Here are my notes:
* Required steps to address hardware issues before installation
** Option 1: Immediately replace Broadcom PCIe WIFI chip with Intel Centrino 2230 (as explained below)
** Option 2: Remove Broadcom PCIe WIFI chip during installation
*** Qubes launches sys-net on boot (if setup during installation), and initiates the attached WIFI chip, causing an unrecoverable system freeze.
*** Disabling the WIFI chip in BIOS may also be a solution.
*** Once Qubes is installed, you may remove the WIFI device from sys-net and reinstall the hardware. You can troubleshoot this hardware by creating a sequestered NetVM (eg sys-net-broadcom) and using your ethernet connection in sys-net.
* Hardware changes I made
** Swapped out the original PCIe WIFI adapter (a Broadcom chip) which doesn't seem to be compatible - possibly with non-free firmware
** Replaced with an Intel Centrino 2230BNHMW
*** Only selected devices are compatible with the Lenovo motherboard whitelist.
*** Purchased here https://www.amazon.com/Intel-Centrino-Express-Bluetooth-2230BNHMW/dp/B009DAFJRM.
*** "FRU P/N: 04W3765" from the image references the Field Replacement Unit product number from Lenovo documentation. My chip did not arrive with that FRU indicated on the label, but it worked anyway.
*** No additional firmware required.
*** Downside is this chip does not work on 5Ghz bands. I have not yet tested bluetooth.
** Replaced HDD with SSD
* Outstanding security issues
** TPM is present but I have not enabled/tested it yet.
* Outstanding non-security issues
*** The keyboard will "freeze" intermittently on a fresh (from power off) boot. If the keyboard freezes during FDE password input, or during user login you must restart the system and try again. Once you are past user login, the Power button fix below will help.
*** Touchpad/nipple does not work on a fresh boot.
*** I have not been able to make the touchscreen work yet, but I'm optimistic. It does work on other distributions.
* Suggested approach for working around non-security issues
** As soon as possible after first boot, set the power button to activate Standby mode
*** Putting the system in Standby will "reset" the frozen keyboard.
** Use an external mouse instead of touchpad/nipple
*** This will allow for mouse movement when freshly booted.
* Alternative approach for working around non-security issues
** Always reboot your laptop immediately after login on a fresh boot, using the xfce "Log Out" menu
*** This will enable the touchpad/nipple and prevent the keyboard from freezing, once Qubes restarts.
Upgrading to kernel 4.9.29-17 (from the testing repo) fixed the mouse and keyboard issues!
It has apparently caused my Intel PCIe WiFi card to crash when returning from suspend, requiring a reboot of sys-net.
** First install the new kernel package **
dom0: qubes-dom0-update --enablerepo=qubes-dom0-current-testing kernel
dnf may ask you to add --best --allowerasing to remove conflicts. I did this, and it erased kernel 4.4.14-11, which is fine.
** Then update your boot files **
dom0: sudo grub2-mkconfig -o /boot/grub2/grub.cfg
dom0: sudo nano /boot/efi/EFI/qubes/xen.cfg
(note that you will not be able to enter the directory manually, you have to run nano from another directory)
Confirm that your xen.cfg has the new kernel set as default, and has an entry at the bottom that looks similar to the entries for the other kernels.
If it doesn't, copy one of the entries from another kernel and adjust the kernel version. Then change the default entry at the top.
** Reboot **
And you should be in good shape!