Thanks for your quick reply, Kyle.
This is incredibly exciting news (for me, at least!). I have spent countless hours trying to work out what desktop computer I could buy to run Qubes, but have never found anything relatively new that was guaranteed to work.
Am I right in understanding that, when it comes to ordering, I should select:
Firmware : Default (coreboot + SeaBIOS) ?
Finally, have you tested with Librem Key, or should I forget that option if using with Qubes OS?
Thanks again.
Either coreboot + SeaBIOS or PureBoot would work. It just depends on which boot firmware you would want to use. The Librem Key works with PureBoot, and Qubes VMs can use it as well, provided they have the proper openpgp software installed (and optionally Nitrokey’s userspace software if you want features beyond standard OpenPGP smartcard support).
Thanks for your quick response.
It sounds as if I will have to do some research on having “the proper openpgp software installed (and optionally Nitrokey’s userspace software”!
Thanks @Kyle_Rankin
I’m glad I saw this or i might have been frustrated.
I have a overstuffed mini v2 sitting in my cart.
If I can run qubes-os and see pureos in 3840x2160 then I am going to have to buy it.
For the qubes-os - can you provide version numbers?
Are you saying that 4.0.4-rc1 will run on the miniv2?
I assume that this means that 4.0.3 will never work - Or - will that new kernel end up in the 4.0.3 upgade as a backport?
I love running pureos as a secure host and running kali and blackarch and parrotos and kodachi as vms.
But I am going to need qubes-os for more serious situations.
Thanks again,
-non@
@Kyle_Rankin is the v2 coming with the s970pro or the newer s980pro ? the new NVME drives were announced by Shangsung but i don’t know if you guys can put that in my order as it is right now ?
Forgive me if this was answered already, but how is the Mini v2 stacking up in terms of software freedom? More specifically, is Purism aiming at obtaining an RYF certification, and if not, what are the non-free parts?
That would be cool, though I don’t believe the Intel Management Engine is completely removed yet (mostly, but not completely). When/if that is done, RYF certification could probably obtained for their laptops as well.
The Librem Mini v2 (just like the Librem 13/14/15) has the following proprietary blobs:
The only way to get rid of these is to switch to a different type of processor such as the POWER9 or i.MX 8M Quad, The former sucks a huge amount of power and is very expensive. The latter isn’t powerful enough. The RK3399 is still underpowered but better and can now boot without any blobs, but it still lacks things.
I apologise in advance for what may be a ‘stupid’ question, but why does Librem Mini require 8-10% of Intel ME “for booting” while NitroPad claims that Intel ME “has been deactivated” in their NitroPad X230?
" Deactivated Intel Management Engine
Vulnerable and proprietary low-level hardware parts are disabled to make the hardware more robust against advanced attacks.
The Intel Management Engine (ME) is some kind of separate computer within all modern Intel processors (CPU). The ME acts as a master controller for your CPU and has broad access to your computer (system memory, screen, keyboard, network). Intel controls the code of the ME and severe vulnerabilities have been found in the ME enabling local and remote attacks. Therefore ME can be considered as a backdoor and has been deactivated in NitroPad."
I was just about to click ‘Add to Cart’ on a Librem Mini v2 @ $1,850 but this gives me some concern - because I don’t understand enough to know by how much the “8-10%” will reduce the security of Qubes OS.
Thanks for any light you or @Kyle_Rankin can shed on this.
Because in Purism’s (Intel-based) products, the Intel ME has been both butchered (code cut down by 90% approx) and disabled.
I don’t know anything about NitroPad products but perhaps their “deactivated” is Purism’s “disabled”. The official name for disabling the Intel ME is High Assurance Platform (HAP) mode.
Seems to be a refurbished ThinkPad x230. Which means the Intel ME cannot be fully removed (laptop wouldn’t boot) but neutralized so it won’t work anymore. Same as on the purism laptops.
I guess that would mean that the CPU is a bit off the pace, not terrible, but maybe i7-3xxx, so 7 generations behind (or 8 if you want to be really current but I don’t think Purism is offering any 11th generation Intel CPUs).
All computers with an Intel x86 processor that were introduced after November 2008 (starting with the Nehalem architecture in the first generation i3/i5/i7) will not boot if the Intel Management Engine code is entirely removed. The last computers that could boot with the ME code removed were the Core 2 (Penryn), that was used in the Thinkpad X200, T400, T500 and W500 from 2008. See the list of LibreBoot compatible hardware.
What the NitroPad X230 does is change a setting which deactivates the ME, just like all the PCs sold by Purism, ThinkPenguin, TUXEDO Computers and System76 do, but all of them require the ME to boot. Purism goes an extra step of also replacing 90%-92% of the ME code with zeros. None of the others say that they do this. If you want to learn more, read the documentation at: https://github.com/corna/me_cleaner
The Librem 13/14/15/Mini are better than the NitroPad X230, because the Librem 13/14/15/Mini can use the WiFi/BT without a binary blob in the /lib/firmware directory. If you want to achieve that with the NitroPad X230, you will need to put an Atheros ath9k WiFi/BT card in it (like this one, but check if a full-sized card fits) or use USB WiFi/BT (like this one).
Also the Librem 14 will have a switch on the motherboard to prevent anyone from changing the firmware. The Librem 14 will also have free/open source firmware for the embedded controller (EC), but @MrChromebox recently posted on r/Purism that it probably won’t be ready for the initial release of the Librem 14, so you will have to wait for that.
But then the actual comparison was Librem Mini v2 v. NitroPad X230, which I don’t fully understand as a comparison, since the former is an ultra-compact, needing a monitor if the use case requires it, while the latter is a laptop. But, sure, the Librem 14 is a nice laptop. 
Oh, yeah. I forgot that @purequbes was comparing the X230 to the Mini. Ok, I edited my post to compare the X230 to the Librem 14/15/Mini.
If paying that much for a fully loaded Mini, it’s probably worth considering the L14 since it has 2 extra cores, which would be helpful when running Qubes.
Thank you very much for your detailed responses, and to @kieran also for your helpful comments, for which I am most grateful.
I was considering the Librem Mini v2 because it’s a ‘desktop’ computer and I thought it would therefore cope better than a laptop with being switched on 24/7 and being used for 12+ hours per day. (I spend too much time in front of computer monitors 
)
The only reason to compare it with the X230 is because Qubes lists it as ‘Certified Hardware’ so it made sense to me that NitroPad must therefore have done all that was possible / necessary (Intel ME-wise) to remove the Intel risk from the security equation.
I’m delighted to hear that Purism actually goes further than the X230 (and ThinkPenguin, TUXEDO and System76) by replacing >90% of the ME code with zeros.
I had resisted buying the X230 because it’s so old and I was looking for a more modern machine that was able to run Qubes in a reliable manner for countless hours of daily use.
I’m moving from a 2018 MacBook Pro with 32GB RAM and it struggles being left on all the time (not to mention that Apple is now just as bad as Google in every respect and I have lost all trust in them as a company after 20 years of being the most ardent of supporters)
Your point about the Librem 14 having 2 extra cores is well made.
I had planned on starting off by buying the Librem Mini v2 because ‘desktop’, and buy a Librem 14 early next year in case I wanted a portable machine when on the move.
Perhaps this is an unfair question, but would you expect the Librem 14 to be able to cope with being used all day? I can’t afford downtime.
Thanks again for taking the time to read and reply to my questions. I really do appreciate it very much.
Purism is switching to a new ODM for the Librem 14, and it says that the new design will fix the known problems in the Librem 13/15 models:
However, with a new design and new ODM, new problems may arise, so it is probably best to wait and see what people report. Another issue is that Purism had trouble getting replacement parts for its laptops in the past, because it uses custom manufacturing for its laptops. The only Linux laptop manufacturers that do custom manufacturing are Purism, Star Labs and PinePhone. All the rest use rebadged Clevo laptops, which means that it is easier for them to get replacement parts.
It you are worried about reliability over time, the Mini is probably a better choice for you, because it isn’t custom manufactured for Purism like the L14, so it is less likely to have hardware bugs. If anything breaks, it will be much easier to fix with the Mini than the L14. Maybe I have bad luck, but on average I have to replace the power adapter on my laptops after 1.5 years and the keyboard after 2 years, and the cooling fan after 3 years, whereas I have much fewer hardware failures on desktop PCs.
MrChromebox said that Purism would have offered the same 6-core processor in the Mini v2 as the L14, but Intel currently has supply chain shortages, and the ODM couldn’t get the processors. The L14 will have a physical TPM chip, whereas the Mini v2 has to provide that in software.
Once again, thank you very much for your detailed response. I did not know any of the information you presented so it was both incredibly helpful and much appreciated.
I have a few things to consider before making a final decision, but you have really helped to clarify many points.
Thanks again for your time and feedback!
that’s not technically correct – they’ll boot, but will go into automatic shutdown mode after 30 mins