Becoming QubesOS certified?

Hey,
I really like your idea of an upgradable and repairable laptop, do you plan on making your products QubesOS certified to attract security focused individuals ?
Thanks

4 Likes

Hi @brochard
Qubes is a really interesting project, but right now we do not have a fully open source boot firmware, as the bios region is closed.

I am still interested in working towards a coreboot+tianocore payload that could run on the system which would be the first requirement to get certified.

One additional hurtle would be getting the Intel sensor hub firmware open source, as this is also a closed source blob, it could also be removed for something like Qubes support, but this would disable the ALS and IMU sensors. (Probably not a big deal).

12 Likes

Thanks for the very detailed response,
I don’t know much about those technical aspect of making it compatible, thanks for these explanations.
Hoping you could manage to do it in the future, wishing you the best !

Criteria for Qubes OS certification are described in Hardware Certification Requirements section. We discussed those criteria with Marek (Qubes OS maintainer) during Qubes OS minisummit 2019 slides can be found behind the link.

In general, it requires providing to Qubes OS team hardware for the validation of new OS versions and get to an agreement about the cost associated with the verification process.

As it is stated on the website:

The only exception is the use of (properly authenticated) CPU-vendor-provided blobs for silicon and memory initialization (see Intel FSP) as well as other internal operations (see Intel ME).

So some blobs can be included in firmware and that does not cause problems with certification. In the case of the Intel sensor hub, I’m not aware of an open-source alternative and we will probably not see it until someone will abuse sensor hub firmware obscurity.

3 Likes

Being able to use coreboot on the machine would be totally awesome! Hopefully something to see in the future :smiley:

5 Likes

Personally I find this something that would be interesting and will appeal to some people, but is in no way something that should pause or delay development.

Just remember that Qubes caters to a specific crowd. A crowd notorious for nitpicking. They are a needy bunch in general. Maybe not a good idea to pursue that niche when companies like Purism already exist.

2 Likes

I have no idea what you mean by that. If you mean that some Qubes OS users are extremely paranoid about security then I agree, but that doesn’t have to be a bad thing. If you are in the security community you know this. In short, we should not make assumptions about other people’s threat models. Please note Qubes OS community consist of many valuable contributors to the state of security as well as Qubes architecture moves the ecosystem forward.

Qubes OS community is probably coupled with tens of thousands of people, can Framework ignore that? Maybe.

Last Purism is not hardware certified by Qubes

2 Likes

I think that is putting it lightly. My own opinion of threat models, etc., is that if someone wants you bad enough, it doesn’t matter what you do. So instead of going to extremes that burden one and make things much less practical, I prefer doing smart things that protect my privacy, while affording me greater security. Put short: I don’t want to ignore the beautiful world and all it has to offer, simply because my cave is the ultimate security.

I however am not against anyone trying for the ultimate security. I’m simply suggesting that it is an unnecessary burden for what Frame.work is initially trying to accomplish.

Initially the Librem line was certified. I think you would find it interesting discovering why they are no longer certified. Knowing that lends credence to what I initially said.

Lastly, I don’t want to argue. It is ok for us to have two differing opinions.

@2disbetter
In this very competitive world of laptops, I don’t think having another trick up their sleeves like being certified by those very nit-picking security people can be a bad thing.
It brings this community full of customers and it also reasure other buyers about this laptop comitment to security.

Agree. Your threat model does not require staying in a cave, but it is worth mentioning what level of paranoia Microsoft or Apple put into devices. Famous Xeno Kovah designed the security of M1 - you may have a sense of LegbaCore amount and quality of contribution to the research community. Microsoft with Surface Pro 4 is IMO is also very interesting because it leverages D-RTM and pushing Secured-core program forward. How this relates to Purism, System76, Framework, and other companies? Those companies will have to follow trends to keep up. The key difference with mentioned giants is that they can provide seamless integration and leverage advanced features for business profit.

Finally, OSS security solutions are not so seamless, but as a community, we should support Qubes and others to improve user experience, so there would be no “inside cave” feeling.

You are right; it is interesting. I read this, and Purism reasoning is clear for me. Please note information from Qubes about firmware and hardware changes during the certification process.

Full disclosure I’m 3mdeb Founder and co-organizer of Qubes OS mini-summit. I know the community pretty well: Purism developers, Insurgo and NitroKey. It is hard to believe that Purism volume (compared to Insurgo and NitroKey) does not allow afford Qubes OS certification. My take on that is that they have different business goals, and that’s why they do not certify - money is just an excuse.

1 Like

I am a long time qubes user and on many of the forums and to say that they are nit picky is a bit rich. I mean, come on, linux users in general are a bit painful from time to time. Its part of the fun really. They get so worked up!

Purism are up front about why they are not certified and I believe that it is financial. They say that they prefer to pour their funds into their own development but I reckon that Purism need every cent they have at the moment as they struggle with trying to meet the L5 orders and get their new laptop out the door.

I am brand new to this forum and I don’t know if its answered elsewhere…do we know if the framework laptops will run qubes? I’m interested immensely in getting a new laptop that will to replace my dells and lenovos. I would buy a new Purism 14" Road Warrior but that company already has my L5 money and I’m not on board with their business approach so I’m looking elsewhere.

Will this run qubes? Or don’t we know yet. Certification isn’t really an issue for me.

4 Likes

@Brad We have not tried running QubesOS yet. But we can give it a try and see if it works.

5 Likes

Thanks for the reply Kieran
Yes, I would be interested to see how it goes. If you could do that it would be great. I’ll be in for a laptop anyway, but if I could make it my qubes machine all the better!

Let us know how it goes.

2 Likes

Just want to note here that QubesOS does not currently support computers with Tiger Lake processors: https://github.com/QubesOS/qubes-issues/issues/6411

3 Likes

Thank you for that important reply. I hadn’t even looked into the processor for the framework, but now I see that it is indeed Tiger Lake. Looking through the git posts it is not completely clear if its the kernel or a problem with Xen itself. Either way it appears that for Qubes to become usable on Tiger Lake requires some major tweaking with PCI pass through and possible security implications.

I was considering the Framework as a secure laptop running hopefully Qubes but this probably won’t become a reality now. I also noted that there were some concerning comments about the ME in Tiger Lake as well.

I thank you for your post. If any of the Framework devs have managed to get Qubes running on Framework I’d very much like to hear about the experience. The issue on git hasn’t been touched since April and there may have been another iteration of Qubes since then although it was a tweak only I think not a point release.

Thanks again for alerting me to this.

2 Likes

A post was split to a new topic: Framework Laptop without a mainboard

is there anywhere we can follow along for status updates on this? is it something that you are actively working on?

4 Likes

Long story short: I think the first Framework won’t be Qubes Certified (anytime soon), because the limiting factor is being able to use coreboot in the BIOS as the ideal implementation for completely open sourcing the firmware, not just the EC (embedded controller).