HCL - Dell XPS 13 (L322X)

1288 views
Skip to first unread message

Brian J Smith-Sweeney

unread,
Sep 17, 2013, 4:58:41 PM9/17/13
to qubes...@googlegroups.com
Hey folks,

Finally got around to a longstanding todo of checking out the current
state of Qubes OS, and I'm quite pleased so far. I've installed it on
the new XPS 13 and it works nicely.

Wireless is dodgy here for reasons unrelated to Qubes so I added a USB
ethernet dongle without issue using the instructions in "Assigning
Devices to VMs".

I've also setup a Windows 7 VM without issue.

Haven't gotten VT-d working; Dell's claiming the chipset doesn't
support it, but http://ark.intel.com/products/64336/ says otherwise.
We'll see how that goes.

HCL report attached.

Cheers,
Brian
Qubes-HCL-Dell_Inc._-Dell_System_XPS_L322X-20130917.txt

Axon

unread,
Sep 17, 2013, 9:09:43 PM9/17/13
to qubes...@googlegroups.com
On 09/17/13 13:58, Brian J Smith-Sweeney wrote:
> Haven't gotten VT-d working; Dell's claiming the chipset doesn't
> support it, but http://ark.intel.com/products/64336/ says otherwise.
> We'll see how that goes.

Although the CPU and chipset do support VT-d, it is possible that the
BIOS and/or firmware do not. You may wish to ask Dell, but they probably
do not know. Good luck.

Brian J Smith-Sweeney

unread,
Sep 17, 2013, 11:56:43 PM9/17/13
to Axon, qubes...@googlegroups.com
Yup, that's my concern, though Dell does (I think) package up their
own BIOS updates, so maybe they'll have something up their sleeve.

Thanks, will post here if it works out.

Cheers,
Brian

jan...@plumgrid.com

unread,
Jan 16, 2014, 4:40:04 PM1/16/14
to qubes...@googlegroups.com, Axon

Hi Brian,
Did you finally find out the answer for this?

Brian J Smith-Sweeney

unread,
Jan 16, 2014, 4:52:05 PM1/16/14
to jan...@plumgrid.com, qubes...@googlegroups.com, Axon
 I did, sorry for not posting sooner. The BIOS does not support VT-D and my request for a patch was unsurprisingly denied :).  I spoke with a very helpful support guy that handled the case across multiple calls, and he said they don't really intend to support this feature on consumer grade products, and probably not any laptops.   He was curious why I was asking and I pointed him to the Qubes project which he thought was really interesting. If nothing else maybe we'll end up with another community member. :)

I passed this hardware on to someone else at my office and picked up an X1 Carbon instead (which I think is a very solid machine fwiw).

Cheers,
Brian


--
Cheers,
Brian

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Smith-Sweeney , Assistant Director
ITS Technology Security Services, New York University
http://www.nyu.edu/its/security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cprise

unread,
Jan 16, 2014, 10:38:52 PM1/16/14
to Brian J Smith-Sweeney, jan...@plumgrid.com, qubes...@googlegroups.com, Axon

On 01/16/14 16:52, Brian J Smith-Sweeney wrote:


On Thursday, January 16, 2014, poi...@gmail.com <jan...@plumgrid.com> wrote:

Hi Brian,
Did you finally find out the answer for this?


 I did, sorry for not posting sooner. The BIOS does not support VT-D and my request for a patch was unsurprisingly denied :).  I spoke with a very helpful support guy that handled the case across multiple calls, and he said they don't really intend to support this feature on consumer grade products, and probably not any laptops.

Wow... Dell not supporting it on any laptops?! That's remarkably stingy. I could understand if they limited VT-d support to business laptops however.

I think Lenovo might even limit this feature to business laptops. That's almost to be expected. At least we have Thinkpads.

Looking farther afield, I'd guess there are some brands that prefer to support VT-d along with other virty features, but not limiting it to a 'business' product line... Sony? Samsung?

Thanks for the update.


  He was curious why I was asking and I pointed him to the Qubes project which he thought was really interesting. If nothing else maybe we'll end up with another community member. :)

I passed this hardware on to someone else at my office and picked up an X1 Carbon instead (which I think is a very solid machine fwiw).

Cheers,
Brian


--
Cheers,
Brian

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Smith-Sweeney , Assistant Director
ITS Technology Security Services, New York University
http://www.nyu.edu/its/security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--


Danny Fullerton

unread,
Jan 16, 2014, 10:53:42 PM1/16/14
to qubes...@googlegroups.com
On 01/16/14 22:38, cprise wrote:
>
> On 01/16/14 16:52, Brian J Smith-Sweeney wrote:
>>
>>
>> On Thursday, January 16, 2014, poi...@gmail.com <mailto:poi...@gmail.com>
>> <jan...@plumgrid.com <mailto:jan...@plumgrid.com>> wrote:
>>
>>
>> Hi Brian,
>> Did you finally find out the answer for this?
>>
>>
>> I did, sorry for not posting sooner. The BIOS does not support VT-D and my
>> request for a patch was unsurprisingly denied :). I spoke with a very helpful
>> support guy that handled the case across multiple calls, and he said they
>> don't really intend to support this feature on consumer grade products, and
>> probably not any laptops.
>
> Wow... Dell not supporting it on any laptops?! That's remarkably stingy. I could
> understand if they limited VT-d support to business laptops however.
>
> I think Lenovo might even limit this feature to business laptops. That's almost
> to be expected. At least we have Thinkpads.
>
> Looking farther afield, I'd guess there are some brands that prefer to support
> VT-d along with other virty features, but not limiting it to a 'business'
> product line... Sony? Samsung?
>
> Thanks for the update.
>

Not Sony. I have what used to be the very high-end of VAIO - the Z
series which they don't sell anymore - and to enable VT-d I had to
reverse engineer and reflash the BIOS (enable some hidden menus). Yes,
this also means the BIOS does not have to be signed. Pretty lame. See
the HCL.

--
Danny Fullerton

signature.asc

cprise

unread,
Jan 17, 2014, 12:45:09 AM1/17/14
to Danny Fullerton, qubes...@googlegroups.com
Sorry to hear that. They haven't turned around about this in the meantime?

I think that leaves us with a really small list of vendors whose
machines we can confidently run Qubes on. That isn't necessarily a bad
thing, as long as there is more than one to choose from. Having a
smaller hardware base to start with can prevent a lot of distraction
over compatibility with unnecessary vendor-specific tweaks (that were
intended to be accommodated by a certain mega-corporation in Redmond, WA).


Alex Dubois

unread,
Jan 17, 2014, 1:45:12 AM1/17/14
to Danny Fullerton, qubes...@googlegroups.com


Alex
Very neat Danny. I suppose nobody had the incentive to brick sony estate.

Anybody knows if Thinkpads have the same issue. I suppose all vendors may be vulnerable as opensouce bios would be unfeasible otherwise.

>
> --
> Danny Fullerton
>

Brian J Smith-Sweeney

unread,
Jan 17, 2014, 9:05:34 AM1/17/14
to cprise, Danny Fullerton, qubes...@googlegroups.com
I should say, this was in no way an official statement from Dell, this was just two guys talkig :). I'm relaying the opinion of one (fairly knowledgeable) support person, who was confident that it was not supported on any of their " consumer" stuff, *probably* not any laptops.   I got the impression it's not an oft-requested feature outside servers and high-end desktops, so while i'm dissapointed it makes sense to me that they wouldn't bother to support it. 

Brian J Smith-Sweeney

unread,
Jan 17, 2014, 9:17:21 AM1/17/14
to cprise, Danny Fullerton, qubes...@googlegroups.com


On Friday, January 17, 2014, cprise <cpr...@gmail.com> wrote:
I should say, this was in no way an official statement from Dell, this was just two guys talkig :). I'm relaying the opinion of one (fairly knowledgeable) support person, who was confident that it was not supported on any of their " consumer" stuff, *probably* not any laptops.   I got the impression it's not an oft-requested feature outside servers and high-end desktops, so while i'm dissapointed it makes sense to me that they wouldn't bother to support it. 

David Schissler

unread,
Jan 17, 2014, 2:25:28 PM1/17/14
to qubes...@googlegroups.com

Haven't gotten VT-d working; Dell's claiming the chipset doesn't
support it, but http://ark.intel.com/products/64336/ says otherwise.
We'll see how that goes.



Find out if a machine definitely supports VT-d is very difficult.

Brian J Smith-Sweeney

unread,
Jan 17, 2014, 5:01:44 PM1/17/14
to David Schissler, qubes...@googlegroups.com
Absolutely, that's definitely been the lesson here. IIRC the wiki has
some good guidance. Before I bought the X1 carbon I looked at the
BIOS instruction manual which explicitly includes a VT-d configuration
option, so I figured I was probably safe, but I've heard even that's
no guarantee it will actually work.

saimo...@gmail.com

unread,
Oct 18, 2017, 10:09:30 AM10/18/17
to qubes-users
El dimarts, 17 setembre de 2013 22:58:41 UTC+2, Brian J Smith-Sweeney va escriure:

Hi Brian,

I just inherited a DELL XPS 13 9333 and I'm a newbie to the Qubes project but I would love to try it out on this machine. According to your experience, are there any limitations of the machine that make it not a good candidate to install the latest version of Qubes?

i.e. "works nicely" seems positive but I don't understand what I would be missing without VT-d support (as you mentioned above).

Kind regards,

Simon

Chris Laprise

unread,
Oct 18, 2017, 1:34:31 PM10/18/17
to saimo...@gmail.com, qubes-users
Hi Simon,

Without VT-d the computer is vulnerable to DMA attacks via vulnerable
interfaces such as network and USB. A lot of Qubes users consider this
protection to be important.

--

Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

saimo...@gmail.com

unread,
Oct 19, 2017, 3:16:41 AM10/19/17
to qubes-users
Thanks Chris.That's a real shame because I was really looking forward to trying out Qubes. I don't need a huge amount of security but if there's an obvious vulnerability like that then it doesn't make much sense to install it on this machine. It'll have to wait until I get a machine that's compatible.
Reply all
Reply to author
Forward
0 new messages