New Post: My Recommendations for the Most Secure Librem 14 Configuration

General Privacy & Security
1

The Librem 14 is our most secure laptop to date. We aim to make the Librem 14 as secure as possible out of the box for the widest range of customers while also taking ease-of-use and overall convenience into account. We also avoid security measures that take control away from you and give it to us. While we think you should trust us, you shouldn’t have to trust us to be secure.

While we always keep the average customer’s security in mind, we also have a number of customers who face more extreme threats and are willing to trade some convenience for extra security. Those customers have sometimes asked me which combination of options would make their Librem 14 order the most secure.

In this post I will provide what I think are the highest security options you can apply to a Librem 14 order, along with some additional steps to take once you receive your Librem 14. Before I get started though, I want to note that even with these recommendations, there are still additional, more extreme steps a person could take. While I’m providing high security recommendations, my goal here is still to strike a reasonable balance between high security and some level of convenience. For those of you facing even more extreme threats with a higher tolerance for inconvenience, treat these recommendations as a baseline to build on.

Read the rest of the article here:

8 Likes
2

@Kyle_Rankin Great article! Very timely for my Librem 14 QubesOS setup. In your 2016 Linux Journal article you reference, you mention using KeePassXC for your password vault. Is that still your recommendation or are there better solutions now?

1 Like
3

I can’t speak for Kyle, obviously, but I do think KeePassXC is still one of the best password managers around.

3 Likes
4

Thanks, I’m glad you liked it! I still use KeePassXC on my Qubes desktop, but I use Gnome Password Safe on my Librem 5 now, because it has an adaptive interface but can import and use my KeePassXC database.

[edit: correct the application name to “Gnome Password Safe”]

3 Likes
5

See also: https://forum.qubes-os.org/t/keepassxc-security-and-single-backend-for-all-qubes-and-healthy-password-management-practices/7348
and https://forum.qubes-os.org/t/trying-to-make-and-use-a-keepassxc-vault/220.

2 Likes
6

I want to add that I recently installed Qubes 4.1.0 RC2 and so far I have only run into some minor issues which fail into two categories:

  • tolerable
  • easily fixed

Under the tolerable heading - there’s some odd screen artifacts for decrypting the drive prior to log in. And for easily fixed, the 2GB private storage default AppVM configuration item is too small to do much else than start the AppVM. Increasing the private storage fixed that issue.

For those that are considering trying out RC2, I would assert that it’s probably safe to try!

2 Likes