The best compromise for a Laptop (Balance security with reality of implementation)?
vel...@tutamail.com
1) Secure/Privacy
2) Usability and maintenance for the layman in need of security
3) Price
4) New laptop
Based on my research the most secure would be:
Older laptops:
G505
x220
T420
W520/W530
Pro:
-price/value
-Coreboot
Cons:
-only available as used/refurbished
For a new, currently available on the market(a positive HCL report just came up):
Lenovo - T480
I am sure other Lenovo work well...my experience has been good.
Other products I have looked at include:
Carbon 5/Developers - Recalled...potentially good in the future refurbished market. Huge value in the fact the Qubes developers use this laptop. A little expensive
Purism - Libre or coreboot? with proprietery software in BIOs
System 76 - Gaming PC primarily
Thinpenguin - Libre or coreboot? with proprietery software in BIOs, manufacturer unsure of 4.0 compatability
Talos2 - expensive(desktop only?)
My specific questions are:
1) A lot of custom gaming laptop makers in the USA...any companies flashing Coreboot or Libre on new or refurbished laptops commercially for Linux?
2) My wish list would be able to crack open a laptop and flash coreboot(orLibre) but I am concerned this is just too techy. Is it hard to do? Is it hard to maintain? Hard to repeat?
3) How risky are the proprietery BIOS? Is this Nation state, Lenovo threats only? While I like my privacy I likely have bigger issues if they want access. How risky are "stock" BIOs from say a Lenovo...realistically/practically speaking.
4) Is Qubes still better then a Mac or PC even with proprietery BIOS?
I am an open source purist(wannabe) but I need to balance usability/practicality. I am trying to understand and quantify the benefit of OSS BIOS and the security benefit balanced with ease of maintaining/implementing.
While its frustrating the hardware compatability challenges, I like the hard stance Qubes makes on hardware "certification"....
Any feedback or dialogue is welcome.
(PS Thanks for the forum members for prior posts and helping with the info above)
awokd
> I am exploring the best Qubes laptop based on the following criteria:
>
>
> 1) Secure/Privacy
> 2) Usability and maintenance for the layman in need of security
> 3) Price
> 4) New laptop
https://github.com/Qubes-Community/Contents/blob/master/docs/hardware/hardware-selection.md
It might be a biased example of the logic that led me to choosing G505s,
but the links in there could help you make up your own mind too.
> Purism - Libre or coreboot? with proprietery software in BIOs
>
>
> System 76 - Gaming PC primarily
>
>
> Thinpenguin - Libre or coreboot? with proprietery software in BIOs,
> manufacturer unsure of 4.0 compatability
Search this mailing list (and HCL) for reports, though.
> Talos2 - expensive(desktop only?)
Great hardware but not compatible with Qubes yet.
> My specific questions are:
> 1) A lot of custom gaming laptop makers in the USA...any companies
> flashing Coreboot or Libre on new or refurbished laptops commercially for
> Linux?
> 2) My wish list would be able to crack open a laptop and flash
> coreboot(orLibre) but I am concerned this is just too techy. Is it hard
> to do? Is it hard to maintain? Hard to repeat?
to desolder the flash chip in order to accomplish it (G505s doesn't). Once
you get core/libreboot on there, you can reflash updated versions using
the internal flasher so you don't have to open it up any more.
3) How risky are the
> proprietery BIOS? Is this Nation state, Lenovo threats only? While I like
> my privacy I likely have bigger issues if they want access. How risky are
> "stock" BIOs from say a Lenovo...realistically/practically speaking.
still being usable, but have no reason to suspect a targeted nation-state
attack (unless they are targeting everyone running Qubes in which case
they need their budget reduced to help them focus on real threats...)
> 4) Is Qubes still better then a Mac or PC even with proprietery BIOS?