My employer recently issued me a Dell Precision 7550, which came with a Ubuntu installation with some OEM customizations. I hoped to use Qubes OS to protect my employee records and communications from all the software I'll be running as part of my development work. Unfortunately, my assessment is that under even a pessimistic estimate of this risk, given the many problems and my limited hardware troubleshooting skills, I don't want to do any more work to try to get Qubes OS to work adequately on this laptop at this time.
I used the Qubes R4.0.3 installer and the Fedora 32 XFCE template. After installation, I ran updates in both dom0 and the template to see if that would help with anything, but it didn't. (Given that the network didn't work under Qubes OS, I ran updates using a nasty, insecure hack that I deemed adequate for testing, with plans to reinstall with a better approach if I thought there was hope of success.) - To get the installer to start at all, I had to remove noexitboot and mapbs as described at https://www.qubes-os.org/doc/uefi-troubleshooting/#removing-noexitboot-and-mapbs and turn off "Enable switchable graphics" in the BIOS. - Display redrawing was very slow in both the installer and dom0 after installation: when I advanced to the next screen of the installer or started an application in dom0 such as Qube Manager, it could take up to a second or so for the screen to redraw from top to bottom. Disabling compositing in the XFCE Window Manager Tweaks in dom0 made the problem less bad, but it was still unacceptable to me. - After installation, the screen brightness keys on the keyboard had no effect on the screen brightness, and when I tried to drag the screen brightness slider in the XFCE Power Manager applet, the applet segfaulted. - When my NetVM used the dom0-provided kernel, neither the wired nor the Wi-Fi network device worked. When it used the kernel in the VM, the boot process got stuck for a reason not evident from the log in Qube Manager, whether or not the network PCI devices were assigned to the VM. When the devices were assigned, the log did show that the VM tried to initialize at least the wired network using the "e1000e" driver. I'm going to use the OEM procedure to wipe the laptop and reinstall the OS now because I need to reinstall the OS anyway for another reason. I'm open to parallel installing Qubes OS again in the future if someone wants me to perform specific tests, though it will be a low priority for me. This was a humbling reminder that I can't assume Qubes OS will work on arbitrary hardware. I was very fortunate that when I first tried it in October 2014, it worked on the personal Lenovo ThinkPad L430 that I had bought in November 2012 without anticipating I'd use Qubes OS. For my next personal laptop, I'll definitely shop for Qubes OS compatibility, but my employer is only half-serious about information security and I don't think I have any leverage to ask them to consider Qubes OS compatibility in purchasing company laptops. Matt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d8b1283f5cbac044c63a8213a5dc11ac9ac794d0.camel%40mattmccutchen.net.
Qubes-HCL-Dell_Inc_-Precision_7550-20201129-141058.yml
Description: application/yaml