Extension card only

Fips · January 24, 2023, 2:29pm

Hello,

I would like to get a Framework Laptop to use at work and privately.
To do this, I would like to use two storage expansion cards, each of them with an own operating system. The laptop itself would not contain any hard disk. During work only the extension A would be plugged, when used privately only the extension B
This way I would like to prevent a malware that infects system A to infiltrate system B and vice versa.
Is this setup possible or is it strictly necessary to have a hard disk? As far as I know the speed of the expansion cards is quite well, so I don’t bother there too much. Does this setup make sence anyway?

Thanks in advance

Edward_Gray · January 24, 2023, 2:41pm

I have not tested this exact set up, however, it does seem like it would work.

This would not be a dual boot in a traditional sense.
When doing the initial install, you would have to pay attention to which drive is which.

Pay attention to what you are doing and treat each install as a new install and you should be OK.

My Framework is set up with W10 on the internal Drive,
Ubuntu 22.04 LTS on a 250gb expansion card, and on occasion, I plug in a Flash Drive with Fedora 37.

The Ubuntu installation is fast enough for everyday usage, I don’t generally do high power intensive things.

The Fedora installation on the Flash Drive is perceptibly slower, but still usable.

ryanpetris · January 25, 2023, 12:30pm

The only laptops I’ve seen that can do what you’re asking are Dells in that their BIOS allows you to individually enable/disable NVME/SATA ports on the machine. I’ve used this before mainly to install Windows on a separate drive but to hide my already-installed Linux drive so that it doesn’t attempt to use the other drives EFI partition.

Maybe this could be a feature implemented in Framework’s bios? i.e. allow manual disabling of the internal NVME drive and individual thunderbolt ports.

Another option is, on Linux at least, you could blacklist the nvme module for the installations on the USB drives, and then they won’t be able to access the internal disk, but that only protects the drive until something is able to run as root and manually modprobe’s nvme, bypassing the blacklist.

There’s something similar that can be done with Windows that Rufus gives you an option to do when making a Windows-to-go USB stick, but I’d imagine it could be bypassed in a similar way with sufficient privileges.

DHowett · January 25, 2023, 4:24pm

I think @Fips is suggesting a much simpler solution: physically removing the card they do not want to use.

That would be totally fine, and will not require any new firmware features from Framework.

Fips · January 25, 2023, 6:50pm

Hello @Edward_Gray
Thank you for the insights about the speed of the disks and extension cards! So it sounds like the speed indeed shouldn’t be the problem when using the extension card which is good to hear again.

Hello @DHowett and ryanpetris
Thanks for the link to the Dell Firmware. Indeed, DHowett got my point. My idea was to not have an internal storage at all and only use extension cards. So that would not need a bios update, unless the bios will refuse to do anything if it doesn’t find any internal hard drive.

I have asked my employer today and he is willing to test it. So I will update this threat if I know something new!