Building a new pc for running Qubes OS

[M]

I’m thinking about building a new pc for running Qubes OS with the following specifications:

1) Motherboard: ASRock X570 Pro4
2) CPU: AMD Ryzen 3 3200G with onboard graphic (until they release one for PCIe 4.0 with onboard graphic)
3) SSD: AORUS

Does anyone know about if this will result in any problems in relation to running Qubes OS besides “the ordinary challenges”, and if so which problems ?

[Stumpy]

Did you happen to get any responses to this? Or if you already built it
how is it working? (I am starting to think about putting a box together
so am trying to take notes from others posts)

[Mark Fernandes]

On Tuesday, 31 March 2020 19:38:06 UTC+1, Stumpy wrote:

On 2019-11-01 14:57, M wrote:
> I’m thinking about building a new pc for running Qubes OS with the following specifications:
>

....

 

>
> Does anyone know about if this will result in any problems in relation to running Qubes OS besides “the ordinary challenges”, and if so which problems ?
>
Did you happen to get any responses to this? Or if you already built it
how is it working? (I am starting to think about putting a box together
so am trying to take notes from others posts)

Hello @Stumpy,

Yesterday, I came across the Novena open-source computing hardware platform whilst surfing. If you're interested in having high security in all the hardware of the computer that you use, it might be worthwhile having a look at it. Also, the info here, might additionally be useful for you, for the same reasons.

It might be worthwhile you posting about what you end-up doing, so others can learn from it.

Kind regards,

Mark Fernandes

[Tech Chris]

That sounds like a good system to me, 16 ram works ok, 32gb of ram works fabulous. DDR4 Clocked in at 2999 or something in the 2900's.. Boot time still takes at least double or tripple windows 10 but once up and running its very satisfying. I also am using an ASRock fatal1ty x370 pro gaming board.. Ryzen 7 if I recall correctly.. Built it a few years ago, just recently bumped up the ram to 32 and added a second ssd and use bios boot menu to either boot windows or qubes.. Windows cant see the qubes SSD but qubes CAN see the windows drive.. Perfect just the way I wanted it..

[Tech Chris]

I think I just deleted my post oops! Anyway, that sounds like a good system to me, I believe and I could be wrong but qubes can run on anything multi-thread capable 16 ram works ok, 32gb of ram works fabulous. DDR4 Clocked in at 2999 or something in the 2900's.. Boot time still takes at least double or tripple windows 10 but once up and running its very satisfying. I also am using an ASRock fatal1ty x370 pro gaming board.. Ryzen 7 if I recall correctly.. Built it a few years ago, just recently bumped up the ram to 32 and added a second ssd and use bios boot menu to either boot windows or qubes.. Windows cant see the qubes SSD but qubes CAN see the windows drive.. Perfect!

12:37 PM (2 minutes ago)

On Friday, November 1, 2019 at 11:57:26 AM UTC-7, M wrote:

[M]

There doesn't seem to be answer to the question here, so I'll answer it.

The mentioned setup doesn't seem to work with Qubes OS 4.0.3. Probably because the setup needs a newer kernel than the 4.0.3 version of Qubes OS comes with. But it might work with the new 4.1 version of Qubes, but that version isn't stable yet. So to use the following setup, you will have to try the 4.1 version that is under development or wait for the stable version of it to be released before you install Qubes OS on a pc with this setup.

[Tech Chris]

On Friday, November 1, 2019 at 11:57:26 AM UTC-7, M wrote:

[Tech Chris]

What the heck that sucks.. Have you tried with a video board? I am not using motherboard video.. I know u must be anxious, at least I was, and waiting around doesnt work for me.. I came crashing into qubes and it was a little messy, but I am glad I did.. Its my favorite OS!

On Friday, November 1, 2019 at 11:57:26 AM UTC-7, M wrote:

[Stumpy]

Thanks for the replies.
Perhaps to change the conversation slightly, I was thinking about
getting a used system off somewhere like ebay.

I currently have a limited budget so that might be a bit more realistic
for me at the moment... and a I have a limited computer (bought new in
2012-2013 a sys with Intel H87 express chipset and socket 1150 i5-4570
CPU @ 3.20GHz) so have a 32gb mem max which i am feeling occasionally
and a proc which i really feel when spinning up new VMs (I have a
relatively speedy samsung 860 SSD).

I started by just looking at searching for "Xenon Desktops" that were
upgradable to 128gb mem; my only reason for starting there was I assumed
that Xenon/Server/workstation setups were more likey to be Qubes
friendly? Any thoughts?

[Catacombs]

Six weeks ago I saw workstations at Salvation Army thrift store. From some company who did video editing. Windows 7 era. Xeon, 32 GB RAM. No keyboard mouse or monitor.

Usually these have had hard drives removed. No warranty. No return. They have zip ties to keep people from feeling around inside. So I don’t know if video cards have been removed.

Puri Librem is offering for pre-sale a mini. This is very likely sure to work with Qubes. They are also selling their stock of Librem Laptops, likely about to offer a higher specification CPU. Or they are financially desperate. ?? Anything from Puri- Librem is sure to work with Qubes.

Yeah. Not a workstation with a Xeon.

[Mark Fernandes]

On Wednesday, 8 April 2020 15:43:43 UTC+1, Catacombs wrote:

Six weeks ago I saw workstations at Salvation Army thrift store.  From some company who did video editing.  Windows 7 era.   Xeon, 32 GB RAM.  No keyboard mouse or monitor.  

Usually these have had hard drives removed.  No warranty.  No return.  They have zip ties to keep people from feeling around inside.  So I don’t know if video cards have been removed.  

...

Forgive my ignorance, but I would have thought that if you were planning on using Qubes OS, you would be looking at obtaining hardware least likely to have been compromised, and so would probably exclude from consideration such second-hand items.

If anyone has any contrary insights regarding this, would be very happy to be corrected concerning this. Maybe I'm just mistaken?

Thanks,

Mark Fernandes

[awokd]

Mark Fernandes:

> Forgive my ignorance, but I would have thought that if you were planning on

> using Qubes OS <https://www.qubes-os.org/>, you would be looking at

> obtaining hardware least likely to have been compromised, and so would
> probably exclude from consideration such second-hand items.
>
> If anyone has any contrary insights regarding this, would be very happy to
> be corrected concerning this. Maybe I'm just mistaken?

Not really a contrary insight, but viewpoint perhaps: Depends on if and
how someone might be targeted. For example, shipments with your name on
them can be reliably and surreptitiously intercepted and modified,
whereas the possibility of second hand hardware bought in person with no
advance notice being compromised at the hardware level (i.e. a drive
format won't fix it) is relatively slim.

--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

[Mark Fernandes]

> Forgive my ignorance, but I would have thought that if you were planning on
> using Qubes OS <https://www.qubes-os.org/>, you would be looking at
> obtaining hardware least likely to have been compromised, and so would
> probably exclude from consideration such second-hand items.
>

....
... Depends on if and how someone might be targeted. 

For example, shipments with your name on
them can be reliably and surreptitiously intercepted and modified,
whereas the possibility of second hand hardware bought in person with no
advance notice being compromised at the hardware level (i.e. a drive
format won't fix it) is relatively slim.

 

Thanks Awokd for your take on this.

But surely it would be better just to buy it brand new in a shrink-wrapped condition over the counter at a physical store, where you randomly select the hardware from many alternatives? In the UK, we have a store called PC World that seems set-up for such buying strategies in mind.

Any thoughts?

Thanks,

Mark Fernandes

[awokd]

Mark Fernandes:

> But surely it would be better just to buy it brand new in a shrink-wrapped
> condition over the counter at a physical store, where you randomly select
> the hardware from many alternatives? In the UK, we have a store called PC
> World that seems set-up for such buying strategies in mind.
>
> Any thoughts?

Good point, that could work too. There is yet another perspective where
everything new that contains ME or PSP is already compromised out of the
box, whereas older hardware lets you disable more thoroughly or avoid.
On the other hand, could just be a cost issue with new hardware. No real
"right" answer, all depends on how you weight probabilities and your
monetary units.

[Stumpy]

On 2020-04-08 13:30, 'awokd' via qubes-users wrote:
> Mark Fernandes:
>
>> But surely it would be better just to buy it brand new in a shrink-wrapped
>> condition over the counter at a physical store, where you randomly select
>> the hardware from many alternatives? In the UK, we have a store called PC
>> World that seems set-up for such buying strategies in mind.
>>
>> Any thoughts?
>
> Good point, that could work too. There is yet another perspective where
> everything new that contains ME or PSP is already compromised out of the
> box, whereas older hardware lets you disable more thoroughly or avoid.
> On the other hand, could just be a cost issue with new hardware. No real
> "right" answer, all depends on how you weight probabilities and your
> monetary units.
>

My threat model is tempered by my income, and I think its fairly safe to
say I am not being specifically targeted.

The open source, or semi-open source options like Novena or Libreum
would be great but I am not sure the Novena would be much faster than
what i have now (assuming Qubes works on Arm) and Libreum while really
cool and an effort i would love to support i am afraid they are likely
out of my price range.

I am looking for a bit of a work horse (not nessisarily bleeding edge)
but is not going to bankrupt me which, as i see it, leaves me getting
used hardware. I can put something together but at the moment have a
pretty full plate in terms of work so getting something that is
pre-assmembled (or mostly, I have bunches of drives around so that
wouldnt be an issue) and highly likely to play nice with Qubes is pretty
much at the top of my priority list.

[Mark Fernandes]

 ..

I am looking for a bit of a work horse (not nessisarily bleeding edge) ...

 

 

...  getting something that is

highly likely to play nice with Qubes is pretty
much at the top of my priority list.

 

Not sure what kind of activities you're planning on undertaking with your computer, but if you're doing any kind of activity that benefits from OpenGL, be aware that Qubes doesn't offer any OpenGL virtualisation. 

Also, just wondering whether Qubes is a good fit for you, given that its above-average security seems as though it definitely has the potential of causing a significant performance hit for "work horse" type activities.

Thanks,

Mark Fernandes

[Stumpy]

On 2020-04-09 05:11, Mark Fernandes wrote:
>  ..
>
> I am looking for a bit of a work horse (not nessisarily bleeding
> edge) ...
>
> ...  getting something that is
> highly likely to play nice with Qubes is pretty
> much at the top of my priority list.
>
>
> Not sure what kind of activities you're planning on undertaking with
> your computer, but if you're doing any kind of activity that benefits

> from OpenGL <https://en.wikipedia.org/wiki/OpenGL>, be aware that Qubes

> doesn't offer any OpenGL virtualisation

> <https://www.qubes-os.org/faq/index.html#can-i-run-applications-like-games-which-require-3d-support>.

>
>
> Also, just wondering whether Qubes is a good fit for you, given that its
> above-average security seems as though it definitely has the
> potential of causing a significant performance hit for "work horse" type
> activities.
>
>
> Thanks,
>
>
> Mark Fernandes
>

> --
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to qubes-users...@googlegroups.com
> <mailto:qubes-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/ddc638b5-41bf-4141-a9df-2f735a6e47e8%40googlegroups.com
> <https://groups.google.com/d/msgid/qubes-users/ddc638b5-41bf-4141-a9df-2f735a6e47e8%40googlegroups.com?utm_medium=email&utm_source=footer>.

I've been using it for the past 3 years so am pretty sure its a good fit
for me.
As for opengl, i didnt mean to insinuate that i was looking for gaming
(i am not).
And for work horse, i guess i mainly meant i use it for work, and
personal. I regularly have lot of AppVMs running at the same time with
lots of browsers and tabs open and occasionally play around with
digikam, dark table, and gimp so i tend to use quite a bit of memory
(hence wanting more) and with an old circa pre-2013 i5 spinning up
AppVMs is a bit slow/could be a bit faster - ergo, looking to upgrade.