Qubes OS, the security-focused operating system that Edward Snowden said in November he was “really excited” about, announced this week that laptop maker Purism will ship their privacy-focused Librem 13 notebook with Qubes pre-installed.

Built on a security-hardened version of the Xen hypervisor, Qubes protects users by allowing them to partition their digital lives into virtual machines. Rather than focus solely on security by correctness, or hide behind security by obscurity, Qubes implements security by isolation—the OS assumes that the device will eventually be breached, and compartmentalises all of its various subsystems to prevent an attacker from gaining full control of the device. Qubes supports Fedora and Debian Linux VMs, and Windows 7 VMs.

One of the biggest problems with Qubes is that hardware support can be tricky. In order to take full advantage of the OS's many innovative security features, you'll need a CPU that supports virtualisation technology, including both Intel VT-x (or AMD-v) and Intel VT-d (or IOMMU), plus a BIOS with TPM (for Anti-Evil Maid). Running a dozen VMs or more, as many Qubes users do, can be resource-intensive, so plenty of RAM and a fast processor are essential.

This has made shopping for a Qubes laptop something of a crapshoot. In the past, Qubes devs have recommended installing the OS on a 32GB live USB and testing it in-store before purchasing. The alternative: order a laptop online and ship it back if it doesn't work. High-end Lenovos are popular with Qubes users as they tend to work out of the box. But even then there are no guarantees, as the Qubes hardware compatibility list makes clear.

“The problem is that the manufacturer themselves often make changes to the hardware of a computer throughout the lifecycle of that laptop,” Michael Carbone of the Qubes Project told Ars. “The features Qubes takes advantage of are not features normally advertised by a vendor. This is a minefield for new users and ends up turning them off.”

The Librem 13 is just the first of many

Qubes wants to lower the barrier of entry for new users, including security-conscious enterprise users who might want to buy a number of laptops for their staff. In addition to the Librem 13, Qubes plans to certify the larger Librem 15, plus other laptops that are “as diverse as possible in terms of geography, cost, and availability.” Qubes tests the laptops they certify to ensure compatibility with all the OS’s features.

Purism has worked closely with Qubes developers since before the laptop manufacturer's successful crowdfunding campaigns, which raised a combined total of more than $800,000 (£530,000), to meet the demands of security-conscious Qubes users. Purism manufactures their own motherboard, and all chips are designed to run free software. The Librem also ships with hardware kill switches for the camera, microphone, and Wi-Fi.

Todd Weaver, Purism's founder, emphasised the company's uncompromising vision to offer users a free-as-in-freedom laptop. Purism is seeking the Free Software Foundation's “Respects Your Freedoms” certification, but that goal faces a substantial hurdle: freeing the BIOS of the Intel FSP and ME binaries.

“Some people say it's impossible to free the BIOS,” he told Ars. “We've proposed the business case to Intel and they are evaluating it. I don't think it's likely it's going to happen anytime soon, but as our numbers grow, then our leverage grows.”

Qubes lead developer Joanna Rutkowska is working on a design solution to mitigate the risk of trusting Intel’s Management Engine (ME). In October she published “Intel x86 considered harmful,” a prelude, according to her blog post, to proposed hardware modifications “which could be done by laptop OEMs, or even by more advanced users.”

In the long-term, though, “The only solution is to push up into the hardware manufacturing process the free software beliefs that I have,” Weaver said. “When we negotiate for parts, the first thing we negotiate is free software to run it.”

Beyond the beardies

The end goal of the partnership between the two projects is to reach beyond the hardcore free-as-in-freedom types to bring security, privacy, anonymity, and software freedom to the masses. It follows, then, that ease-of-use is a priority for both projects.

“Convenience is the number one thing we focus on providing,” Weaver said. “We want to make a product that’s easy to use, elegant, and equal to or more convenient than the alternatives.”

Qubes' latest iteration, 3.1rc, announced this week, also aims to make the OS more accessible to non-technical users. A new installer will automate the creation of many of Qubes' cutting-edge features, like a USB VM (to protect against USB malware); networkless “vault VMs” (to store sensitive documents, encryption keys, or a KeePassX database); and Whonix VMs.

Whonix for Qubes implements a pair of virtual machines—a gateway and a workstation. The gateway Torifies all network traffic, ensuring that even if an attacker exploited a bug in a workstation application (like the Tor Browser), the attacker would not be able to de-anonymise the user.

This new configuration stack enables “recipes” that admins can create to standardise workflows for a particular job or at a particular organisation. A journalist might want to do all their research in a Whonix workstation VM, for instance, and store their documents in an offline vault VM. Recipes can also reduce the likelihood that a new user will shoot themselves in the foot by, say, running KeePassX in the same VM as their Web browser, which would negate the security-by-isolation benefits of Qubes.

Weaver argues that bringing the free software philosophy to hardware is critical to ensuring human freedom going forward. "When I look at the future of computing, right now we have computers that are external and you're typing on a keyboard and looking at a screen," Weaver said. "But we're moving towards wearables, attachables, embeddables. Will these devices respect your freedom?"

"We have to be fighting for our freedoms today," he added, "so that we can pave the way for when devices are attached to ourselves, you're in control of your body."

The Librem 13 is available for pre-order on CrowdSupply at a base price of £1,070 ($1,624 / €1,482). The recommended add-ons for Qubes, including hardware kill switches and an SSD, bring the total to £1,145 ($1,738 / €1,585). Orders ship in January. There's an additional £50 shipping charge for any orders outside the US.

J.M. Porup is a freelance cybersecurity reporter who lives in Toronto. When he dies his epitaph will simply read "assume breach." You can find him on Twitter at @toholdaquill.