Hello all, another newbie to all things linux. Super excited to start this journey. First off let me apologize in advance if any of these questions are rhetorical and/or have been posted already or covered on user quides. I’ve spent the last 2 days researching with little to no anwsers. Anyways thank you all in advance and please bare with me i do pick thongs up pretty quick even though this post may not seem like it lol
Here we go
I order the L14 with Qubes preinstalled with little to no knowledge of what it is or was. Just seemed like my best option to do so at check up along with the pureboot bundle + PureOS Live 10.
Now that im at the intial setup ive decided against using Qubes for now given my little experience. What ive found hard to find its how to go about this exactly? Should i fully intiate and set up Qubes first? Then just continue on with setting up pureboot and pureos and just doing it live on the usb? What are the potential problems with that wouldnt i have to reset it up everytime i use it? Does it erase any and all data when i shut it down?
Just for my owe simplicity should i just completely earse Qubes and install Pureos until i feel like returning to Qubes?(i like this Idea) but how is this done?
My other questions that i couldnt find much info about was about the intial startup of Qubes do i need to insert the librem key and the pureboot? Or is pureboot only needed for Pureos?
Im probably in need of a good user guide that can step me through the whole intial setup for the L14 with qubes preinstalled and the intial pureboot/pureos setup. Ive browsed all over and watched everything i could find but it was all kinda vague, non-specific and brief. I found very little support out the for machines that are pre-installed with Qubes and maybe hopefully that’ll change very soon as i know its a somewhat new thing. Alot of ppl barely even know you can get it pre-installed.
If anyone can help with any info on this or even just point me in the right direction id appreciate it!
PS. Im sure ill have more questions to ask as with tread continues because i kinda forgot some that i had in writing this. Thanks again in advance!
You can install PureOS or another OS instead of Qubes. Qubes is great but does have a learning curve associated with it. You don’t need to do any Qubes set up if you decide to replace it.
The easiest path is:
- Install PureOS or the OS of your choice from a live USB flash drive
- Perform an OEM reset from PureBoot (the firmware menu)
- After installation, you will get an error during boot because the OS was changed. Continue to the main menu
- Select Options > OEM Factory Reset / Re-Ownership
- Confirm the OEM reset and go to #3 to answer the questions
- To set a single passphrase for the TPM and Librem Key, answer the questions this way:
- “Would you like to use default configuration options? …” [N]
- Answer “N” to everything until you reach “Would you like to set a single custom password to all previously stated security components?”
- Answer “Y” to that question and enter a passphrase
- Answer “N” to the remaining questions
At that point your Librem Key will be set up again with the new OS. If the OS updates its boot files, or you update the firmware (PureBoot), you’ll need to know that passphrase to re-sign the boot files or update the Librem Key. (Or you can OEM reset again if you forget the passphrase.)
If you run the OS from live USB every time (not installing it), then yes it’ll lose state whenever you shut down, and you can’t unplug the live USB while it’s running.
PureBoot is the firmware, it’s stored on the system. The flash drive that came with the PureBoot bundle contains the GPG public key that was preconfigured when we installed the system. OEM reset replaces that key, so if you do that you can export the new key if you need a copy on the flash drive (you don’t necessarily need that if you reset it yourself).
Inserting the Librem Key during boot tells you if the firmware is still the same (green light) or has been tampered. If the firmware is still the same, then the firmware validates your OS’s boot files and will tell you if those have changed too. If someone gets access to your Librem 14 and tampers your firmware or OS boot files, you’ll be able to identify it this way. This works with most Linux distributions, including Qubes and PureOS.
The best documentation on this is the PureBoot documentation: PureBoot Getting Started Guide - Purism - Librem products documentation. This isn’t part of Qubes as it works with most Linux distributions. The Qubes documentation would tell you more about using the Qubes OS if you decide to use it.
I think I covered most of the questions. Feel free to follow up if I overlooked anything or you have more 
Well ok, just the same ive read so far just needed the clarification befire i just went ahead started blindly. So i guess the one question i having remaining at this point would be… woulsld it be wise make a copy of the qubes OS while i still have it installed to maybe save myself a littoe time a grief llater on if i decided to switch back? And to piggy bank off of that if i can even do so(make a copy) can i create it as a “love” copy so i could potentially play around with it while still being able to power off and unplug woth out or saveling t9 my harddrive? And can i do so(makr this copy on the same flash that has the pure OS, the “vault” flash drive or get an entirely diferent flash drive? Or possibly all of the above?
Thanks again! Appreciate you for your candor. Am ecmxcited to finally get going
Personally, I wouldn’t bother. You can install Qubes easily from their install ISO, and if you haven’t done much to the current install, you’ll get the same thing. No particular customization is needed to install Qubes on L14. The install does take a while, particularly creating the template VMs, but just let it work for a while and it will get there.
If you want to be able to try Qubes OS from external media without committing to it on your internal SSD, maybe you could do it on a USB disk. A USB SSD would be ideal compared to a flash drive, but a large enough flash drive might be OK just to try it out, if it’s fast enough.
I haven’t tried this, but I would think you could install Qubes OS to a USB disk (boot from the Qubes ISO on the flash drive, install to a second flash drive or USB SSD). You might be able to directly copy the already-installed image to a USB SSD/HDD, but the USB disk would need to be the same size or larger, or you need to know how to resize the partitions first. I would probably just do a new install on the USB disk.
I would probably want a minimum of 32 GB or so for the installation. I don’t recall what size Vaults are being shipped right now, but it should work. You’ll still need a second flash drive to boot the install ISO.
In theory, PureBoot should be able to boot to that using USB boot, but it’s not something I have tried.
I’ll reiterate that I haven’t tried any of this It does sound like Qubes can boot this way from some forum posts, but there could unexpected details at any point. It’s pretty safe for your installed OS as long as you take care to install to the right disk.
This page specifies a minimum of 32 GB - and I guess you can follow the link from there for an actual citation.
You can pick up a 120 GB portable SSD for not much money, if this is more than just a one-off. You just need to be careful whether you want a USB-C or USB-A connector on the portable drive. (I guess either will work on the Librem 14 but there might be a consideration of which port you want to tie up by booting from it.)