the base model is 1600 usd? for an i5?
It looks pretty neat but i feel like it's over priced right?
replies(3):
Until they can get get an oss version of all the firmware it's just as secure as any off the shelf laptop with a clean install of the OS of your choosing.
If you want more security get an old Lenovo/IBM think pad mod the bios chip and get libreboot.
The cpu, graphics card, hdd, Ethernet and more have more lines of code in them than your OS kernel most likely and that code rarely gets audited even internally.
It's a tradeoff, it depends on what you're protecting against. AFAIK none of the libreboot-supported boards have VT-d, so you lose a lot of qubes's isolation features.
It'll be a great day when we can have a fully free machine (firmware-wise) with IOMMU and some auditable form of DRTM. But we're a long way from that still.
EDIT: I also doubt the markup is steep. Software people always underestimate the cost of making hardware in small quantities. These guys don't have economy of scale on their side. You could say it's expensive compared to the competition, and you'd be right, but it's not because of greedy businessmen at purism.
I some how doubt small shops like PCSpecialist in the UK sell large volumes https://www.pcspecialist.co.uk/notebooks/lafiteII/
DRTM?
I think you are confusing the topic here. No one denying (ate least as far as I can tell) the isolation mechanism is good, and beyond any other approach we have seen already.
But the main problem is there . They just switched the topic for people who consider their privacy.
For example if you use windows let say it is filled with zero-day backdoors which can be useful for invading your privacy .
But when you use this laptop , yes if even your application has backdoor maybe they cannot go beyond the application layer. But for highly technical people this is non-sense (not visualization , no it is good idea, the idea of running whole system on closed source blobs) . Why ? because they have access to your data via low level backdoors.Maybe they have another level to circumvent (XEN), but it is there and adversary is in your laptop already.Effectively it is there.(It sounds for me like extremely secure environment on closed source blob, which ruins whole design)
But when we are talking about FSF approved laptop (the ones which run whole system on fsf approved software) there is no backdoor. Yes, maybe it is simpler to hack such device , but it is technical problem which should we work on, not a decision problem.
(Personally I think running secure microkernel on fsf approved laptop would be much better, but it is my opinion and since I don't have fact I am saying it in parenthesis)
So practically talking you are not improving privacy . You are improving security.
I hope I was clear enough , though I don't think so.
cmiiw
Intel's TXT framework is quite nifty not fully utilized and I'm still it's not sure if it's as good as ARM's trust zone approach. The problem is that this is/will be a very important factor in any trusted computing in the future and currently it's utterly unaudited at least publicly (and from hearsay also wasn't internally audited).
Intel is pretty much mandating AMI/AMT support within the UEFI, support for TXT/TPM/NGSCB will be also mandatory soon unless Intel open sources all of this there will never be an open source UEFI BIOS which will functional with Intel going forward. Coreboot is shipped with proprietary parts which cover it, you can use Libre but then you are stuck with a decade old hardware and there is very little hope for it to ever support modern hardware the skill set way too demanding for an OSS project without a major corporate support and without full cooperation with Intel this wont be supported. If AMD was smart they would jump on this train, but as BIOS is quite a tricky business these days (probably even more complicated than OS internals with the exception of maybe really low level kernel stuff) I just don't think they want to take that risk considering their financial state.
I wonder if MSFT would ever let OEM's lock the devices to their bloatware spec and if so how long until we get laws similar to SIM unlocks passed to give us customers some control back.
Not the sort of behavior I would classify as "trustworthy".