zlacker

[parent] [thread] 3 comments
1. kriro+(OP)[view] [source] 2016-11-30 13:14:00
The biggest problem is the lack of a certified laptop. Librem13 was certified for R3 but as of now there is nothing certified for R4 [0]. Their stance on Intel ME is clear and good. I hope they don't give it up or water it down with commercial licensing. So theoretically if I approach them as a company and tell them I want to get Qubes on company laptops they should tell me no laptops are secure.

One of the most interesting OS project imo, I hope there will be some changes on the hardware side eventually but unfortunately I remain skeptical.

[0] https://www.qubes-os.org/doc/certified-laptops/

replies(1): >>walter+Zn
2. walter+Zn[view] [source] 2016-11-30 16:10:31
>>kriro+(OP)
This is a problem for every x86 operating system.

If you are already running an operating system on an Intel vPro (VT-d, TXT) laptop, you can likely run Qubes on that hardware.

If you are concerned about the Intel ME, you would need an Ivy Bridge vPro device like the Lenovo x230, plus skillz [0] that improves the security posture of all operating systems, including Qubes.

[0] https://news.ycombinator.com/item?id=13056997

replies(1): >>halomr+Ps
◧◩
3. halomr+Ps[view] [source] [discussion] 2016-11-30 16:41:06
>>walter+Zn
In principle every x86 operating system has this problem. The difference is in the expectations. If a laptop is certified for Windows 10 I expect it to run Windows 10 decently. If a laptop is Qubes OS certified, I expect it to run Qubes OS securely, with decent performance.
replies(1): >>walter+Sw
◧◩◪
4. walter+Sw[view] [source] [discussion] 2016-11-30 17:04:18
>>halomr+Ps
What kind of issues have you seen with Qubes on vPro laptops?

Security is only meaningful within the context of a threat model. Qubes, like every operating system, has many possible configurations, for different threat models.

[go to top]