desktop recommendations?

[Ted Brenner]

Hi all,

My current desktop is getting old so I'm looking for an upgrade. Obviously I want to run qubes on it so hoping some of you may have recently built a new desktop that you're currently running qubes on. I've seen a lot of emails about laptops but rarely about desktops so thought it was worth asking.

Also, I've seen the hardware compatibility list. The problem with that is you have no idea how old those posts are and what sort of system they're part of. Or if they work with Qubes 4.

Anyway, thanks for help in advance.

Ted

--

Sent from my Desktop

[Chris Laprise]

Hi Ted,

The HCL has a column showing which version of Qubes the report is for.
Also the 'Credit' column contains a link to the original email
submission where you can see the date.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

[[799]]

Hello Ted,

On 03/22/2018 05:07 PM, Ted Brenner wrote:
> Hi all,
>
> My current desktop is getting old so I'm looking for an upgrade.

> [...]

for what reason are you looking for a desktop? Because of high perfomance or to use several harddrives/ssds?
Buying a laptop has lots of advantages compared to a desktop and with a docking station you get a very flexible desktop replacement.

[799]

[cooloutac]

My advice would be to research a mobo and cpu combo on linux forums and mailing lists. Read linux forums and see if people have alot of problems with that set up or how popular they are, if it works well or not.

For gpu its best to use intel which is most compatible with linux, if you want a discrete gpu, which would only be for desktop effects but does improve performance somewhat. You would be better off with a gpu that is not too new. I'd say don't get one that is newer then 2 or 3 years old. Also research their linux compatibility.

Also to make sure the mobo is compatible with Qubes, look at the manual online. Look for vt-d iommu option is available. Is it on by default or not, do they describe it as a security feature. Even better and as qubes documentation has recommended, best if you actually see a pic of the option shown enabled in the manual.

I would suggest gigabyte or asus business type mobos. not gaming ones or anything like that. Also would suggest it has a ps2 legacy keyboard port and you use a usb to ps2 adapter for better security when using sys-usb vm.

Now some others on here would say that is not going far enough and might suggest some server mobo you can flash an open source bios onto. Thats great if your a computer expert if not just get something basic for less headaches you will be reasonably secure.

[cooloutac]

also forgot to mention TPM plus TXT features in bios would add to security if you plan to use them. But again it is for more advanced users. But would imply the board might be more compatible for qubes since it has these extra security features in the first place. Just my opinion.

[cooloutac]

also just wanted to say the other reason I suggest the legacy ps2 port is if you plan to use usb 3.0 ports most boards route all the usb controllers into one when 3.0 controller (xhci) is enabled. so you would need to use the usb proxy and it would not be safe using a keyboard this way.

Although some mobos will let you manually route usb ports to specific controllers. There is always two next to the ps2 port for keyboard and mouse on separate controller if you are fine with disabling 3.0 and don't want to use a ps2 adapter.

[Tai...@gmx.com]

I suggest a KGPE-D16 MSRP $415 with an opteron 6282SE, 6284SE, 6328 or
6386SE (price range low-high).

It is the last and best owner controlled x86_64 libre firmware available
server/workstation motherboard.
You aren't missing out on any features vs a proprietary system!:
* Supports Qubes 4.0
* Supports Libreboot and Coreboot-Libre
* 32 cores and 192GB RAM max
* OpenBMC for open source secure remote management (this is the facebook
BMC which is ok but not as good as the IBM BMC that comes with the TALOS 2)
* IOMMU-GFX for gaming in a VM :D
* Proper IOMMU groups
* Dual onboard USB controllers plus a separate controller for a usb port
directly on the motherboard
* Crossfire xDMA
* TPM with owner controlled CRTM (as always only a compatible tpm works)

TXT, secure boot etc even TPM are wintel gimmicks that only provide
security theater - real AEM security is provided via the owner
controlled method of firmware code signing enforcement via grub payload
with a signed kernel/initramfs - after everything is set up you can
write-lock the flash chip and then have some type of tamper sticker or
what not.

They have stopped making them so get one whilst you still can for a
reasonable price, there are a few internet stores that are still selling
brand new for MSRP (never buy used motherboards if you have a choice as
the lifespan is much lower)

I assume you want to run qubes, if you want just a general
virtualization server/workstation I recommend the OpenPOWER TALOS 2
which is the ultimate in freedom and performance - very fast and very
free - libre firmware for board/bmc

POWER is the only performance owner controlled arch now that both intel
and amd have unfortunately embraced anti-features like ME and PSP - x86
is dead and if people don't buy alternative non-x86 arch products such
as the TALOS 2, Novena etc then so is the freedom computing movement
dead with it.
(The novena is an open source firmware laptop, check it out)
The price for the TALOS 2 $2.5K board/cpu combo and even the pre-built
options are priced lower than non-free xeon systems with equivilant
performance.

If you are looking for a laptop too I suggest the G505S, see the many
other threads on here about it - g505s is the last best x86_64 owner
controlled laptop with current coreboot firmware.
Laptop note - purism laptops are not libre and they haven't really
disabled ME - their marketing is entirely bullshit - their "open source
firmware" has an entirely binary blobbed closed source hardware
initiation process.

[Ted Brenner]

I like to tinker and I think that is easier with a desktop. Also, typically they're cheaper and I do like to have several hard drives as you mentioned. 

 

[799]

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180322214151.g2ssv6je4vgjxng3%40my-privmail.
For more options, visit https://groups.google.com/d/optout.

[cooloutac]

secure boot is a gimmick, that even Richard Stallman admits is ok to use for security purposes. a gimmick that when enabled stopped hacking teams insyde bios attack. and probably would stop the latest intel and latest amd bios attacks in the news.

Does your super expensive fancy board at least have a jumper to stop flashing of that "Free" bios?

The reason why the freedom software movement is dying is because its filled with dramatic nuts nobody can take seriously. Over hyping nonsense. Just like Richard Stallman himself had to admit secure boot is ok to use "because its failed its intended purpose". But only in his crazy mind was limiting free software its intended purpose. not in reality. The guy from thinkpenguin was talking about loading up his guns when the fcc made its ruling about wireless routers having restrictions. But yet open source software is still available for routers. Although not as popular cause most hackers around nowadays just like to destroy things not build things. People themselves are changing.

And Most people are using Qubes because they want practical reasonable privacy and security. Not because they are anti corporation or anti capitalists.

Free software, vs open source, vs closed does not matter when it comes to security. It depends on the software and one can be more secure then the other, regardless of how open it is.

It worries me that Joanna Rutkowska use to call you guys hippy nuts but now she sounds more and more like one of you. Most real world security researchers are not going to take Qubes seriously until it has secure boot or a secure flash. All the major linux distros already adopted it, and it still doesn't even go far enough.

Another reason the free software movements are not taken very seriously is that so many of their supporters contradict their own philosophies. Its sort of like Qubes users dual booting with other operating systems, or wanting gpu passthrough. Its contradictory also when most of the people promoting free software also use non free software themselves. Its really just a cool tech experiment for them that they aren't taken seriously themselves, so why would anyone else.

IF we wanted 100% security and privacy online we wouldn't even be going on line and we would be living like monks off the grid. But thats not practical or an acceptable quality of life for most people in modern times.

Is someone just wants to tinker and experiment fine, but I don't think Qubes original goal was to be a lab experiment.

[Tai...@gmx.com]

On 03/23/2018 10:01 AM, cooloutac wrote:

> secure boot is a gimmick, that even Richard Stallman admits is ok to use for security purposes. a gimmick that when enabled stopped hacking teams insyde bios attack. and probably would stop the latest intel and latest amd bios attacks in the news.

"Secure" boot is firmware based kernel code signing enforcement - the
insideh20 exploit is entirely different and doesn't involve loading a
different kernel.

> Does your super expensive fancy board at least have a jumper to stop flashing of that "Free" bios?

$415 is actually quite cheap for a server motherboard, which you would
know if you made money doing this instead of just being a kid on a
mailinglist who enjoys giving out dangerous advice to people who might
be living in a hostile foreign regime where bad computer security can
get them shot.

Jumpers that restrict internal flashing are simply setting a lock on the
flash regions that contain the firmware, as you would yourself if you
wanted additional security and it can be done with just about any EEPROM
flash device running almost any firmware.

> The reason why the freedom software movement is dying is because its filled with dramatic nuts nobody can take seriously. Over hyping nonsense. Just like Richard Stallman himself had to admit secure boot is ok to use "because its failed its intended purpose". But only in his crazy mind was limiting free software its intended purpose. not in reality.

He has done and will continue to do more for society in a month that you
will in your entire life.

> The guy from thinkpenguin was talking about loading up his guns when the fcc made its ruling about wireless routers having restrictions. But yet open source software is still available for routers.

Something being available doesn't prevent it from being illegal or
eventually phased out where one can't buy a new wi-fi card with libre
firmware.
The thinkpenguin people know much more about this matter than you as it
is their livelihood.

> Although not as popular cause most hackers around nowadays just like to destroy things not build things.

By your standards what exactly is a hacker? someone who gets arrested
and ends up on the news? or maybe someone who contributes unique code to
foss projects?

> Free software, vs open source, vs closed does not matter when it comes to security.

I take it you are using windows 10 then?

> It depends on the software and one can be more secure then the other, regardless of how open it is.

How clueless you are.

> It worries me that Joanna Rutkowska use to call you guys hippy nuts but now she sounds more and more like one of you.

Better as you say "hippy nut" than someone

> Most real world security researchers are not going to take Qubes seriously until it has secure boot or a secure flash.

Operating systems don't and can't modify EEPROM settings.

> All the major linux distros already adopted it, and it still doesn't even go far enough.

The expert has spoken and he says that a linux distribution is not good
unless it uses a microsoft technology designed to eventually take away
the right for people to install linux altogether on the average computer.

What qualifications do you have on computing security anyway? are you
employed as a programmer? IT security? etc? have you even one computer
with non-factory firmware? what are some projects or contributions that
you have made to a libre project?

[Tai...@gmx.com]

On 03/22/2018 10:01 PM, cooloutac wrote:

> also just wanted to say the other reason I suggest the legacy ps2 port is if you plan to use usb 3.0 ports most boards route all the usb controllers into one when 3.0 controller (xhci) is enabled. so you would need to use the usb proxy and it would not be safe using a keyboard this way.
>
> Although some mobos will let you manually route usb ports to specific controllers. There is always two next to the ps2 port for keyboard and mouse on separate controller if you are fine with disabling 3.0 and don't want to use a ps2 adapter.

Telling people to use PS/2 is dangerous advice as all your keystrokes
are sent out via the ground wire, it is better to instead have two or
more physically separate USB controllers.

[cooloutac]

Hacking teams insyde bios attack, was a UEFI rootkit. Secure boot stops it. Do a quick google search. And coreboot is not a magic fix either. In fact doesn't Rashashka or w/e his name use coreboot as a poc? https://www.schneier.com/blog/archives/2015/03/bios_hacking.html

Secure boot also stops one from installing coreboot, is that why you are so against it? lol. Why do you never address the fact even Richard Stallman says its ok to use secure boot for security?

And Yes, I do agree. Linux is not very secure at all. most distributions don't even turn on a firewall by default. Take security less serious then even windows. Has code and bugs older the Moses. Just as vulnerable monolithic kernel as any other. Like non core openbsd, its security is based mostly on obscurity.

And Now I need computer qualifications? lol. I've known guys with MSE certs who coudln't fix their own pc. I hate the computer nerd industry for how fake it is. Its one of the things that stood out about ITL for me, they are not like the typical folks in the industry.

[cooloutac]

Oh here we go again... I"m just repeating what Joanna Rutkowska and the devs of this very OS you are using have advised people to do.

And what if people ant to use a sys-usb and a keyboard and mouse and don't have two seperate usb controllers? And I believe USB keyboard is more vulnerable, then someone listening to your ground wire lmao... http://theinvisiblethings.blogspot.com/2011/06/usb-security-challenges.html again this is why the free software movement is never taken seriously....wow.

[Ted Brenner]

What do people recommend for CPU? With running a lot of VMs, it would seem having a lot of cores could be helpful. Is that accurate? Or is that not really necessary?

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d7496522-fc5b-4805-968f-5455872d11da%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[awokd]

On Wed, April 4, 2018 1:12 am, Ted Brenner wrote:
> What do people recommend for CPU? With running a lot of VMs, it would
> seem having a lot of cores could be helpful. Is that accurate? Or is that
> not really necessary?

It's nice to have but often usage patterns don't require it because you're
only actively using one application at a time and the rest are idle. If
you're the type who has a compile going in one qube, some video
conversions in another, watching web video in another, etc. then there's
no substitute for cores (and RAM and fast disk).

[Drew White]

I personally use one PC and one laptop.
PC is a Dell T5500, 12 threads, 24 GB RAM. I can upgrade that to 24 threads and 128 GB RAM, I run 14 Guests at a time often. I rarely use all the CPU. RAM runs out if I start too many.
X5680 with DDR3 RAM.

Laptop is an HP EliteBook 8460p, 4 threads and 8 Gb RAM, can upgrade to 8 threads and 16 GB RAM. I run 4-10 Guests at a time.
i7-2620M, SODIMM DDR3

(Guests referring to not the always active NetVM or ProxyVM.)

[Franz]

On Wed, Apr 4, 2018 at 2:15 AM, Drew White <drew....@gmail.com> wrote:

I personally use one PC and one laptop.
PC is a Dell T5500, 12 threads, 24 GB RAM. I can upgrade that to 24 threads and 128 GB RAM, I run 14 Guests at a time often. I rarely use all the CPU. RAM runs out if I start too many.
X5680 with DDR3 RAM.

Laptop is an HP EliteBook 8460p, 4 threads and 8 Gb RAM, can upgrade to 8 threads and 16 GB RAM. I run 4-10 Guests at a time.
i7-2620M, SODIMM DDR3

(Guests referring to not the always active NetVM or ProxyVM.)

I only have one Qubes laptop and no desktop, and wonder how it may be practical to keep two Qubes machines at the same time. How can one sync the two? I can only imagine with backup and restore which is too complex and time consuming to do every day. So if laptop and desktop are not synced they may be used for different aims. Is that what you do?

 

On Wednesday, 4 April 2018 11:12:54 UTC+10, Ted Brenner  wrote:
> What do people recommend for CPU? With running a lot of VMs, it would seem having a lot of cores could be helpful. Is that accurate? Or is that not really necessary?

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6165bedd-92ac-4185-a34d-ee036f068b99%40googlegroups.com.

[cooloutac]

So I think what you are saying is amount of ram is way more important then amount of cpu cores? Which makes sense to me.

[cooloutac]

and big ssd ideal too.

[Drew White]

On Thursday, 5 April 2018 01:21:50 UTC+10, cooloutac wrote:
> So I think what you are saying is amount of ram is way more important then amount of cpu cores? Which makes sense to me.

That is correct.
The requirements of things, I use static RAM, not variable.
For Linux like Fedora 22+ they are resource hungry, so giving them 1024MB+ is best. Dom0 on Qubes 3.2 can run in 1024 MB RAM, IF you are not running the standard Qubes VM Manager.
If you want to run the normal Qubes VM Manager you will need at least 2Gb assigned. They normally have 4 Gb by default. But I decrease that to 1.5GB since I use their Manager OCCASIONALLY, and not having it running all the time.

I can't say anything about Qubes 4 because their restrictions on it require the latest CPUs and all (apparently) with certain technology that pre-2017 CPUs don't have. (Or so I read).

They may have fixed some things in Qubes 4, but they are still using Fedora.

Once they have finished patching things for 4, I will be finishing a non-SystemD version of Qubes. So that will require less RAM and run faster and be more stable and secure.

So take that all into consideration too.

Another thing, make sure it's good RAM. Test it to check how many page faults and errors you get. Even if it's 2166 hz RAM, if there are too many faults, it will be slow as a wet week.

So don't get cheap things.
Thing is, you only get what you pay for. So if you pay for low quality, you get low quality.

[Tai...@gmx.com]

On 04/04/2018 10:59 PM, Drew White wrote:

> I can't say anything about Qubes 4 because their restrictions on it require the latest CPUs and all (apparently) with certain technology that pre-2017 CPUs don't have. (Or so I read).

2017? what? where did you read that? (I have a good idea where...a
certain company perhaps?)

The first CPU with all the capabilities is circa 2011 with the last and
best owner controlled x86_64 CPU's 2013. (AMD 43xx and 63xx)

[Drew White]

No, Qubes 4 I was told would require certain functionality in the CPU. I even read it on the Qubes website. Part of the CPU vulnerability remedy for RAM access and the page sharing vulnerabilities.

Qubes 4 was supposed to not work on anything except CPUs that have that.

And that was some technology only implemented in CPUs that came out in late 2016 early 2017 and beyond.

That is what I was told about Qubes 4, therefore it would not run on my older CPUs. This is what the makers of Qubes informed me of.

[Thierry Laurion]

You seem to have misunderstood. Ivy bridge and beyond on the Intel side will provide you with SLAT capabilities, IOMMU and virtualization, which is all that is required.  A x230 with 16gb ram and a i5 or i7 will provide you akk the power needed if you have an sad drive.

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.

To post to this group, send email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/49c98dd9-0546-4efd-b8fa-5af0cbdc9fa2%40googlegroups.com.

[Thierry Laurion]

Sorry for autocorrect.

[Drew White]

On Saturday, 7 April 2018 10:41:13 UTC+10, Thierry Laurion wrote:
> You seem to have misunderstood. Ivy bridge and beyond on the Intel side will provide you with SLAT capabilities, IOMMU and virtualization, which is all that is required.  A x230 with 16gb ram and a i5 or i7 will provide you akk the power needed if you have an sad drive.

I only went on what I was told. I have Ivy Bridge, and they don't have SLAT.
At least, they don't SAY they do.

Do they sometimes not say they have it even when they do?

[cooloutac]

what do you mean say how are you testing?

I'm about to go test on my ivybridge right now lol.

[brenda...@gmail.com]

On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote:

> On Saturday, 7 April 2018 10:41:13 UTC+10, Thierry Laurion wrote:
> > You seem to have misunderstood. Ivy bridge and beyond on the Intel side will provide you with SLAT capabilities, IOMMU and virtualization, which is all that is required.  A x230 with 16gb ram and a i5 or i7 will provide you akk the power needed if you have an sad drive.
>
> I only went on what I was told. I have Ivy Bridge, and they don't have SLAT.

Which CPU in particular? Did you look it up at the following link?
https://ark.intel.com/Search/FeatureFilter?productType=processors

> At least, they don't SAY they do.

Which "they" are we talking about? If you mean Intel, they are on top of keeping the ark pages updated with this information.

> Do they sometimes not say they have it even when they do?

I doubt it. But CPU-reporting tools might misreport information due to a bug, or might report how the BIOS has configured the CPU rather than what the CPU is capable of.

In addition to the CPU having to support certain features, many manufacturers don't enable the requisite virtualization features in the BIOS startup. Ignoring the closed-source firmware controversy (I don't want engage deeply on that, other than to say there are some complex ways of working around the BIOS issues with coreboot, etc. but there is no guarantee)...the BIOS issue is why I would recommend Thinkpad and Dell workstation-laptops from 2011 onward if the installed CPU has been verified in ARK* to have the supported features: VT-x with EPT or RVI *AND* VT-d or AMD-Vi aka IOMMU. These manufacturers went out of their way to do things correctly for their business-oriented machines, ensuring that all the higher-end CPU features could be utilized.

E.g. why the "manufactured after 20xx" approach does not work...

- I have a stack of purchased-used Thinkpad W520s here: manufactured in 2011 and 2012, they meet the prerequisites, as they have Sandy Bridge CPUs and proper support in BIOS.

Sadly the embedded CPU in my GPX Pocket, manufactured in 2017, has an Atom x7-Z8750 (Cherry Trail family of power-efficient CPUs). While that CPU was released to market in 2016, and while it support VT-x, both EPT and VT-d are missing, so no QUBES 4.0 support. :(

Last caveat: some Intel CPUs had broken support for these features in early steppings (manufacturer run tweaks), e.g. this one, which did not support EPT until the C2 stepping: https://ark.intel.com/products/63697/Intel-Core-i7-3930K-Processor-12M-Cache-up-to-3_80-GHz

Brendan

* AMD likely has a similar site to Intel's ARK site for use in gathering information on CPU features, but I haven't dug into that.

[Thierry Laurion]

Le sam. 7 avr. 2018 08:26, <brenda...@gmail.com> a écrit :

On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote:
> On Saturday, 7 April 2018 10:41:13 UTC+10, Thierry Laurion  wrote:
> > You seem to have misunderstood. Ivy bridge and beyond on the Intel side will provide you with SLAT capabilities, IOMMU and virtualization, which is all that is required.  A x230 with 16gb ram and a i5 or i7 will provide you akk the power needed if you have an sad drive.
>
> I only went on what I was told. I have Ivy Bridge, and they don't have SLAT.

Which CPU in particular? Did you look it up at the following link?
  https://ark.intel.com/Search/FeatureFilter?productType=processors

> At least, they don't SAY they do.

SLAT exist on Intel i3 i5 and i7 from their first generation (nehalem). Its nothing new.

https://en.m.wikipedia.org/wiki/Second_Level_Address_Translation

Check Qubes HCL:

https://www.qubes-os.org/hcl/

Which "they" are we talking about? If you mean Intel, they are on top of keeping the ark pages updated with this information.

> Do they sometimes not say they have it even when they do?

I doubt it. But CPU-reporting tools might misreport information due to a bug, or might report how the BIOS has configured the CPU rather than what the CPU is capable of.

In addition to the CPU having to support certain features, many manufacturers don't enable the requisite virtualization features in the BIOS startup. Ignoring the closed-source firmware controversy (I don't want engage deeply on that, other than to say there are some complex ways of working around the BIOS issues with coreboot, etc. but there is no guarantee)...the BIOS issue is why I would recommend Thinkpad and Dell workstation-laptops from 2011 onward if the installed CPU has been verified in ARK* to have the supported features: VT-x with EPT or RVI *AND* VT-d or AMD-Vi aka IOMMU. These manufacturers went out of their way to do things correctly for their business-oriented machines, ensuring that all the higher-end CPU features could be utilized.

E.g. why the "manufactured after 20xx" approach does not work...

- I have a stack of purchased-used Thinkpad W520s here: manufactured in 2011 and 2012, they meet the prerequisites, as they have Sandy Bridge CPUs and proper support in BIOS.

Sadly the embedded CPU in my GPX Pocket, manufactured in 2017, has an Atom x7-Z8750 (Cherry Trail family of power-efficient CPUs). While that CPU was released to market in 2016, and while it support VT-x, both EPT and VT-d are missing, so no QUBES 4.0 support. :(

Last caveat: some Intel CPUs had broken support for these features in early steppings (manufacturer run tweaks), e.g. this one, which did not support EPT until the C2 stepping: https://ark.intel.com/products/63697/Intel-Core-i7-3930K-Processor-12M-Cache-up-to-3_80-GHz

Brendan

* AMD likely has a similar site to Intel's ARK site for use in gathering information on CPU features, but I haven't dug into that.

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/747a5aa5-0540-4e94-9184-52cb849c09a2%40googlegroups.com.

[brenda...@gmail.com]

On Saturday, April 7, 2018 at 9:03:39 AM UTC-4, Thierry Laurion wrote:
> Le sam. 7 avr. 2018 08:26, <brenda...@gmail.com> a écrit :
> On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote:
> > I only went on what I was told. I have Ivy Bridge, and they don't have SLAT.
>
> Which CPU in particular? Did you look it up at the following link?
>
>   https://ark.intel.com/Search/FeatureFilter?productType=processors
>
> > At least, they don't SAY they do.
>
> SLAT exist on Intel i3 i5 and i7 from their first generation (nehalem). Its nothing new.

After reviewing, I concur Re: SLAT/EPT.

The BIOS will still need to enable VT-x to make things work. And for Qubes 4.0, you will need to verify vt-d/IOMMU is supported and enabled in/by BIOS as well.

Brendan

[cooloutac]

ya checked hcl report on my i5 and it says slat is enabled.

[Drew White]

On Saturday, 7 April 2018 22:26:18 UTC+10, brenda...@gmail.com wrote:
> On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote:
> > On Saturday, 7 April 2018 10:41:13 UTC+10, Thierry Laurion wrote:
> > > You seem to have misunderstood. Ivy bridge and beyond on the Intel side will provide you with SLAT capabilities, IOMMU and virtualization, which is all that is required.  A x230 with 16gb ram and a i5 or i7 will provide you akk the power needed if you have an sad drive.
> >
> > I only went on what I was told. I have Ivy Bridge, and they don't have SLAT.
>
> Which CPU in particular? Did you look it up at the following link?
> https://ark.intel.com/Search/FeatureFilter?productType=processors

X5600 series.

> > At least, they don't SAY they do.
>
> Which "they" are we talking about? If you mean Intel, they are on top of keeping the ark pages updated with this information.

"they" as in the CPU(s).

Yes, the Intel ones. But if it's not turned on in the CPU, then it won't be available.

> I doubt it. But CPU-reporting tools might misreport information due to a bug, or might report how the BIOS has configured the CPU rather than what the CPU is capable of.

You were right about that, the version of the tool I was using was the wrong one, and didn't know about EPT/SLAT. So I'll try it again with that CPU when I get to that location next week.