the base model is 1600 usd? for an i5?
It looks pretty neat but i feel like it's over priced right?
replies(3):
Until they can get get an oss version of all the firmware it's just as secure as any off the shelf laptop with a clean install of the OS of your choosing.
If you want more security get an old Lenovo/IBM think pad mod the bios chip and get libreboot.
The cpu, graphics card, hdd, Ethernet and more have more lines of code in them than your OS kernel most likely and that code rarely gets audited even internally.
It's a tradeoff, it depends on what you're protecting against. AFAIK none of the libreboot-supported boards have VT-d, so you lose a lot of qubes's isolation features.
It'll be a great day when we can have a fully free machine (firmware-wise) with IOMMU and some auditable form of DRTM. But we're a long way from that still.
EDIT: I also doubt the markup is steep. Software people always underestimate the cost of making hardware in small quantities. These guys don't have economy of scale on their side. You could say it's expensive compared to the competition, and you'd be right, but it's not because of greedy businessmen at purism.
DRTM?
Intel's TXT framework is quite nifty not fully utilized and I'm still it's not sure if it's as good as ARM's trust zone approach. The problem is that this is/will be a very important factor in any trusted computing in the future and currently it's utterly unaudited at least publicly (and from hearsay also wasn't internally audited).
Intel is pretty much mandating AMI/AMT support within the UEFI, support for TXT/TPM/NGSCB will be also mandatory soon unless Intel open sources all of this there will never be an open source UEFI BIOS which will functional with Intel going forward. Coreboot is shipped with proprietary parts which cover it, you can use Libre but then you are stuck with a decade old hardware and there is very little hope for it to ever support modern hardware the skill set way too demanding for an OSS project without a major corporate support and without full cooperation with Intel this wont be supported. If AMD was smart they would jump on this train, but as BIOS is quite a tricky business these days (probably even more complicated than OS internals with the exception of maybe really low level kernel stuff) I just don't think they want to take that risk considering their financial state.
I wonder if MSFT would ever let OEM's lock the devices to their bloatware spec and if so how long until we get laws similar to SIM unlocks passed to give us customers some control back.
Not the sort of behavior I would classify as "trustworthy".