With such a small screen, tight keyboard and overly sensitive trackpad, i3wm is highly preferred over Xfce's need for mouse-and-click everything.
Works with CSM Legacy (non-EFI) booting only. Had to use a USB3 stick with USB3 enabled in Keyboard dock for it to be recognized.
Currently testing with Dual Boot of Windows 10 as boot manager, booting Grub, so unable to test out Anti-Evil Maid yet (will do with external ssd soon).
Xfce's mouse controls are too sensitive for the trackpad. Had to dial them back to 1 acceleration (0 would cause wild movements, had to be set to 1).
Touchscreen does not work. Haven't investigated why (I use i3wm on Linux, so I have no need for touchscreen, especially since the Xfce/KDE/Gnome login screens have zero touchscreen functionality).
Everything else seems to work out of the box. I used the usbvm to isolate everything.
qubes-hcl-report output below:
Qubes release 3.2 (R3.2)
BIOS: GFET56WW (1.35 )
RAM: 7884 Mb
Intel(R) Core(TM) i7-3667U CPU @ 2.00GHz
Intel Corporation 3rd Gen Core processor DRAM Controller [8086:0154] (rev 09)
Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] (rev 09) (prog-if 00 [VGA controller])
Intel Corporation Centrino Advanced-N 6205 [Taylor Peak] (rev 96)
SAMSUNG MZMTD256 Rev: 4L3Q
I/O MMU: Active
TPM: Device present
Qubes HCL Files are copied to: 'dom0'
Qubes-HCL-LENOVO-36984SU-20170531-142016.yml - HCL Info
It doesn't seem to complain about anything not working, and really is a fully functional PC.
I went ahead and disabled the cameras and bluetooth in the bios. Should I enable those and report on their functionality? (for privacy, those tend to be disabled, right?)
All in all, I am quite happy with this tiny 11.5" tablet and Qubes. I get about 8+ hours of battery lightly browsing w/Tor (in whonix) and Chromium (in personal), along with a few IRC and XMPP command line utils connected in the background. Heavy Chromium work (developing, videos, etc) runs the battery out at around 6 hours. For comparison, the same workload gets about the same in Windows. So I'm happy with the battery life.
As noted in the original notes I submitted, I force Windows Boot Manager to be my boot manager, not grub. I do this for Windows' built in TouchScreen support for their windows boot manager. It's a PITA to configure, copying the first 512 bytes of the boot partition to a bin file and manually configuring Windows to boot it. But, occasionally the device's battery is dead, or I forget what state it is in, etc and when I boot it and not docked in the keyboard, I need to be able to "touchscreen" it to boot in Windows.
About two years ago I setup this machine with Arch + Gnome with every Touchscreen trick in the book available -and I even modified a few drivers for it and compiled it myself. Gnome, which is hte leading "Touchscreen" WM out there for Linux, was o-k that it was functional. But I couldn't get off the lost of no touchscreen on the Login screen. The LOGIN SCREEN! THere were hacks to enable this, but they all leaked keystrokes to the root bus - and I was not happy to do that.
I'll give Gnome (and Mint, Xfce, etc) a few more years and will try touchscreen again on Linux. Until a smooth, and secure, login method + UX experience is available, I'm afraid I have to continue with Windows 10 on the tablet for now.
And with Qubes, that means dual-boot as Xfce has next to no touchscreen abilities - especially at login. I am sure Touchscreen is not a priority for Qubes anytime soon either. Oh wells. i3wm + keyboard dock works awesome.