 2K > laptop but $500 for a legitimately free system is considered too much money. > Boards don't have "compatibility issues", chipsets do.. The firmware > configures reference tables like SRAT/SLIT/IRVS etc but it shouldn't be > present or doing anything once you're in an OS. The chipset in that is > physically identical to the one in an AM3+ board you've probably had at > some point so it is quite popular. Irregardless I have tested it and it > works great. > > AMD has released a decent amount of documentation on their pre-2013 > systems, and it is enough to make firmware ports - they have also > donated time and resources to the coreboot project which makes them a > company worthy of respect - we can only hope they continue with that for > zen. > > The average keyboard costs $30 but it only lasts 3 years or less if like > to eat/drink at your desk, and $80 is actually a pretty good deal for > what it is - most mechanical keyboards are $200+. once you type on one > you can't go back. sure 500 dollars would be a great deal for a whole system, but you are just talking about the motherboard and keyboard for 500. seems expensive, especially since you complain about the price of purism. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/988adbc5-5411-4561-8673-16cfcc25731f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On 06/28/2017 09:57 PM, cooloutac wrote: On Wednesday, June 28, 2017 at 2:39:19 PM UTC-4, tai...@gmx.com wrote: On 06/27/2017 10:20 PM, cooloutac wrote: its common sense to me man. Server boards are designed for servers. I gave some tips on how to get something compatible which I think is priority. Another one is to research the board on linux forums and see if its used alot or not or if it has problems. "Designed for servers" The IC's are identical to their desktop counterparts, just with different features burned in. I want you to explain to me what makes a desktop board and CPU different from a "server" board and CPU, real technical differences not marketing. Its like wanting to use centos as a gaming os. is it possible? probably, anything is possible, but is it practical? CentOS and fedora are literally the same thing, what do you think makes them different? But Jean brings up good points whats "best" is subjective. But I have to say talking someone out of buying Purism that supports Qubes and free hardware like you want, calling it overpriced, and then recommending expensive as hell server boards and 100 dollar keyboards as a little strange. I mean you balked first. For the last time, purism is NOT free hardware. Whats free about it? Why don't you explain that to me. I paid $500 total for my setup including the $300 motherboard and I have actual free firmware, $80 more gets me a great keyboard that lasts 30 years - compared to that a 2K quanta rebrand is simply overpriced. i only saw it for 475 just the motherboard alone, and I presum compatibility problems with it just cause its not a popular board. 100% libre is nice and all but so is being part of society lol. can you link me cheaper deals? lol 100 dollars for that keyboard. The KCMA-D8 MSRP is $315, and the KGPE-D16 is $415 (available on newegg) - I can't understand as to why you want to convince people to buy a 2K laptop but $500 for a legitimately free system is considered too much money. Boards don't have "compatibility issues", chipsets do.. The firmware configures reference tables like SRAT/SLIT/IRVS etc but it shouldn't be present or doing anything once you're in an OS. The chipset in that is physically identical to the one in an AM3+ board you've probably had at some point so it is quite popular. Irregardless I have tested it and it works great. AMD has released a decent amount of documentation on their pre-2013 systems, and it is enough to make firmware ports - they have also donated time and resources to the coreboot project which makes them a company worthy of respect - we can only hope they continue with that for zen. The average keyboard costs $30 but it only lasts 3 years or less if like to eat/drink at your desk, and $80 is actually a pretty good deal for what it is - most mechanical keyboards are $200+. once you type on one you can't go back. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37fd05df-17e2-4c30-4f72-5d21651cfa97%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On Wednesday, June 28, 2017 at 2:39:19 PM UTC-4, tai...@gmx.com wrote: > On 06/27/2017 10:20 PM, cooloutac wrote: > > > its common sense to me man. Server boards are designed for servers. I gave > > some tips on how to get something compatible which I think is priority. > > Another one is to research the board on linux forums and see if its used > > alot or not or if it has problems. > "Designed for servers" The IC's are identical to their desktop > counterparts, just with different features burned in. > > I want you to explain to me what makes a desktop board and CPU different > from a "server" board and CPU, real technical differences not marketing. > > > > Its like wanting to use centos as a gaming os. is it possible? > > probably, anything is possible, but is it practical? > CentOS and fedora are literally the same thing, what do you think makes > them different? > > But Jean brings up good points whats "best" is subjective. > > > > But I have to say talking someone out of buying Purism that supports > > Qubes and free hardware like you want, calling it overpriced, and then > > recommending expensive as hell server boards and 100 dollar keyboards as a > > little strange. I mean you balked first. > > > For the last time, purism is NOT free hardware. > Whats free about it? Why don't you explain that to me. > > I paid $500 total for my setup including the $300 motherboard and I have > actual free firmware, $80 more gets me a great keyboard that lasts 30 > years - compared to that a 2K quanta rebrand is simply overpriced. i only saw it for 475 just the motherboard alone, and I presum compatibility problems with it just cause its not a popular board. 100% libre is nice and all but so is being part of society lol. can you link me cheaper deals? lol 100 dollars for that keyboard. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f7c0ec8c-38df-4c48-95a5-4d19c6495cc7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On 06/27/2017 10:20 PM, cooloutac wrote: its common sense to me man. Server boards are designed for servers. I gave some tips on how to get something compatible which I think is priority. Another one is to research the board on linux forums and see if its used alot or not or if it has problems. "Designed for servers" The IC's are identical to their desktop counterparts, just with different features burned in. I want you to explain to me what makes a desktop board and CPU different from a "server" board and CPU, real technical differences not marketing. Its like wanting to use centos as a gaming os. is it possible? probably, anything is possible, but is it practical? CentOS and fedora are literally the same thing, what do you think makes them different? But Jean brings up good points whats "best" is subjective. But I have to say talking someone out of buying Purism that supports Qubes and free hardware like you want, calling it overpriced, and then recommending expensive as hell server boards and 100 dollar keyboards as a little strange. I mean you balked first. For the last time, purism is NOT free hardware. Whats free about it? Why don't you explain that to me. I paid $500 total for my setup including the $300 motherboard and I have actual free firmware, $80 more gets me a great keyboard that lasts 30 years - compared to that a 2K quanta rebrand is simply overpriced. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/606f8075-b42a-be10-1078-510cb020dc7c%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On Tuesday, June 27, 2017 at 12:06:35 AM UTC-4, tai...@gmx.com wrote: > On 06/26/2017 11:41 PM, cooloutac wrote: > > > On Monday, June 26, 2017 at 11:14:32 PM UTC-4, tai...@gmx.com wrote: > >> On 06/26/2017 10:57 PM, cooloutac wrote: > >> > >>> On Monday, June 26, 2017 at 10:43:26 PM UTC-4, tai...@gmx.com wrote: > On 06/26/2017 10:30 PM, cooloutac wrote: > > >> An intel gpu on an opteron server board? and you wonder why I question > >> your expertise. > >> > > maybe it was a xeon lol, point is I think server boards are for servers, I > > don't immediately think compatibility. > If you don't know what you are talking about don't just throw stuff out > there, you can have your opinion but that isn't a fact and it shouldn't > be stated as such. > It isn't right to put down good hardware for no reason like what you are > doing. > When I was a young teenager and I first joined the internet I did the > same thing until people told me to stop, then I learned for real - they > appreciated that and so did the tens of thousands of people I have > helped on various forums over the years. I hope you will do the same. > > There is no actual difference between "server" and "desktop" > CPU's/chipsets, it is 100% marketing and artificial market segmentation. > Intel/AMD don't run two production lines they simply burn fuses to turn > features off or on for that market segment. They also sell 4 and 8 core > cpus but they only make 8 core cpus, if an 8 has two broken cores > instead of throwing it away 4 are shut off and it is sold as a quad core. > > > > You keep accusing purism of being overpriced then post about a 100 dollar > > keyboard, and now 500 dollar mobos? Its like you keep trying to prove my > > point security is only for rich people. lol > A G34/C32 cpu is only around $30, whereas you'd pay $500 for a xeon with > equivalent performance > A KCMA-D8 is $330 not $500. > > I built my libre computer for $500 total, I fail to see how that is > comparable to a closed source computer (purism) that costs thousands of > dollars - if they were actually free that would be a fine price to pay > but they aren't so you're spending twice as much as a dell or system 76 > for no reason. > > I have had my Model M keyboard for 10 years, before I bought this I had > to buy a new $30 keyboard every 3 years as they would break or the > letters would wear off and they would look gross so I have saved money. > I will never have to replace it as it will never break. It feels much > better to type on and my hands stopped hurting too. > > I don't understand why people will balk at spending money on slightly > higher fixed costs (what you don't replace every pc upgrade, keyboard > chair etc) when they spent thousands on a new gaming pc every few years. its common sense to me man. Server boards are designed for servers. I gave some tips on how to get something compatible which I think is priority. Another one is to research the board on linux forums and see if its used alot or not or if it has problems. Its like wanting to use centos as a gaming os. is it possible? probably, anything is possible, but is it practical? But Jean brings up good points whats "best" is subjective. But I have to say talking someone out of buying Purism that supports Qubes and free hardware like you want, calling it overpriced, and then recommending expensive as hell server boards and 100 dollar keyboards as a little strange. I mean you balked first. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a2b2ace1-a05d-4f5a-b47b-748196aa9586%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On 06/27/2017 01:34 AM, Jean-Philippe Ouellet wrote: As for the Raptor Talos and POWER in general, yes, I totally agree it's leaps and bounds better than other commodity options, but I couldn't afford one, it wouldn't fit in my backpack, and even if it would I'm also not interested in carrying around a car battery just to power my CPU for 5 minutes. I'd love to be proven wrong, but I don't see it as a realistic option. Lol... That was my impression of Talos as well: A bit monstrous in the physical aspects. How did POWER diverge from PowerPC so radically in this respect? Is the latter technically moribund or patent-encumbered? This is somewhat offtopic from Qubes, but oh well. That's where this topic has drifted to, and the essay-rant is already written, so too bad :P I'm always glad to see the question of hardware platforms raised with Qubes, esp when discussing compatibility. There is no strictly compatible system for Qubes and this makes me think the project should eventually get into the business of detailed hardware specification... what ideal Qubes hardware looks like. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc78874d-1b8b-f36a-59e7-219170a5255c%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
Anyone? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3316e14a-368a-456f-b467-49828b2df923%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
How does Purism's Coreboot 'wrapper layer' compare to using Lenovo Bios, American Trends etc? Do we know that closed source BIOSes do not contain keyloggers to capture encryption passwords? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb6c5162-97fb-4742-a25a-ec114c13512e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
As for Purism, I have my gripes too, but at the end of the day I think their existence provides a net-positive benefit to the community and commodity hardware landscape. Personally, I think Purism's marketing is perhaps a bit... overoptimistic to a technical audience? And I do think they exaggerate their openness compared to other options. That said, I do believe their heart is in the right place, and that they do things like hiring (?) Trammell Hudson to work on heads for their machines, and having one of their staff work on revere engineering the non-removable ME sections shows that. If their perhaps somewhat objectionable marketing is necessary to sufficiently differentiate their products so they can justify their higher price tag, and if that price tag is necessary to stay alive and to fund the things they're working on that benefit the community (specifically the low level stuff - I don't care about PureOS), then so be it. It initially seemed to me that Purism was just trying to capitalize on less-technically-informed people's desire for privacy and security without really delivering on that promise, but that seems not to be the case after all, and I think they deserve more love than hate than they're currently getting from the community. Don't get me wrong, I'd love to ditch intel and foxconn and everybody else and use a risc-v novena running genode or something to get my work done, but unfortunately that day (decade?) isn't here yet, so in the mean time let's be realistic and support those trying to incrementally improve the things we can actually still get our work done with. As for the Raptor Talos and POWER in general, yes, I totally agree it's leaps and bounds better than other commodity options, but I couldn't afford one, it wouldn't fit in my backpack, and even if it would I'm also not interested in carrying around a car battery just to power my CPU for 5 minutes. I'd love to be proven wrong, but I don't see it as a realistic option. This is somewhat offtopic from Qubes, but oh well. That's where this topic has drifted to, and the essay-rant is already written, so too bad :P -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_Dhf2yHH7%2BBggHRS5t_H%3DmJJ1k2GhKc_tMOTj%3Df35baqw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On 06/26/2017 11:34 PM, cooloutac wrote: I'm wrong, Purism doesn't have secure boot. future models supposedly will though. along with tpm support. RMS must of said it on fsf, or prolly his own website. I forget which. He basically said secure boot "failed its intended purpose, so its ok to use for security purposes"... I highly doubt he would say that considering he knows the real reason MS introduced it. Well I guess I lucked out with iommu on my machine. But making sure its showing the picture of it was the suggestion I've read from Joanna on the site and it worked for me man. I just added the part of making sure it shows it as enabled in the pic, and would also add or if it states enabled by default in the manual. Yeah if it works you sure did, I have two non-libre computers that claim support in the manual but don't actually have it. Most boards also have multiple revisions, for instance gigabyte has a board that has 6 versions and IOMMU only works on 2/6. I'm not sure what you mean depending on vendor for fixes. You are making the machine yourself? lol. Or do you mean that those boards are patched more frequently? Accuse me of over analyzing if anything but I'm not trying to put anybody down. If you don't have libre firmware you can't fix things yourself, you need to rely on the vendor. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04894e3b-cd26-e0c3-0c40-0f6197396767%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On 06/26/2017 11:41 PM, cooloutac wrote: On Monday, June 26, 2017 at 11:14:32 PM UTC-4, tai...@gmx.com wrote: On 06/26/2017 10:57 PM, cooloutac wrote: On Monday, June 26, 2017 at 10:43:26 PM UTC-4, tai...@gmx.com wrote: On 06/26/2017 10:30 PM, cooloutac wrote: An intel gpu on an opteron server board? and you wonder why I question your expertise. maybe it was a xeon lol, point is I think server boards are for servers, I don't immediately think compatibility. If you don't know what you are talking about don't just throw stuff out there, you can have your opinion but that isn't a fact and it shouldn't be stated as such. It isn't right to put down good hardware for no reason like what you are doing. When I was a young teenager and I first joined the internet I did the same thing until people told me to stop, then I learned for real - they appreciated that and so did the tens of thousands of people I have helped on various forums over the years. I hope you will do the same. There is no actual difference between "server" and "desktop" CPU's/chipsets, it is 100% marketing and artificial market segmentation. Intel/AMD don't run two production lines they simply burn fuses to turn features off or on for that market segment. They also sell 4 and 8 core cpus but they only make 8 core cpus, if an 8 has two broken cores instead of throwing it away 4 are shut off and it is sold as a quad core. You keep accusing purism of being overpriced then post about a 100 dollar keyboard, and now 500 dollar mobos? Its like you keep trying to prove my point security is only for rich people. lol A G34/C32 cpu is only around $30, whereas you'd pay $500 for a xeon with equivalent performance A KCMA-D8 is $330 not $500. I built my libre computer for $500 total, I fail to see how that is comparable to a closed source computer (purism) that costs thousands of dollars - if they were actually free that would be a fine price to pay but they aren't so you're spending twice as much as a dell or system 76 for no reason. I have had my Model M keyboard for 10 years, before I bought this I had to buy a new $30 keyboard every 3 years as they would break or the letters would wear off and they would look gross so I have saved money. I will never have to replace it as it will never break. It feels much better to type on and my hands stopped hurting too. I don't understand why people will balk at spending money on slightly higher fixed costs (what you don't replace every pc upgrade, keyboard chair etc) when they spent thousands on a new gaming pc every few years. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90c71366-ec13-4950-9bfe-80d5608e0472%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On Monday, June 26, 2017 at 11:14:32 PM UTC-4, tai...@gmx.com wrote: > On 06/26/2017 10:57 PM, cooloutac wrote: > > > On Monday, June 26, 2017 at 10:43:26 PM UTC-4, tai...@gmx.com wrote: > >> On 06/26/2017 10:30 PM, cooloutac wrote: > >> > An intel gpu on an opteron server board? and you wonder why I question > your expertise. > maybe it was a xeon lol, point is I think server boards are for servers, I don't immediately think compatibility. You keep accusing purism of being overpriced then post about a 100 dollar keyboard, and now 500 dollar mobos? Its like you keep trying to prove my point security is only for rich people. lol -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9b6f3218-2317-4b00-be63-63aa1ff41e04%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
I'm wrong, Purism doesn't have secure boot. future models supposedly will though. along with tpm support. RMS must of said it on fsf, or prolly his own website. I forget which. He basically said secure boot "failed its intended purpose, so its ok to use for security purposes"... Well I guess I lucked out with iommu on my machine. But making sure its showing the picture of it was the suggestion I've read from Joanna on the site and it worked for me man. I just added the part of making sure it shows it as enabled in the pic, and would also add or if it states enabled by default in the manual. I'm not sure what you mean depending on vendor for fixes. You are making the machine yourself? lol. Or do you mean that those boards are patched more frequently? Accuse me of over analyzing if anything but I'm not trying to put anybody down. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/75385027-0410-4df1-bb7c-4ecc70c4b4cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On 06/26/2017 10:57 PM, cooloutac wrote: On Monday, June 26, 2017 at 10:43:26 PM UTC-4, tai...@gmx.com wrote: On 06/26/2017 10:30 PM, cooloutac wrote: On Monday, June 26, 2017 at 10:27:32 PM UTC-4, cooloutac wrote: On Monday, June 26, 2017 at 3:50:14 PM UTC-4, qubes...@gmail.com wrote: I know this question has been asked many times but there is still no definitive answer. The Purism laptops do not have TPM support and in the HCL list there is not a machine that ticks every box without issues. What machines are the devs using? What laptop does Joanna use? are you sure they don't man? Purism isn't worth buying, it has the same level of firmware freedom and respect for you and your privacy as a dell and is incredibly overpriced for what it is. I would advise a X220/X230 which is open source besides the ME (supports ME cleaner) The Ivy/Sandy bridge lenovo thinkpads (X220, W520, T430 etc) also support TPM and I would be more than pleased to help you install coreboot >:3 It is what I use as the open source firmware no ME Lenovo G505S lacks a dock connector which I require. In comparison purism's version of coreboot is simply a wrapper layer that uses a binary blob to do all the work. i googled, apparenlty tpm not compatible with coreboot? lol that sucks. I think they have secure boot though. so who cares about coreboot at that point lol... Coreboot has a grub payload option with kernel signing, which is the same as "secure" boot only more versatile as you can sign your owner kernels. "Secure" boot isn't secure, as there are plenty of exploits to bypass it including the probable nation state backdoors. Coreboot has TPM support for various boards, where did you get the idea it didn't? On some native init libre opteron coreboot boards such as the KGPE-D16 and KCMA-D8 coreboot has owner controlled CRTM which means the CRTM is not predictable as it would be with a vendor bios (having a predictable CRTM ruins the security of a TPM) they are all severely overpriced.and I just refer to the exploits saying hacking teams insyde bios exploit didn't work with secure boot enabled. Doesn't that say something. Richard Stallman says secure boot is ok to use. That doesn't ease your mind? Where did stallman say that? BIOS exploits are not at all stopped by "secure" boot, that is simply a kernel signing mechanism they're entirely separate. My libre kgpe-d16 gaming build cost less than I would have paid for a non-free intel machine with equivalent performance. nation state backdoors? so amd is not part of that? Not sure what we can do about that is except petition for laws against it. some guy was on irc the other day complaining he couldn't get qubes installed on one of these opteron server type boards cause I assumed the driver was not working for his intel gpu believe it or not. An intel gpu on an opteron server board? and you wonder why I question your expertise. The only way to have a backdoor on my libre boards is microcode, and they aren't going to bother wasting insane amounts of money to make one as they don't need to. The KGPE-D16 is in the qubes HCL list, and I have tested it - it works great. I think the first thing you should look at when buying hardware is if the vt-d/iommu is supported. And best way to do that is to make sure they show a picture of the option in the manual, and preferably show it enabled. If they mention the word security regarding it too thats a good sign. Everything else should fall into place as far as compatibility with qubes goes. I have bought two separate "IOMMU" supporting computers that turned out not to actually support it, both said it in the manual too - After I bought my libre KGPE-D16 I finally was able to use it and play games in a VM with an attached graphics card. (performance is great too, I play BF1 @ max settings) I am pleased to not have to rely on a vendor for fixes, as I have always been left in the lurch even for "enterprise" hardware. Honestly why do you keep arguing this? You keep putting down real quality options that work and that people can buy today. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87957c6c-0bc8-ade3-b9b2-ddd81b57d515%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On Monday, June 26, 2017 at 10:57:17 PM UTC-4, cooloutac wrote: > On Monday, June 26, 2017 at 10:43:26 PM UTC-4, tai...@gmx.com wrote: > > On 06/26/2017 10:30 PM, cooloutac wrote: > > > > > On Monday, June 26, 2017 at 10:27:32 PM UTC-4, cooloutac wrote: > > >> On Monday, June 26, 2017 at 3:50:14 PM UTC-4, qubes...@gmail.com wrote: > > >>> I know this question has been asked many times but there is still no > > >>> definitive answer. The Purism laptops do not have TPM support and in > > >>> the HCL list there is not a machine that ticks every box without > > >>> issues. What machines are the devs using? What laptop does Joanna use? > > >> are you sure they don't man? > > Purism isn't worth buying, it has the same level of firmware freedom and > > respect for you and your privacy as a dell and is incredibly overpriced > > for what it is. > > > > I would advise a X220/X230 which is open source besides the ME (supports > > ME cleaner) The Ivy/Sandy bridge lenovo thinkpads (X220, W520, T430 etc) > > also support TPM and I would be more than pleased to help you install > > coreboot >:3 It is what I use as the open source firmware no ME Lenovo > > G505S lacks a dock connector which I require. > > > > In comparison purism's version of coreboot is simply a wrapper layer > > that uses a binary blob to do all the work. > > > i googled, apparenlty tpm not compatible with coreboot? lol that sucks. > > > I think they have secure boot though. so who cares about coreboot at > > > that point lol... > > Coreboot has a grub payload option with kernel signing, which is the > > same as "secure" boot only more versatile as you can sign your owner > > kernels. > > > > "Secure" boot isn't secure, as there are plenty of exploits to bypass it > > including the probable nation state backdoors. > > > > Coreboot has TPM support for various boards, where did you get the idea > > it didn't? > > > > On some native init libre opteron coreboot boards such as the KGPE-D16 > > and KCMA-D8 coreboot has owner controlled CRTM which means the CRTM is > > not predictable as it would be with a vendor bios (having a predictable > > CRTM ruins the security of a TPM) > > they are all severely overpriced.and I just refer to the exploits saying > hacking teams insyde bios exploit didn't work with secure boot enabled. > Doesn't that say something. Richard Stallman says secure boot is ok to use. > That doesn't ease your mind? > > nation state backdoors? so amd is not part of that? Not sure what we can do > about that is except petition for laws against it. some guy was on irc the > other day complaining he couldn't get qubes installed on one of these opteron > server type boards cause I assumed the driver was not working for his intel > gpu believe it or not. > > I think the first thing you should look at when buying hardware is if the > vt-d/iommu is supported. And best way to do that is to make sure they show a > picture of the option in the manual, and preferably show it enabled. If they > mention the word security regarding it too thats a good sign. Everything > else should fall into place as far as compatibility with qubes goes. > > This is pretty hard to do with oem laptops, so you can just walk into a > computer store with the live qubes usb. and start rebooting laptops and > checking the hcl report. The worst they can do is tell you to leave there is > no way you will get arrested. Just be honest and tell them you use qubes-os > and you want to make sure the iommu feature work which is its main security > benefit. > > I would stay away from a machine that is too new is the general rule of thumb > in linux world. They are usually 1-2 years behind on hardware support. If you walk into a microcenter I guarantee you can prolly get the manager to burn it onto a usb for you lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f2e74a2-4104-4711-a4c1-21156faea870%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On Monday, June 26, 2017 at 10:43:26 PM UTC-4, tai...@gmx.com wrote: > On 06/26/2017 10:30 PM, cooloutac wrote: > > > On Monday, June 26, 2017 at 10:27:32 PM UTC-4, cooloutac wrote: > >> On Monday, June 26, 2017 at 3:50:14 PM UTC-4, qubes...@gmail.com wrote: > >>> I know this question has been asked many times but there is still no > >>> definitive answer. The Purism laptops do not have TPM support and in the > >>> HCL list there is not a machine that ticks every box without issues. What > >>> machines are the devs using? What laptop does Joanna use? > >> are you sure they don't man? > Purism isn't worth buying, it has the same level of firmware freedom and > respect for you and your privacy as a dell and is incredibly overpriced > for what it is. > > I would advise a X220/X230 which is open source besides the ME (supports > ME cleaner) The Ivy/Sandy bridge lenovo thinkpads (X220, W520, T430 etc) > also support TPM and I would be more than pleased to help you install > coreboot >:3 It is what I use as the open source firmware no ME Lenovo > G505S lacks a dock connector which I require. > > In comparison purism's version of coreboot is simply a wrapper layer > that uses a binary blob to do all the work. > > i googled, apparenlty tpm not compatible with coreboot? lol that sucks. I > > think they have secure boot though. so who cares about coreboot at that > > point lol... > Coreboot has a grub payload option with kernel signing, which is the > same as "secure" boot only more versatile as you can sign your owner > kernels. > > "Secure" boot isn't secure, as there are plenty of exploits to bypass it > including the probable nation state backdoors. > > Coreboot has TPM support for various boards, where did you get the idea > it didn't? > > On some native init libre opteron coreboot boards such as the KGPE-D16 > and KCMA-D8 coreboot has owner controlled CRTM which means the CRTM is > not predictable as it would be with a vendor bios (having a predictable > CRTM ruins the security of a TPM) they are all severely overpriced.and I just refer to the exploits saying hacking teams insyde bios exploit didn't work with secure boot enabled. Doesn't that say something. Richard Stallman says secure boot is ok to use. That doesn't ease your mind? nation state backdoors? so amd is not part of that? Not sure what we can do about that is except petition for laws against it. some guy was on irc the other day complaining he couldn't get qubes installed on one of these opteron server type boards cause I assumed the driver was not working for his intel gpu believe it or not. I think the first thing you should look at when buying hardware is if the vt-d/iommu is supported. And best way to do that is to make sure they show a picture of the option in the manual, and preferably show it enabled. If they mention the word security regarding it too thats a good sign. Everything else should fall into place as far as compatibility with qubes goes. This is pretty hard to do with oem laptops, so you can just walk into a computer store with the live qubes usb. and start rebooting laptops and checking the hcl report. The worst they can do is tell you to leave there is no way you will get arrested. Just be honest and tell them you use qubes-os and you want to make sure the iommu feature work which is its main security benefit. I would stay away from a machine that is too new is the general rule of thumb in linux world. They are usually 1-2 years behind on hardware support. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/39768495-e600-4364-99d6-ff145e8167f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On 06/26/2017 10:30 PM, cooloutac wrote: On Monday, June 26, 2017 at 10:27:32 PM UTC-4, cooloutac wrote: On Monday, June 26, 2017 at 3:50:14 PM UTC-4, qubes...@gmail.com wrote: I know this question has been asked many times but there is still no definitive answer. The Purism laptops do not have TPM support and in the HCL list there is not a machine that ticks every box without issues. What machines are the devs using? What laptop does Joanna use? are you sure they don't man? Purism isn't worth buying, it has the same level of firmware freedom and respect for you and your privacy as a dell and is incredibly overpriced for what it is. I would advise a X220/X230 which is open source besides the ME (supports ME cleaner) The Ivy/Sandy bridge lenovo thinkpads (X220, W520, T430 etc) also support TPM and I would be more than pleased to help you install coreboot >:3 It is what I use as the open source firmware no ME Lenovo G505S lacks a dock connector which I require. In comparison purism's version of coreboot is simply a wrapper layer that uses a binary blob to do all the work. i googled, apparenlty tpm not compatible with coreboot? lol that sucks. I think they have secure boot though. so who cares about coreboot at that point lol... Coreboot has a grub payload option with kernel signing, which is the same as "secure" boot only more versatile as you can sign your owner kernels. "Secure" boot isn't secure, as there are plenty of exploits to bypass it including the probable nation state backdoors. Coreboot has TPM support for various boards, where did you get the idea it didn't? On some native init libre opteron coreboot boards such as the KGPE-D16 and KCMA-D8 coreboot has owner controlled CRTM which means the CRTM is not predictable as it would be with a vendor bios (having a predictable CRTM ruins the security of a TPM) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/38ac326e-90f2-302f-5598-c2c6a0fcbcc5%40gmx.com. For more options, visit https://groups.google.com/d/optout.
