Can I hope to run Qubes OS on Macbook Air 2013

[mariusz...@gmail.com]

Same as topic name. I am currently running mac os with heavy virtual machines usage to get more security/privacy. I will probably switch to linux soon but since i plan on using a lot of one time use VMs or even whonix i would rather get as secure host as possible. So i figured why not use Qubes OS since i already do everything manually.

If not mba what high end ultrabook would you recommend ?

[Eric Shelton]

On Wednesday, January 13, 2016 at 8:15:06 AM UTC-5, mariusz...@gmail.com wrote:

Same as topic name. I am currently running mac os with heavy virtual machines usage to get more security/privacy. I will probably switch to linux soon but since i plan on using a lot of one time use VMs or even whonix i would rather get as secure host as possible. So i figured why not use Qubes OS since i already do everything manually.

If not mba what high end ultrabook would you recommend ?

 I got it working on a 2012 MacBook Air w/ 4GB of RAM:

https://groups.google.com/forum/#!topic/qubes-devel/uLDYGdKk_Dk

The 3.1 rc series of Qubes supports EFI boot, so you can likely avoid most, if not all, of the rEFInd stuff in those directions - it should just boot and install from a USB stick.  Do not create a usbvm in your install - on Macs the keyboard and trackpad are USB devices, and you won't be able to sign in if you use a usbvm.  If you have 8GB or RAM, you should be good for almost anything, including running a non-Linux OS in an HVM domain.  That could include running OS X within Qubes (https://groups.google.com/d/msg/qubes-users/RiVntUzgJmY/hiohgHm4BwAJ).  If you just have 4GB, you can still run Qubes, but mostly just running Linux.

To be on the safe side, I would suggest first making a USB stick with the OS X installer on it (you should be able to find instructions for this online - generally involves downloading the installer via the App Store and running the createinstallmedia command hiding inside the application).  Then, if things don't work, or you need to return the MacBook Air to some sane state, you at least have that as a backup.

Good luck,

Eric

[steli...@gmail.com]

Thanks for this reply. Am currently in the process of installing cubes myself on a mid 2014 macbook air with 8G RAM. Very kind of you.

[andrewa...@gmail.com]

On Wednesday, January 13, 2016 at 5:15:06 AM UTC-8, mariusz...@gmail.com wrote:
> Same as topic name. I am currently running mac os with heavy virtual machines usage to get more security/privacy. I will probably switch to linux soon but since i plan on using a lot of one time use VMs or even whonix i would rather get as secure host as possible. So i figured why not use Qubes OS since i already do everything manually.
>
> If not mba what high end ultrabook would you recommend ?

Have you seen the Purism Libre laptops? https://puri.sm/products/librem-13/

[Max Andersen]

Having a Lenovo X1 Carbon 16GB and 256SSD, a macbook air 8GB 256SSD, a
purism 13v2 with 512nvme and 16gb memory and a Lenovo Yoga 2 pro 8GB adn
256GB SSD, I must say, that the purism is bought with kill switches in
mind. It's more expensive, heavier and thicker.

If Open Source BIOS and kill switches is secondary, then The Lenovo's
are both hard rocking Qubes machines(and the qubes developer team uses
the X1 Carbon). I've had a few issues with the Librem(bios, fan's ,etc),
so be clear about your needs before purchase. If the Purism concept
appeals to you, go for it. If not, don't.

I even bought the Librem5 phone and await its arrival in a year or so,
but I guess I'm just a fanboy.

Sincerely
Max

[Tai...@gmx.com]

On 03/02/2018 12:12 PM, andrewa...@gmail.com wrote:

> On Wednesday, January 13, 2016 at 5:15:06 AM UTC-8, mariusz...@gmail.com wrote:
>> Same as topic name. I am currently running mac os with heavy virtual machines usage to get more security/privacy. I will probably switch to linux soon but since i plan on using a lot of one time use VMs or even whonix i would rather get as secure host as possible. So i figured why not use Qubes OS since i already do everything manually.
>>
>> If not mba what high end ultrabook would you recommend ?

If I was you I would buy a refurb G505S (owner controlled, with open
source hw init coreboot, blobs for video and power, no ME/PSP) plus a
high performance workstation which you can connect to remotely such as a
the libre hardware/firmware TALOS 2.

An alternative laptop choice is the X230 (open source hw init but it has
ME - which can be nerfed but not disabled/removed via me cleaner) I have
one and it is very light while still having a variety of ports to use
and a nice docking station.

Apple products don't have usable ports (macbook "pro") and you have to
have both the battery and the power cord at the same time for the CPU to
reach its highest frequency...until it downclocks due to insufficient
cooling.


There aren't really any laptops that have truly good security unlike on
the workstation realm where you have:
OpenPOWER9:
TALOS 2 (very fast)

x86_64:
KGPE-D16 (the best G34/C32 CPU's are just fast enough to play modern
games in a VM, but are very slow vs OpenPOWER9)
KCMA-D8

Unfortunately now POWER is the only owner controlled performance CPU
arch, modern x86_64 can't ever be owner controlled and ME/PSP can't ever
be disabled.

> Have you seen the Purism Libre laptops? https://puri.sm/products/librem-13/

Purism is a scam, their laptops are not at all libre or open source and
they never will be for a variety of reasons.
https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/

https://goblinrefuge.com/mediagoblin/u/onpon4/m/what-purism-s-road-to-fsf-ryf-endorsement-chart-should-look-like/
Don't buy from them, you gain no security and you are supporting a bunch
of scumbags.

It isn't as if it is impossible to make a libre computer with modern
hardware, a variety of other companies make them (eg: bunny huang -
novena, raptor cs - talos 2, etc).

OK so lets say you have millions to spend on reverse engineering (they
don't) and for some reason you don't consult actual hardware engineers
who would tell you to spend it on making a high performance POWER laptop
like a laptop of the TALOS 2 (downclock the 95W CPU + custom mobo =
POWER laptop).
Years later your reverse engineering guys you somehow figure out how to
run code on the ME core but it doesn't matter because you would be
breaking the law to actually use this in both the US and EU as breaking
DRM is illegal and ME is DRM (PAVP, HDCP, intel insider etc)
By then the hardware would be too old to be useful therefore anyone with
a brain can figure out whats really going on (hint: its about stealing
money from real projects like novena and talos 2 by selling faux libre
laptops)

ME Cleaner nerfs ME it doesn't disable it (and purism didn't make ME
cleaner - they simply profit off the work of others)

Coreboot doesn't mean open source firmware like it used to, the hardware
init for modern x86-64 hardware is all done by binary blobs.

[andrewa...@gmail.com]

> Purism is a scam, their laptops are not at all libre or open source and
> they never will be for a variety of reasons.
> https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/
>
> https://goblinrefuge.com/mediagoblin/u/onpon4/m/what-purism-s-road-to-fsf-ryf-endorsement-chart-should-look-like/
> Don't buy from them, you gain no security and you are supporting a bunch
> of scumbags.

These links are about two years old and Purism has made significant headway in that time. I encourage you to seek updated information and others to do their own research.

[Tai...@gmx.com]

On 03/05/2018 03:01 PM, andrewa...@gmail.com wrote:

> > Purism is a scam, their laptops are not at all libre or open source and
>> they never will be for a variety of reasons.
>> https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/
>>
>> https://goblinrefuge.com/mediagoblin/u/onpon4/m/what-purism-s-road-to-fsf-ryf-endorsement-chart-should-look-like/
>> Don't buy from them, you gain no security and you are supporting a bunch
>> of scumbags.
> These links are about two years old and Purism has made significant headway in that time.

Wrong - both are still 100% accurate.

"Headway" so what exactly? They still use FSP, they still have a blobbed
EC, video, power etc and disabling ME is still not only impossible but
illegal too.
Their coreboot ports do zero hardware init all of it is done by Intel's
FSP binary blob.

It isn't as if it is impossible to make real freedom hardware but thanks
to them the idea of a libre laptop has been ruined in the average
persons head and the freedom hardware movement is set back by a decade
or more - now everyone expects absolutely brand new x86_64 hardware
instead of POWER, ARM, or older AMD x86_64 hardware and they also
believe that you can disable ME and have real freedom on intel hardware.

They could have admitted they fucked up and for instance collaborated
with raptor engineering to offer a POWER laptop, but instead they
continue to double down and keep making false claims.

> I encourage you to seek updated information and others to do their own research.

How much are they paying you?

[Jason Turner]

Hi Eric, I'm trying to install Qubes 4.0RC on a 2017 MacBook. I have a USB that it boots from and get to the language screen but the keyboard and trackpad do not work. Any clues on how to get past that?

Thanks,
jason

[bmh...@gmail.com]

Hi Jason,

Did you get any further with your attempt to install Qubes 4.0 on your MacBook? I'm interested in doing the same.

Thanks
Brian