On Wednesday, 19 December 2018 21:56:09 UTC, John Smiley wrote: > If one were to invest in a new laptop today for Qubes use exclusively and > price wasn't a major factor, which one(s) make the top of the list? Assume > you want the best security possible and are willing to invest the time to > learn and configure Qubes/Whonix to get it. Also assume you want something > that will take advantage of features that are planned for near-term > Qubes/Whonix release. > > Are there laptops that haven't hit the market yet that would be worth waiting > for (i.e. better than any in the list from above)? > > Assume you want Anti-Evil-Maid and therefore need a TPM chip. Does that > change which laptops are at the top of the list and why? Is it worth giving > up the TPM chip if you aren't all that concerned about Evil Maid? Pretty > much every laptop has them these days, so a follow up question to this one > would be how the TPM is implemented (discrete, integrated, firmware, > software)? Should the BIOS be set to use 1.2 or 2.0 for Qubes? > > More on the BIOS - should UEFI be turned off? Thunderbolt? Secure boot > should be disabled, I know. What about power management? Anything else (ex: > if the laptop is Intel, ME should be disabled, correct)? > > Do the keyboard and mouse/trackpad on a laptop use the USB interface? If so, > what is the best way to address that (buy an external PS/2 keyboard and > mouse)? If not, are the "safe" in the sense that only dom0 has control of > them and no other qubes can snoop as would be the case for USB? > > Are there things that can be done with a home router/firewall (such as a > dedicated pfSense box) that improve security when using Qubes/Whonix and if > so, what would they be? > > Lot's of other questions, but this is is probably more than enough for one > thread.
https://www.qubes-os.org/doc/certified-hardware/ and the HCL is the place to look. But right now, there is no new laptop that checks all the boxes. The one privacy advocates usually turn to as a "step in the right direction" is obviously Purism's lineup, which I advise you to check out. Regarding network security, Qubes already has a firewall template, but there are alternatives. There are some open source alternatives regarding routers, both regarding software and the hardware it runs on. I'd like to point you towards this website https://infosec-handbook.eu/as-hns/, they have written a bunch on home network security. I'd argue it's a bit useless, assuming you use any type of VPN service. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cbe4d271-00b4-4b63-a064-e2c9703d78be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
