How well does Qubes run on the Librem 14?

I got into a weird debate on r/Purism with u/redrumsir (@privacy2) about whether Qubes runs well on the L14 or not. (Sorry, but I can’t link to it, because Reddit rules prohibit linking.) Since I don’t own the L14 and don’t use Qubes, it is best that someone else answer the question.

Please post your opinion about how well Qubes runs on the Librem 14, and include:

1. Your version of Qubes,
2. What version of the EC firmware you are using (use sudo purism_ectool info to get the version and see this post to upgrade),
3. Do you have the librem-ec-acpi-dkms driver installed? (see these instructions or these ones to install/upgrade)

https://teddit.net/r/Purism/comments/t9fmks/qubes_41_experience_on_librem_14/

Everything is flawless here:

There are some problems here, but they don’t seem device-specific to me (and more commenters say it works for them):

There was a recent post on the qubes forum from someone who had a new v14 and had a mountain of problems trying to install qubes, or reinstall. Can’t remember.

I encouraged him to post here which he obviously didn’t. But he had huge issues that had him stumped and he didn’t sound like a newbie. I’ll try and remember to get the link when I’m on my desktop.

Thank you for this link. It would seem that interpretations to some of my comments re: Qubes on L14 are taken to be more of an assessment of the laptop instead of the OS. Or perhaps taken together.

I want to be clear about the comments I made here: New Post: My Recommendations for the Most Secure Librem 14 Configuration. They are with respect and limited to the version I was running. Specifically: Qubes OS 4.1.0 RC2. It was a release candidate and should not be treated as a production environment. In my view, the “tolerable” and “easily-fixed” issues there were within the expectations for a release candidate version.

Since I have only made general comments about L14 and Qubes OS compatibility. I will provide a better, but still summarized listing for Qubes 4.1.0:

• Qubes OS installs without issue
• Debian based template used extensively - no issues with any non-Snap applications (more on Snaps later)
• Microphone and camera (external and internal) inconsistently attach to AppVMs with up to 16GB of memory. That is, they will attach, and then application attempts to interface, the attachment fails.
• AppVM and HVMs run without issue. HVMs were Windows 10 and Kali Linux.
• AppVM and template VMs struggles with Snaps (specifically Microsoft Teams and Rocket Chat). Reinstalling the Snap fixes the issue. Difficult to pin down root cause.

The microphone and camera issues were found after the post was made. Restarting the AppVM usually fixes the issue. Other times, removing attached devices to the USB hub remedies the issue. I have treated the problem as a nuisance.

If there is any indictment of the Qubes OS/Librem community is that it is largely indifferent to assisting with troubleshooting or helping new to moderate level users. I would not recommend attempting to use the Qubes Forum. If you are not comfortable managing these issues yourself by reading the documentation or experimentation, I would not recommend the OS at this time. You will likely not find the support you need to resolve the issues you have. Qubes OS user community is roughly at the size and helpfulness of early Linux communities circa 2002.

NOTE: these issues, outside of the camera, were not present until after I upgraded to 4.1.0. But they are there currently.

Edits for clarity and grammar.

Can you tell if you have issues with sys-usb starting all the time (if you have it installed)? I have recently upgraded to the latest stable release from the previous qubes version which worked beautifully. I find this latest stable release has many annoying bugs. I should never have changed.

So I’m keen to see how buggy this is on a v14 as this is my next purchase, or a mini.

Good catch on that. I forgot about that issue. Yes, sometimes during the boot process, sys-usb won’t start. Reboot fixes.

I agree with your statement, I have had more issues with the 4.1 stable release than I have had with previous versions.

Thanks for that. Yes, this version is a shocker compared to the prior version which was flawless for me.
I don’t like to criticise people who do this work because of the great effort, but this latest release was only supposed to have very minor tweaks. The reality is that there are many problems that detract from using it. I’m close to reverting back even though that will mean a fair bit of reconfiguration now.

I finally moved over to another OS. The instability around the Snaps finally did me in. It’s unfortunate because the way I have organized my work and my life is around the concept of AppVMs and isolation. So it’s difficult to adjust. I really (read: strongly) prefer the Qubes way over all things but I can’t sit here and try to get Teams, for example to work prior to a meeting. If I have to bring another computer in to do my work, why I am using the OS in the first place?

I intend to try again when another version is released. It’s just too much work right now to use.

Which instability? Did you consult these links? one, two, three.

Of course I did. I searched extensively and followed each of those to try to fix the issue. Which instability? My instability.

Snap in the template? Snap in the AppVM? Doesn’t matter. Needed files disappear. Reinstalling may or may not work the first, second, third, nth time. Blow away the AppVM and rebuild might do it. Sometimes I have to blow away the TemplateVM all together. It’s too much.

It’s nothing that’s been documented or addressed before, so the forum is powerless to help since it’s primary role is to link to documentation already built. Or argue about which VPN provider has the best security.

So I gave up. I am not confident in the forum’s ability to help with issues like these.

If you even switch away from Qubes due to this, why don’t you try StandaloneVM in Qubes, which works like a normal OS installation?

I will consider that. I am currently away from Qubes but it’s harming my productivity. So I am stuck in a place of absolute frustration. I am not a fan of Standalone VMs; I much, much prefer my AppVMs.

At least a StandaloneVM is more secure than any non-Qubes OS. Also, you can enable root dom0 prompt.

Snap has always been a problem with qubes for some reason. I didn’t have the problems you cited but it did break the updater. I just uninstalled and it was all good after that. I don’t miss it fortunately although there are certainly many issues with the latest qubes.

I had it on my Librem with 32 GB of ram, I took it off for other reasons, but it worked fantastically while I had it on.