My advice would be to research a mobo and cpu combo on linux forums and mailing lists. Read linux forums and see if people have alot of problems with that set up or how popular they are, if it works well or not.
For gpu its best to use intel which is most compatible with linux, if you want a discrete gpu, which would only be for desktop effects but does improve performance somewhat. You would be better off with a gpu that is not too new. I'd say don't get one that is newer then 2 or 3 years old. Also research their linux compatibility.
Also to make sure the mobo is compatible with Qubes, look at the manual online. Look for vt-d iommu option is available. Is it on by default or not, do they describe it as a security feature. Even better and as qubes documentation has recommended, best if you actually see a pic of the option shown enabled in the manual.
I would suggest gigabyte or asus business type mobos. not gaming ones or anything like that. Also would suggest it has a ps2 legacy keyboard port and you use a usb to ps2 adapter for better security when using sys-usb vm.
Now some others on here would say that is not going far enough and might suggest some server mobo you can flash an open source bios onto. Thats great if your a computer expert if not just get something basic for less headaches you will be reasonably secure.
Although some mobos will let you manually route usb ports to specific controllers. There is always two next to the ps2 port for keyboard and mouse on separate controller if you are fine with disabling 3.0 and don't want to use a ps2 adapter.
[799]
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180322214151.g2ssv6je4vgjxng3%40my-privmail.
For more options, visit https://groups.google.com/d/optout.
secure boot is a gimmick, that even Richard Stallman admits is ok to use for security purposes. a gimmick that when enabled stopped hacking teams insyde bios attack. and probably would stop the latest intel and latest amd bios attacks in the news.
Does your super expensive fancy board at least have a jumper to stop flashing of that "Free" bios?
The reason why the freedom software movement is dying is because its filled with dramatic nuts nobody can take seriously. Over hyping nonsense. Just like Richard Stallman himself had to admit secure boot is ok to use "because its failed its intended purpose". But only in his crazy mind was limiting free software its intended purpose. not in reality. The guy from thinkpenguin was talking about loading up his guns when the fcc made its ruling about wireless routers having restrictions. But yet open source software is still available for routers. Although not as popular cause most hackers around nowadays just like to destroy things not build things. People themselves are changing.
And Most people are using Qubes because they want practical reasonable privacy and security. Not because they are anti corporation or anti capitalists.
Free software, vs open source, vs closed does not matter when it comes to security. It depends on the software and one can be more secure then the other, regardless of how open it is.
It worries me that Joanna Rutkowska use to call you guys hippy nuts but now she sounds more and more like one of you. Most real world security researchers are not going to take Qubes seriously until it has secure boot or a secure flash. All the major linux distros already adopted it, and it still doesn't even go far enough.
Another reason the free software movements are not taken very seriously is that so many of their supporters contradict their own philosophies. Its sort of like Qubes users dual booting with other operating systems, or wanting gpu passthrough. Its contradictory also when most of the people promoting free software also use non free software themselves. Its really just a cool tech experiment for them that they aren't taken seriously themselves, so why would anyone else.
IF we wanted 100% security and privacy online we wouldn't even be going on line and we would be living like monks off the grid. But thats not practical or an acceptable quality of life for most people in modern times.
Is someone just wants to tinker and experiment fine, but I don't think Qubes original goal was to be a lab experiment.
Hacking teams insyde bios attack, was a UEFI rootkit. Secure boot stops it. Do a quick google search. And coreboot is not a magic fix either. In fact doesn't Rashashka or w/e his name use coreboot as a poc? https://www.schneier.com/blog/archives/2015/03/bios_hacking.html
Secure boot also stops one from installing coreboot, is that why you are so against it? lol. Why do you never address the fact even Richard Stallman says its ok to use secure boot for security?
And Yes, I do agree. Linux is not very secure at all. most distributions don't even turn on a firewall by default. Take security less serious then even windows. Has code and bugs older the Moses. Just as vulnerable monolithic kernel as any other. Like non core openbsd, its security is based mostly on obscurity.
And Now I need computer qualifications? lol. I've known guys with MSE certs who coudln't fix their own pc. I hate the computer nerd industry for how fake it is. Its one of the things that stood out about ITL for me, they are not like the typical folks in the industry.
Oh here we go again... I"m just repeating what Joanna Rutkowska and the devs of this very OS you are using have advised people to do.
And what if people ant to use a sys-usb and a keyboard and mouse and don't have two seperate usb controllers? And I believe USB keyboard is more vulnerable, then someone listening to your ground wire lmao... http://theinvisiblethings.blogspot.com/2011/06/usb-security-challenges.html again this is why the free software movement is never taken seriously....wow.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d7496522-fc5b-4805-968f-5455872d11da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Laptop is an HP EliteBook 8460p, 4 threads and 8 Gb RAM, can upgrade to 8 threads and 16 GB RAM. I run 4-10 Guests at a time.
i7-2620M, SODIMM DDR3
(Guests referring to not the always active NetVM or ProxyVM.)
I personally use one PC and one laptop.
PC is a Dell T5500, 12 threads, 24 GB RAM. I can upgrade that to 24 threads and 128 GB RAM, I run 14 Guests at a time often. I rarely use all the CPU. RAM runs out if I start too many.
X5680 with DDR3 RAM.
Laptop is an HP EliteBook 8460p, 4 threads and 8 Gb RAM, can upgrade to 8 threads and 16 GB RAM. I run 4-10 Guests at a time.
i7-2620M, SODIMM DDR3
(Guests referring to not the always active NetVM or ProxyVM.)
On Wednesday, 4 April 2018 11:12:54 UTC+10, Ted Brenner wrote:
> What do people recommend for CPU? With running a lot of VMs, it would seem having a lot of cores could be helpful. Is that accurate? Or is that not really necessary?
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6165bedd-92ac-4185-a34d-ee036f068b99%40googlegroups.com.
So I think what you are saying is amount of ram is way more important then amount of cpu cores? Which makes sense to me.
and big ssd ideal too.
That is correct.
The requirements of things, I use static RAM, not variable.
For Linux like Fedora 22+ they are resource hungry, so giving them 1024MB+ is best. Dom0 on Qubes 3.2 can run in 1024 MB RAM, IF you are not running the standard Qubes VM Manager.
If you want to run the normal Qubes VM Manager you will need at least 2Gb assigned. They normally have 4 Gb by default. But I decrease that to 1.5GB since I use their Manager OCCASIONALLY, and not having it running all the time.
I can't say anything about Qubes 4 because their restrictions on it require the latest CPUs and all (apparently) with certain technology that pre-2017 CPUs don't have. (Or so I read).
They may have fixed some things in Qubes 4, but they are still using Fedora.
Once they have finished patching things for 4, I will be finishing a non-SystemD version of Qubes. So that will require less RAM and run faster and be more stable and secure.
So take that all into consideration too.
Another thing, make sure it's good RAM. Test it to check how many page faults and errors you get. Even if it's 2166 hz RAM, if there are too many faults, it will be slow as a wet week.
So don't get cheap things.
Thing is, you only get what you pay for. So if you pay for low quality, you get low quality.
No, Qubes 4 I was told would require certain functionality in the CPU. I even read it on the Qubes website. Part of the CPU vulnerability remedy for RAM access and the page sharing vulnerabilities.
Qubes 4 was supposed to not work on anything except CPUs that have that.
And that was some technology only implemented in CPUs that came out in late 2016 early 2017 and beyond.
That is what I was told about Qubes 4, therefore it would not run on my older CPUs. This is what the makers of Qubes informed me of.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/49c98dd9-0546-4efd-b8fa-5af0cbdc9fa2%40googlegroups.com.
On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote:
> On Saturday, 7 April 2018 10:41:13 UTC+10, Thierry Laurion wrote:
> > You seem to have misunderstood. Ivy bridge and beyond on the Intel side will provide you with SLAT capabilities, IOMMU and virtualization, which is all that is required. A x230 with 16gb ram and a i5 or i7 will provide you akk the power needed if you have an sad drive.
>
> I only went on what I was told. I have Ivy Bridge, and they don't have SLAT.
Which CPU in particular? Did you look it up at the following link?
https://ark.intel.com/Search/FeatureFilter?productType=processors
> At least, they don't SAY they do.
Which "they" are we talking about? If you mean Intel, they are on top of keeping the ark pages updated with this information.
> Do they sometimes not say they have it even when they do?
I doubt it. But CPU-reporting tools might misreport information due to a bug, or might report how the BIOS has configured the CPU rather than what the CPU is capable of.
In addition to the CPU having to support certain features, many manufacturers don't enable the requisite virtualization features in the BIOS startup. Ignoring the closed-source firmware controversy (I don't want engage deeply on that, other than to say there are some complex ways of working around the BIOS issues with coreboot, etc. but there is no guarantee)...the BIOS issue is why I would recommend Thinkpad and Dell workstation-laptops from 2011 onward if the installed CPU has been verified in ARK* to have the supported features: VT-x with EPT or RVI *AND* VT-d or AMD-Vi aka IOMMU. These manufacturers went out of their way to do things correctly for their business-oriented machines, ensuring that all the higher-end CPU features could be utilized.
E.g. why the "manufactured after 20xx" approach does not work...
- I have a stack of purchased-used Thinkpad W520s here: manufactured in 2011 and 2012, they meet the prerequisites, as they have Sandy Bridge CPUs and proper support in BIOS.
Sadly the embedded CPU in my GPX Pocket, manufactured in 2017, has an Atom x7-Z8750 (Cherry Trail family of power-efficient CPUs). While that CPU was released to market in 2016, and while it support VT-x, both EPT and VT-d are missing, so no QUBES 4.0 support. :(
Last caveat: some Intel CPUs had broken support for these features in early steppings (manufacturer run tweaks), e.g. this one, which did not support EPT until the C2 stepping: https://ark.intel.com/products/63697/Intel-Core-i7-3930K-Processor-12M-Cache-up-to-3_80-GHz
Brendan
* AMD likely has a similar site to Intel's ARK site for use in gathering information on CPU features, but I haven't dug into that.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/747a5aa5-0540-4e94-9184-52cb849c09a2%40googlegroups.com.