On Sunday, February 25, 2018 at 2:11:21 AM UTC+1, Adam McCarthy wrote: > Hello, > > I currently run Qubes OS on an XPS 13 from 2015 with an i5-6200U, 8GB > RAM, slow NVMe. It can't really handle Qubes OS - it's quite laggy and > struggles to play video on the 4K screen. The CPU and RAM are normally > maxed with a couple of VMs running, even without video. > > I'm going to buy a new laptop with a higher spec which should hopefully > handle things well. The following laptops are my final five contenders. > They all have a discrete GPU, which I'm hoping to passthrough to a VM > for playing streaming video (h264/h265/vp9 codecs). Do I have this right > that it would be most efficient to use the Intel GPU in dom0 and the > discrete GPU in the VM? I also do a lot of scientific computing, so it's > useful to offload some computation to a GPU via CUDA. > > I get the impression from the HCL that they should all work fine as long > as I replace any non-Intel wifi m.2 sticks with an Intel 8265. Do you > have any thoughts on whether one would be more appropriate than another? > > Dell XPS 15 9560 (2017) > Intel i7-7700HQ Quad Core > 32GB RAM > 512GB M.2 NVMe > Intel + NVIDIA GTX 1050 > > Dell XPS 15 2018 > Intel i7-8705G Quad Core > 32GB RAM > 512GB M.2 NVMe > Intel + Radeon RX Vega M GL > > Dell Precision 5520 > Intel Xeon E3-1505M v6 Quad Core > 32GB RAM > 512GB M.2 NVMe > Intel + Nvidia Quadro M1200 > > Lenovo P51 > Intel Xeon E3-1505M v6 Quad Core > 32GB RAM > 512GB M.2 NVMe > Intel + NVIDIA Quadro M2200 > > Razer Blade > Intel i7-7700HQ Quad Core > 16GB RAM > 512GB M.2 NVMe > Intel + NVIDIA GTX 1060 > > Thanks, > Adam
I'm not too familiar with those particular models. As for GPU passthrough, I'll second what tai...@gmx.com said, currently it's not possible to do what you seek with discrete GPU's in the way you described. But keep in mind that Qubes 4.1. is planned to include a new approach to graphic pass-through for single AppVM's, without comprosmising security, which is exactly what you just described. In other words, Qubes 4.1. may include this feature. If you're interested to know more, then check the roadmap/github trackers. Also if you instead go down the eGPU road (which may not work in the end anyway), then you should probably get a computer with Thunderbolt connection, to allow for the large transfer of data which USB 3.1. cannot fully handle. From memory, USB 3.0 is around 5 gbit, USB 3.1. is about 10 gbit, and Thunderbolt can run up to 40 gbit (check Thunderbolt versions too). Also be sure you don't just assume that USB type c ports include Thunderbolt comparability, most of the early ones don't. It's only some recent 2018 laptop models that started to include USB/Thunderbolt type 3 hybrid ports. Before 2018, it was mostly only Apple/Mac's. If you want eGPU (untested on Qubes as far as I know, but in theory it might work), then you would want high transfer speeds. Probably minimum USB 3.1., but preferably 40 gbit Thunderbolt (get newest Thunderbolt version and be sure it has enough PCI connections tied to it for maximum transfer speeds). Also note that Thunderbolt isn't well supported in the kernel yet, I'm not sure which kernel includes it, but make sure you research this too if you need Thunderbolt. You could consider getting the same laptops most of the core Qubes team uses, the Carbon X1 gen5. I believe it has Thunderbolt too? But even the cheapest version of this laptop is rather on the expensive side. You could also go a bit cheaper down from the Carbon X1 gen5, i.e. get the Lenovo 720s instead or something along those lines. (I did not test or see reviews on the new Lenovo 720s, please ensure you do further research on it first. Be very critical.). Generally I agree that free open standard hardware is important and something we really, really need, but it may just not be feasible for normal users just yet. Getting W520/TALOS may work for some, but it won't work for everyone. This depends on ones needs, and what sacrifices you are content in making (for example can you sacrifice aesthetics, look and feel?). Qubes OS on normal hardware (fulfilling current security hardware requirements) is still a much more secure alternative than Windows/Mac/Linux OS's, even on compromised hardware from i.e. Intel/AMD/etc. I agree there still are very big security/privacy problems in hardware, there definitely is. But all things considered, if you're not trying to be immune from state-level/advanced hacker attacks, then it may be too extreme to go that far just yet. Unless of course, you are a high profile target, or even a medium-level target. Don't piss off, or grab unwanted attention of dangerously resourceful people. If you're a normal user, and you don't grab unwanted attention, then you should be okay in this time and day, however, that may change down the line as attack vectors improve and advance, and increasingly become mainstream for less skilled hackers to use. At which point, it's not the few handful really skilled hackers you need to worry about, but script kiddie "hackers" around every city-block. Frankly it's impossible to get the perfect hardware to our desires. Whatever your needs may be, you need to take everything into account. The current situation however, I'd think if you're low profile (normal person with no unwanted attention), then you should be fine from a security perspective, with most laptops that meet the current hardware specifications. It's the same if you climb Mount Everest or venture into a wild jungle, no matter how much you prepare, there will always be risk. There are no perfect hardware, while we can do better, currently we are heavily limited. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/398b1a1a-c618-4955-ae43-51e44f86bb23%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
