←back to thread

Qubes OS Begins Commercialization and Community Funding Efforts

(www.qubes-os.org)
129 points detaro | 2 comments | 30 Nov 16 10:15 UTC | HN request time: 0s | source
Show context
kriro ◴[30 Nov 16 13:14 UTC] No.13070372[source]
The biggest problem is the lack of a certified laptop. Librem13 was certified for R3 but as of now there is nothing certified for R4 [0]. Their stance on Intel ME is clear and good. I hope they don't give it up or water it down with commercial licensing. So theoretically if I approach them as a company and tell them I want to get Qubes on company laptops they should tell me no laptops are secure.

One of the most interesting OS project imo, I hope there will be some changes on the hardware side eventually but unfortunately I remain skeptical.

[0] https://www.qubes-os.org/doc/certified-laptops/

replies(1): >>13071859 #
walterbell ◴[30 Nov 16 16:10 UTC] No.13071859[source]
This is a problem for every x86 operating system.

If you are already running an operating system on an Intel vPro (VT-d, TXT) laptop, you can likely run Qubes on that hardware.

If you are concerned about the Intel ME, you would need an Ivy Bridge vPro device like the Lenovo x230, plus skillz [0] that improves the security posture of all operating systems, including Qubes.

[0] https://news.ycombinator.com/item?id=13056997

replies(1): >>13072159 #
1. halomru ◴[30 Nov 16 16:41 UTC] No.13072159[source]
In principle every x86 operating system has this problem. The difference is in the expectations. If a laptop is certified for Windows 10 I expect it to run Windows 10 decently. If a laptop is Qubes OS certified, I expect it to run Qubes OS securely, with decent performance.
replies(1): >>13072410 #
2. walterbell ◴[30 Nov 16 17:04 UTC] No.13072410[source]
What kind of issues have you seen with Qubes on vPro laptops?

Security is only meaningful within the context of a threat model. Qubes, like every operating system, has many possible configurations, for different threat models.