I do not think that UEFI is a bad idea. Adam Williamson has given a good
introduction to UEFI:
https://www.happyassassin.net/2014/01/25/uefi-boot-how-does-that-actually-work-then/
The problem is that the UEFI specifications do not give any guidelines on
how the firmware engineers should present the configuration to the user.
The goal for Qubes must be to be able to use a UEFI native boot.
The Dell E7440 came wit Windows 7 installed in BIOS compatibility mode, and
with a Windows 8 rescue CD. The only problem with ThinkPad T440p an Qubes R2 is that the mounted processor does not have VT-d. The TPM can be activated in legacy BIOS mode. I am going to buy a new processor with VT-d when the
prices have come down. But maybe Qubes R3 will be released before that happens?
I have installed a Fedora20-Live (x86_64) DVD on the E7440 in UEFI mode.
It turned out that the TPM can be activated without the secure boot turned on.
I went through the installation description of the "Anti Evil Maid"
(without installing the qubes specific anti-evil-maid) by starting TrouSerS:
# systemctl start tcsd.service
followed by c) :
# find /sys/devices -name pcrs
# cat <path_to_pcrs>
PCR-00: xx xx xx etc.
so TPM is supported by the kernel.
Dell Latitude E7440 should be ready for qubes R3 (with UEFI support).
I went a step further. I have managed to install Fedora-x86_64-21 beta in EFI
mode, so my Dell Latitude E7440 can now boot from disk with
UEFI boot enabled
TPM active
Secure Boot enabled
Trusted Execution enabled
BUT the 3.17.2 kernel does not detect TPM according to dmesg.
Does the kernel tpm module not work with UEFI firmware?
Bjarne