Best Qubes laptop I’ve ever had.
10th generation Intel CPU with IOMMU, SLAT, VT-X,VT-D and all the other Qubes stuff that most modern laptops usually lack one off.
Purism laptops come with an optional Pureboot bundle which uses Heads to verify a root of trust though an external Librem Key.
Works in a very similar way to a normal Qubes Anti Evil Maid setup.
Should be equal to or very close to the trust you can derive from a normal AEM setup.
(please shout at me in the comments below if I’m wrong)
What’s tested and confirmed working
Pureboot bundle (Anti Evil Maid replacement)
Wi-Fi (no strict PCI reset option needs to be enabled)
Ethernet (no strict PCI reset option needs to be enabled)
3.5mm sound jack works.
Sound doesn’t automatically switch over though when plugging
earphones in etc. Probably just a tweak somewhere to be added.
System Suspend and recovery works.
No Wi-Fi issues.
USB-C connectivity works
USB-C => Ethernet
USB-C => HDMI
USB-C => USB splitting
Kill switches for Wi-Fi/Ethernet
The VM needs to reboot to recognise the Wi-Fi/Ethernet device again after the kill switch is reversed.
The solution to this should be a similar to the fix for Wi-Fi disappearing after suspending the system which was common on other qubes systems I’ve had.
Kill switches for Webcam/Mic
Works as intended the device disappears and reapers when the kill switch is disengaged again.
What’s not tested:
Bluetooth (should work, just don’t like non free drivers)
Have 40Gb of ram in this laptop but a smaller SSD so opted out of having a swap partition.
Don’t think hibernation can work without it.
--- layout: 'hcl' type: 'laptop' hvm: 'yes' iommu: 'yes' slat: 'yes' tpm: '' remap: 'yes' brand: | Purism model: | librem_14 bios: | PureBoot-Release-17.1 cpu: | Intel(R) Core(TM) i7-10710U CPU @ 1.10GHz cpu-short: | FIXME chipset: | Intel Corporation Device [8086:9b51] chipset-short: | FIXME gpu: | Intel Corporation Device [8086:9bca] (rev 04) (prog-if 00 [VGA controller]) gpu-short: | FIXME network: | Qualcomm Atheros AR9462 Wireless Network Adapter (rev 01) Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15) memory: | 40834 scsi: | usb: | 1 versions: - works: yes qubes: | R4.0 xen: | 4.8.5-32.fc25 kernel: | 5.4.107-1 remark: | FIXME credit: | FIXAUTHOR link: | FIXLINK ---