Just curious if anyone knows a good laptop that can run Q4 that uses a BIOS? (No UEFI, or separate UEFI chip)
Laptop needs to be able to handle a lot of RAM (64Gb+ MAX), as well as have a pretty good CPU, 4+ threads, up to 12 at least (for upgrade).
Needs to have Nipple Mouse, not a trackpad. No Numeric Pad, so that the seating position is not off center to the screen. 15"+ screen.
Anyone have any suggestions?
They need to have good warranty on them, and QUALITY. Not cheap shitty things like the commercial end user HPs.
Just wondering what you here will suggest in the way of a Laptop. If I get a good suggestion within the next month, I'll buy it. :)
(Librem Laptops are not yet good enough, but are brilliant for security and customisability for that security.)
I'm looking for a long term evolution.
EVGA Laptops are only using UEFI now, so unless I can overwrite the BIOS in them, I won't want them. If you know that I can overwrite the BIOS in a Laptop that uses UEFI, please say so when suggesting a Laptop that is UEFI.
Sincerely,
Drew.
I know that they exist, and I would have one if I had enough money. But they do exist. As for UEFI (Microsofts shit invention) if I can disable it or else just replace it with an actual REAL BIOS, then I will.
> The best you will get is a W520 or W530 where you can install coreboot
> (open hw init + nerfed ME) and have 32GB RAM.
Can the CPU be upgraded in those though?
> Purism is not libre - their "open source firmware" has hardware
> initiation done entirely via binary blobs and their ME is certainly not
> disabled as the kernel still runs along with any hypothetical backdoor.
> Their marketing is incredibly dishonest and I simply don't understand
> why they get so much air time.
lol, then the only way I can get around it is to disable it myself by editing the CPU firmware? Or is there something else that controls that? (I'll have to look into it.)
If their information is wrong, then I'll report them for false advertising. Thanks for letting me know.
FYI, I'm happy to see you went with Lenovo.
Best End User devices in general. (Or used to be)
Booting in uefi mode I dont' have those problems. I think eventually we will have no choice but to use uefi cause all hardware will be designed for it.
Unfortunately using uefi mode does not give any security benefits since Qubes doesn't support secure boot or secure flash.
So you're a free software guy quoting crazy linus torvalds who is anything but for free software and who could care less about security... You do know him and his whole family use windows at home right? He doesn't even use linux himself. He makes kernels in virtualbox on windows 10 and for the all the suckers... At least you use an fsf kernel, too bad no more grsec to use with it, since spender is another mental patient. lmao...
What about when I quote Richard Stallman who says its ok to use secure boot for security because its "failed its intended purpose"... Why do you not address my statement on this? I find that suspicious.
The same "purpose" you still claim MS wants to happen in the future turned out to be Fear mongering politics by crazy fsf nutjobs. So you seem to ignore the whole fact secure boot is a security benefit that is beneficial to all operating systems. Stop telling me about whats going to happen in the future like you are Nostradamus, makes you seem fake since this prediction was already previously made and was wrong.
Like I said free software movement will never become popoular, if its own advocates are not even honest with themselves and seem distant from reality. You are like a car salesman to me. At least Richard Stallman half admitted he was wrong.
So I guess you don't use a gui desktop since that was made popular by evil apple and ms, and since it would be so much better for security right?? Text based machines only bud?
To Taiidan and all others complaining about Purism lies and consumer being misled.I keep reading stuff about purism lying about deactivating/disabling ME being impossible, lying about the future of Intel removing ME, etc. I think THIS is misleading.First, its me_cleaner job to do the cleaning.The ME hack itself won't remove ME, but can remove modules by stripping them. There is a big semantic difference between the words removing, disabling and deactivating, I agree. Me_cleaner won't remove ME, that is true. But all this ranting is not factual.See here:From"For pre-Skylake firmware (ME version < 11) this tool removes almost everything, leaving only the two fundamental modules needed for the correct boot, ROMP and BUP. The code size is reduced from 1.5 MB (non-AMT firmware) or 5 MB (AMT firmware) to ~90 kB of compressed code.
Starting from Skylake (ME version >= 11) the ME subsystem and the firmware structure have changed, requiring substantial changes in me_cleaner. The fundamental modules required for the correct boot are now four (rbe, kernel, syslib and bup) and the minimum code size is ~300 kB of compressed code (from the 2 MB of the non-AMT firmware and the 7 MB of the AMT one)."To have Intel without ME ( but also without vt-d2, meaning no IOMMU) one will need to choose old hardware, like the x200, which will not have more then 8gb ram and won't support hardware isolation, so no real advantage of using Qubes.x230 and x220 and others will boot with deactivated ME, booting with ROMP and BUP present, true, but without kernel and no other modules.The rest of what you say, I agree. But oversimplifying things doesn't fulfill the goal of making people aware of what is needed now and in the future. Maybe Intel will change their way of fusing keys into the CPU when they realise a lot of money is going out of their pocket to privacy defending manufacturers. Maybe not. Time only will let us know. Their objective is good. They might now success against Goliath, but really trying their best for actual possibilities. ( IOMMU, minimal ME footprint, disabling ME the same way it is done for three letters agencies laptops).Until brand new laptops can fulfill IOMMU needs for certain threat models, there is few alternatives now.Tl;dr:Used laptops:Having IOMMU without ME/PSP (Qubes): Lenovo g505s.Removed ME, without IOMMU: x200.Disabled ME with IOMMU (Qubes): x230/x220.New laptops:Deactivated ME, with IOMMU (Qubes): Purism Librems.Desktop/Servers:Used:With IOMMU (Qubes), no ME/PSP: kgpe-d16, kcma-d8New:With IOMMU (no Qubes): Talos II.Let's start a real debate aimed at improving stuff and building proper arguments.Pressure against manufacturers will build with market laws, and energy should be put where things can evolve in the meantime.For my part, I wouldn't recommend using a x200 other then for amnesic laptops.G505s are not powerful and tough enough to run Qubes as a daily driver.ME is a really nasty piece of shit to deal with, agreed. But things needs to move forward. Hiding in a cave waiting for things to magically happen is not enough.Thierry
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9231e87b-887a-b226-68bd-ac1c3573559b%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
On Sun, April 15, 2018 12:52 pm, Thierry Laurion wrote:
> Let's start a real debate aimed at improving stuff and building proper
> arguments. Pressure against manufacturers will build with market laws, and
> energy should be put where things can evolve in the meantime.
I think everyone can agree to this!
> G505s are not powerful and tough enough to run Qubes as a daily
> driver.
They don't have a titanium frame, but what laptops do these days? I did a
full Stretch linux-image build in 2.5 hours on one, but that's the
heaviest work I put it through. With 16GB RAM and a good SSD, they're fast
enough for what I need.