Best Desktop for Qubes

[Zbigniew Łukasiak]

A companion to the Best Laptop for Qubes thread :)

Most of the HCL is filled with laptops - very few desktops are there,
especially on the high end.

Currently I have a Dell Inspiron - works but 16GB RAM is max there
(and it is a non-ECC so most probably more than that does not make
much sense), and 16BG is not enough for me (browsers seem to eat
unbelievable amounts of RAM).

Is there a recommended desktop system for Qubes with over 16GB RAM?

--
Zbigniew Lukasiak
http://brudnopis.blogspot.com/
http://perlalchemy.blogspot.com/

[Robin Schneider]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 07/02/2017 07:28 PM, Zbigniew Łukasiak wrote:
> A companion to the Best Laptop for Qubes thread :)
>
> Most of the HCL is filled with laptops - very few desktops are there,
> especially on the high end.
>
> Currently I have a Dell Inspiron - works but 16GB RAM is max there (and it
> is a non-ECC so most probably more than that does not make much sense), and
> 16BG is not enough for me (browsers seem to eat unbelievable amounts of
> RAM).
>
> Is there a recommended desktop system for Qubes with over 16GB RAM?
>

Hi Zbigniew

The ASUS KGPE-D16 can not be left unnoticed and it has been mentioned a couple
of times in the "Best Laptop For Qubes" thread already.

You can even buy machines based on this MB built and flashed to your wishes:

* https://minifree.org/product/libreboot-d16/
* https://store.vikings.net/libre-friendly-hardware/vikings-d16-workstation

Pro:

* More than 16 GiB RAM with ease. 16 GiB is basically the entry option for
these machines ;-)
* Supported and on the HCL
* Runs Libreboot
* No management engine
* ECC RAM

Contra:

* Price
* Power consumption
* No Qubes OS 4.0 support I assume?


I guess this choice is easy :) ?

- --
Live long and prosper
Robin `ypid` Schneider -- https://me.ypid.de/
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZWTOvAAoJEIb9mAu/GkD4NzkQAICDV6fWPONqUM7lksyLbZjq
RsfvYzAGBFmutPcEWHLQr/vjwRjhOQArGwC9ARp5HYoj3LGwi24xAD/Qp5fcv2ev
EBjq74jbpvuc4hzXS+92uJyW54DSR3lXiwyED05rU11sUY558nWOX17stig6RQ08
9GO7Ad7xaRyB5Eos0P1hCyd139WWxIROv4i8ZbpttXbF2aAqzJKa53xvrNCMX0r7
a1atera4ewPdZPQJD5N1SVjcqCuHRlAfx5Dp5n/rzBdILgyIL4t65I9LQ0YAJmnA
wwqaUQshk5oPX1Eb/uv7k/JPBTNMXp05Q4YTgLxbEUwjVmL60M8WdBFVbYU9500Y
xZj92S5BqdgXIdWbQu5Rshaj6DFYVvtHcCQobY8WXB4TkRrPrtR8nfoQzqBXufbt
hA6Cm6ZFcSXYhXiud4tgoJO+VhzyOnIzjrSYDW2/SQpteL7/vsYFAE7Biz8Q0U3v
+Rln6xu1LZ/3fhnCXFLQj51T4W8z6XgNw/JTrxjC3zsmJpf64YaUWeiLgV/Ikh8/
S5bpsrQq5KkZ11i2YVsho7K4L5pcAA93lI7Xlan0qDP4CkhGnm09hID+anevXuIR
2cGSdQFymecRlHYDM6kM9N1ActRFfW3ZFkvMk7plmXZ0T8GYsu7hj4/cBZBWu+//
q/cdKW+kzKgJvWLAQSNf
=OHo2
-----END PGP SIGNATURE-----

[Tai...@gmx.com]

On 07/02/2017 01:28 PM, Zbigniew Łukasiak wrote:

> A companion to the Best Laptop for Qubes thread :)
>
> Most of the HCL is filled with laptops - very few desktops are there,
> especially on the high end.
>
> Currently I have a Dell Inspiron - works but 16GB RAM is max there
> (and it is a non-ECC so most probably more than that does not make
> much sense), and 16BG is not enough for me (browsers seem to eat
> unbelievable amounts of RAM).
>
> Is there a recommended desktop system for Qubes with over 16GB RAM?
>

The KCMA-D8 (less expensive, $330) or KGPE-D16 ($415) as I mentioned in
the laptop thread.

Both support 128GB RAM with a libre version of coreboot. (coreboot is
not necessarily free firmware)
See my buyers guide on the coreboot wiki's kgpe-d16 page if you want to
know what CPU's to get, plus install info and of course you can email me
any questions.

Those are the only systems that tick all the qubes 4.0 boxes, including
SLAT (RVI), owner CRTM TPM (optional addon module), iommu, etc.
If you really wanted to you could also make a DIY laptop with a KCMA-D8
and a 35W CPU.

[Chris Laprise]

It may have an IOMMU, but does Xen 4.6 work properly with it? Someone
had reported that a different AMD desktop configuration appeared on the
surface to be IOMMU compatible in Qubes, but in actually it wasn't being
enabled at startup.

--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

[Tai...@gmx.com]

Of course why wouldn't it?
The issue with desktops is that the OEM's fail to properly implement it
in their proprietary firmware as to differentiate their server
motherboard lines.

Who said that anyway?

[Chris Laprise]

A couple references I can recall:

https://groups.google.com/d/msgid/qubes-devel/fa59ad53-8543-480a-878f-9043036a3cd6%40googlegroups.com?utm_medium=email&utm_source=footer

https://forum.level1techs.com/t/ryzen-iommu-pcie-passthrough-works-but-level-one-techs/113862/80

https://groups.google.com/d/msgid/qubes-users/f72aa22b-bebe-4c9d-9d32-4562f8991dc4%40googlegroups.com?utm_medium=email&utm_source=footer

Don't know how much of this is firmware or other factors...

[Tai...@gmx.com]

On 07/03/2017 04:44 AM, Chris Laprise wrote:

> On 07/03/2017 02:09 AM, Tai...@gmx.com wrote:
>> On 07/02/2017 09:18 PM, Chris Laprise wrote:
>>> It may have an IOMMU, but does Xen 4.6 work properly with it? Someone
>>> had reported that a different AMD desktop configuration appeared on
>>> the surface to be IOMMU compatible in Qubes, but in actually it wasn't
>>> being enabled at startup.
>>>
>> Of course why wouldn't it?
>> The issue with desktops is that the OEM's fail to properly implement it
>> in their proprietary firmware as to differentiate their server
>> motherboard lines.
>>
>> Who said that anyway?
>>
>
> A couple references I can recall:
>
> https://groups.google.com/d/msgid/qubes-devel/fa59ad53-8543-480a-878f-9043036a3cd6%40googlegroups.com?utm_medium=email&utm_source=footer
>
>
> https://forum.level1techs.com/t/ryzen-iommu-pcie-passthrough-works-but-level-one-techs/113862/80
>
>
> https://groups.google.com/d/msgid/qubes-users/f72aa22b-bebe-4c9d-9d32-4562f8991dc4%40googlegroups.com?utm_medium=email&utm_source=footer
>
>
> Don't know how much of this is firmware or other factors...
>

That is ryzen, a new platform not bulldozer.
As usual the OEM's have failed to properly implement it in their desktop
boards.

[qubester]

On 07/02/2017 07:28 AM, Zbigniew Łukasiak wrote:
> A companion to the Best Laptop for Qubes thread :)
>
> Most of the HCL is filled with laptops - very few desktops are there,
> especially on the high end.
>
> Currently I have a Dell Inspiron - works but 16GB RAM is max there
> (and it is a non-ECC so most probably more than that does not make
> much sense), and 16BG is not enough for me (browsers seem to eat
> unbelievable amounts of RAM).
>
> Is there a recommended desktop system for Qubes with over 16GB RAM?
>

in real life there is no 'best' , it a series of choices, on what is
important to you. so, what is ?

afaik, if your not fussy about the intel ME thing, then any recent cpu
will have the virtualization stuff for 4.0

if you can find a PS2 motherboard for said cpu , then you will need to
have less headaches with any USB-VM "security" , depending on your
"adversary profile" as they say

[cooloutac]

main thing when buying a board is you want the iommu support to be compatible with qubes. There really is no way to tell besides HCL list to be 100% sure.

Other then that the best way is to look in the manual for picture of the bios settings showing the vt-d feature as available with supported intel cpu, (not greyed otu or unavailable) or even better if its shown enabled.

You also might want to make sure the bios support legacy boot and board has a ps/2 kb port.

another thing I would highly recommend is before buying the board search it on linux forums and see if people have any compatibly problems with it or not.

[thoma...@gmail.com]

I can recommend the HP Z240, i have the SFF Version with i7-6700 and 64GB Ram.
I bought the workstation from the HP Outlet Store with only 4gb of ram, but a 1TB NVME SSD and got the Ram seperately. Everything cost me around 1100$ a few months back, i think the RAM prices went up a bit since then.

[Grzesiek Chodzicki]

Highly depends on the use case and budget. SO, a few questions first:
- Does it have to be prebuilt or do You want to build it yourself?
- Do you plan on using it for GPU-intensive tasks?
- How much do you care about the looks/size/portability of your machine?
- DO you already own some PC components?
- What's your budget?

[Grzesiek Chodzicki]

2017-07-08 21:55 GMT+02:00 Zbigniew Łukasiak <zzb...@gmail.com>:

On Fri, Jul 7, 2017 at 9:27 AM, Grzesiek Chodzicki
<grzegorz....@gmail.com> wrote:
> Highly depends on the use case and budget. SO, a few questions first:
>  - Does it have to be prebuilt or do You want to build it yourself?

Yeah - most the advices I get are about building my own. Looks like
I'll end up doing that - even though I have not built my own system
for something like 15 years and I would prefer to buy a ready made
system.

>  - Do you plan on using it for GPU-intensive tasks?

No.

>  - How much do you care about the looks/size/portability of your machine?

A little.

>  - DO you already own some PC components?


>  - What's your budget?

It is high enough to buy any high end workstation.

Z.

Personally, I wouldn't risk X299 or Ryzen platforms. You can safely go with Intel X99 and it should work out of the box. The question is, how beefy does the workstation need to be? On X99 you can go as high as 128GB of ECC RAM and up to 18 core Xeon. 

Aside: please keep the qubes-users group cc'ed.