Nice thing with linux is, you don’t need much ram to run the OS. 8GB would be enough provided you didn’t use apps that consume memory for its usage. IE video games, video editing, etc. IMO, I would get 8GB ram and save some $, and if you NEED more buy compatible ram off newegg or something alike. Only reason I see you needing more ram is if you need more VM’s in cubes per workload. But sounds like your purpose, buy/sell crypto and the like (assume general browsing etc) 8GB will be enough.
250 NVME is more than enough. You will be likely getting a Samsung 980 Evo like mine, and Its plenty of room for your needs. Plenty fast enough too.
I suggest you read these two, and understand that both are different things. They both function on purism devices to aid in privacy and security. I would say they are both required but I am not sure that is 100% correct.
The librem key https://puri.sm/products/librem-key/ is an added feature of security and itself does a few things. This works with Coreboot and Purboot IIRC as well as your OS to validate any changes made to the /boot config. If changes were made to the device, the librem key will tell you when you boot up as it checks all those systems to confrim the keys previously signed by an admin were not changed. I do recommend you get the librem key as it is essential to learn the process Purism takes to aid in your privacy and security.
Only thing that would have made things easier for me is to get Coreboot USB as well but I can (and did) make my own. So no big deal but if you aren’t that savy with computers, it is one thing you do not have to worry about if you get the USB.
TBH, I think the Librem is a wonder ful product though I only own a Mini. I am waiting for details on the battery, the screen size, and keyboard - darn tiny shift button, before I buy one. I am possinly waiting for v2 librem 14, or if they come out with a higher res, larger screen, I really really want a thunderbolt port that will allow an EGPU to be installed so I can bring a desktop 3080 for hash cracking, and it all be portable.
But for your needs, I think out of the box, Using PureOS or Qubes OS will be sufficient and with the tamper proof stuffs, your crypto will be safe. I do crypto as well, and is one thing I do on the Mini now that I do not have to give my data to Microsoft, Intel, and any other blobware intalled to invade on my privacy. I also trade, leverage trade, so I need as much security and privacy as I can get.
I would get the NVME drive but keep it to the smallest size they offer. You won’t need more till you know it. Same for Ram. Save a few bucks and get the coreboot, pureboot, librem key and vault package. Also if you can get 3 cell vs 4 cell battery, do research that as that enables your second NVME slot to be used. ATM I believe 3 cell batteries are out of stock? Have to check for yourself.
Other than that, tbh I can only recommend you READ everything you can on Purism and your product of interest. Search google, youtube, the forums here, and possibly Reddit if you need. I would make sure you want to purchase before you do, as their return policy needs a lil work (IMO).
Overall though, Librem 14 looks like a solid device. There are some issues but there is a support team here that can help.
Also: I think you should get the Wifi thingy and if you want to not use it, Remove it and store it safe with mounting hardware for when you do!
Hi @KennyGG, great questions. I have a Librem 15v4 and I tried Qubes on it, but running multiple VM’s just caused the fan to always be running. So, I went back to PureOS 10 for it with Sway for the desktop and it runs great. That being said, the L14 appears to be really well designed for Qubes. If I had the money and willing to wait for delivery I would get the L14 and run Qubes. But, to your questions:
I think 32gb is plenty for qubes. I run Qubes 4.1rc1 on my desktop with an older i7-6700k processor with 32gb ram and it runs really well. I’m not taxing the machine much though.
I think 250gb might be on the tight side. You could definitely make it work, but it can be tough. my recommendation is have 500gb or if you can make it work with a 2nd drive, then the first at 250 is good. the 2nd can be for backups or other uses.
I use pureboot on my 15v4 w/ PureOS. IT works great and I love it. I have the librem key, that is part of Pureboot. I know it is supposed to work fine with qubes, but I’ve seen some posts where people have difficulty with pureboot and qubes. Others can weigh in on that.
the librem key is part of it. fundamentally, the LK gives more capabilities to leverage encryption/security/tampering checks on more of the hardware. That is how I interpret things at least. So, it is a higher level of security and piece of mind. One thing to keep in mind though with that increased security is an increased chance of screwing something up and locking yourself out of an encrypted system that you can’t get back into. so, if you are using this to store crypto wallets storing money. You want to have a broader game plan for how you maintain integrity and assurance of your financial assets to be able to access them when you need to. Not just the security aspect of the technology you are using.
the vault usb is just a basic usb drive, nothing special other than the fancy casing on it It is where you can store important encryption keys for the Librem Key, or any other important files you want outside of your main laptop. Again, this is how I look at it and use it. Others might have other ideas.
I do like Purism as a company and its values, etc. The 15v4 I have has battery issues (mine has died and waiting on backorders to get a new one). The general build quality is ok at best. I’ve heard great things about the L14 though. Much more sturdy I think. So, in general I do think the Librems are great products, but not for the everyday user, you need to have good tech skills to truly leverage them, and everything is taking a long time to deliver (I’m still waiting on my L5, don’t expect it for 6 months at least). I love Qubes also. It is a great OS. But, I find that it can have limitations also. Mostly in how you want to leverage it for your everyday usage. the security by separation into qubes is great, but you have to develop some pretty extensive operating habits to work around things. In that context I have come to like and appreciate PureOS as a secure and easier to use OS for most day to day things.
So, it looks like you are doing your homework on the technology side of things. I would encourage you to give some thought about your lifestyle choices, because everything that Purism and Qubes and other solutions offer, are great, but only if it works with your own personal situation, needs and challenges.
It is true. Though I can’t say how many VM’s the OP will be needing to buy/sell crypto or browse the web for related. TBH and with no offense to Purism, but their upgrade costs are a little high for me. I can get an upgrade on the NVME or RAM for less than they offer. That is why I say just get the bare min for your requirments and if you find you need more. just upgrade yourself. These devices do not use special ram or drives so any compatible device can be swapped. IIRC 2400 max ram speeds are used as well as 2280 sized NVME drives.
I am a stickler for getting best performance / quality for $ when purchasing a product. If you search newegg you can find a samsung pro 500 gb gen 4 nvme for 100$ and that delivers the fastes speeds without throttling. I believe this drive is available but is for more $ in the upgrade list. Same for ram, IIRC you can get a nice set of 32GB ram @ 2400 for under what purism offeres in the upgrade list.
I cannot say how much Ram is needed with a Librem 14 to run Qubes because I do not own one. Though research says 6GB ram will run Qubes, and I expect the OP to only need minimal app running to complete his/her tasks.
That all said, I do find the 16GB ram upgrade to be fair enough, and that will work for the OP as well, say they didnt want to do all that upgrading themselves. And for the Drive, I do not find any of the other options to be viable for the cost. But that is because I am a stickler, again.
I ordered a fully-loaded Librem 14 w/ Qubes OS back on 1 May and am still waiting for it despite it being in stock and claimed to be delivered in 8 weeks then (now the website says 12 weeks) and then even got the address confirmation email saying it would be delivered in 10 business days back in July. YMMV
Another thing to consider is I got a 14 but then decided to cancel the order before it has been made or shipped. and I was told I will have to wait several weeks possibly months for my credit card to be refuned. So I am making payments on a thing I returned (though it hadnt even been made or shipped) and I will have to wait a bit for the refund.
Despite this, I still think the Purism product line is strong and worthy 100%. Just be sure you want to wait for the shipping and understand if you change your mind, it is a pain in the ass to accept. Also there is a restocking fee @10%!
I seriously considered ordering a fully-loaded Librem mini instead of the LIbrem 14, but the 50% more cores/threads (6/12) were my deciding factor for me which I would imagine would be important for gaming at least.
I may be wrong but I thought you could run Qubes OS on the mini as well and have the same security.
To clarify, as I understand it, Corboot and Purboot are both installed in Purism comptuers. I do not believe you get to choose one or the other. Purism Librem laptops and Mini come with both coreboot and pureboot installed, along with the OS of your choice. Now, you can install any OS you want, but PureOS is configured to work with the coreboot and pureboot softwares. Cubes will also work with this configuration, all keeping Lilbrem key as the authenticator.
The community here is great at getting you help and I believe 100% in their work here, being security and privacy focused. Keep a positive attitude with a perspective to learn and you will have no issue you cannot overcome.
I get the sense that PureOS is great for everyday activity, including work, financial, private or social, etc. Cubes would be more for dedicated purpose, application specific, thus journalism, whistle blower, or even criminals. PureOs is a basic Linux distro that is privacy focued but without a speciality function, like Qubes. At least that is my understanding of the two.
The mini, for me, is a learning platform as well as a privacy focus machine. Its identical to the Librem 14 in that it has the same coreboot, pureboot, HEADS, pureOS, non Intel ME cpu, etc. Though they are obviously not identical in hardware, the company here still chooses hardware that has less or no blobware installed. AFAIK, they are basically the same difference though one not mobile, and one with less core/threads. Obviously the other feature differences remain but at their core, I believe they get the same treatment by Purism to de blob them.
I would assume the security on the 14 vs Mini are near the same. Other than it may be easier to steal the laptop when in public spaces, and the mini can be stolen if they are in your home. As long as the attacker is in physical location of either, the risk the same really. As for the other means of risk, I cannot think of any other differences. They are nearly the same software wise as far as I know, the same for hardware excluding the obvious physical difference etc.
I would not consider the Mini or Llibrem appropiate for gaming. Though I am sure they can run some games, The 14 is not designed for heacy gpu use, ie it comes with intel based graphics without a dedicated gpu for gaming. that aside, I am sure they both play the games they can, well. The 4 c 8 t Mini CPU is a beast of a cpu… and I can only imagine the 6 c even more so. They both smoke my skylake cpus out of the water. Id imagine they both would work well for light gaming.
I would get yourself a second set of mouse keyboard for the privacy focus machinery. To compartmentalize fully, you should get new stuff and keep them seperate. Thats is how I work, I got a 25$ logitech k&m from office depot and they work fine. No keylogger installed from my old daily driver! Now why would I risk all that other effort and $ invested? I wouldnt. Just get a new k&m.
I haven’t much knowledge of typical computer monitors themselves being a security risk though I know everything and anything can be hacked, even non computer related. That said, I think any given monitor would work provided you haven’t committed crimes with your other computers. AND they are not smart tv’s used as monitors. If you want to be safe, just get a used monitor off Craigslist? That is what I did. used 25$ 1080p shitbox I slap around all the time when it flashes.
Scroll down till you see vPro and surrounding. It also helps to know what technology surrounds vPro but that is what Intel is calling the entire remote backdoor now adays.
Yes system 76 and starlabs do have more Intel ME than purism products. System76 latest computes use 11th gen intel cpus which all come with Intel ME lol … Ironic right? The website does not clarify this as well and leaves the consumer guessing. I had to dig to find this and once I did, I said well there goes that company. They are simply glorified computers with PopOS preinstalled, imo. Purism is the ONLY company I see going to such an extent to help aid in privacy and security. That is why I got two of their devices myself.
Well, looks like non-VPro is an option for Framework laptops as well and although they do not have all the Purism security features, they do have physical hardware switches and at least do deliver ON TIME and offer real right-to-repair solutions.
If you click on Configure Now, you can select the following: “Intel® Wi-Fi 6E AX210 No vPro®”
Built-in hardware privacy switches give you complete control over access to the camera and microphones. Our embedded controller firmware is fully open source, and we don’t preload any extra software. You can even install a privacy focused OS on a Storage Expansion Card and take it with you.
@SteveA I was considering a System 76, Framework, Pursim and Star Labtop MK V.
But from houres of “research” this is my conculsion:
System 76: They dont remove the Intel ME, hard to find it on their websites, but I think I found one of the project engineers on reddit saying that they desided not to remove it to make the sytem work better (or something like that):
Star Labtop: This one I almost ordered, love the design and price ;p, but found out that alot of people had proplems with the screen. Also found other bad reviews of the product.
Framework: This one I havent done to much reaserch on, but a guy in some youtube video (cant remember the exact one) had some negative comments about it. It also only ships with Windows 10 that makes me feeling like it dont meet what I look for.
Best laptop/mini for Qubes OS
Best security laptop
Expensive, but still the best
Long delivery time, people complaining about not getting their money back after canceling orders
All in all I wanted to order the Star Labtop, but I rather use more money to get a safer product.
I will start with the mini, If I like it and find out that Qubes OS are something I find usefull for my demands ill maybe order a Librem 14 V2 later. Then Ill use the Librem Mini with Kali and try to hack my Librem 14 to look for improvements in security ;p.
But thats for 2022/2023, atm I cant even hack Windows 95 so ;p. Ill guess it some houres of learning to be able to hack anything ;p.
Librem 14 is my first choice but after 6-7 months my drop-dead date is 15 December and if I don’t have it in-hand by then, I’m getting a refund and ordering the Framework DIY edition like someone else here that did the same and reported outstanding review of the Framework DIY edition laptop.