Why Libreboot BIOS cant fit Qubes needs out of the box:

I have spoken to Leah Rowe (the developer of Libreboot) through email and he answered:

Does your hardware support Qubes security check list?

https://www.qubes-os.org/hcl

HVM: yes, but only with microcode updates which are non-free.

libreboot doesn’t include them, but I can flash a coreboot ROM (latest

coreboot) with microcode. the microcode would be the only non-free

software.

what is microcode? answer: the CPU instruction set is implemented by

software that reconfigures the logic gates inside the CPU. the gates

are designed to be configurable, unlike some other CPU architectures

(e.g. ARM) where it’s hardcoded in the circuitry

microcode is the most common way to implement an ISA because it allows

flexibility and also permits mistakes to be corrected: these

corrections are provided via updates.

the microcode built into the CPU is read-only. the “updates” are

applied at each boot, and have to be re-applied again on each

subsequent boot.

when libreboot is installed, there is no microcode update applied by

default due to the fact that libreboot’s goal is to be 100% free

software. however, the coreboot project does distribute them. NOTE: if

you choose to have microcode, the laptop that you receive will not be

RYF-endorsed anymore, but it’ll still be otherwise free software

IOMMU: partial. GPU is not fully isolated

SLAT: no

TPM: no (hardware supports it, but it’s not supported in libreboot)

Qubes should boot, but it would have to be modified to do so.

i see , that sad it doesnt support it out of the box.

when do you think libreboot will fully support Qubes needs?

(TPM,IOMMU…etc). (ofcourse exception would be HVM since it need non-free software)

well never. libreboot can’t support qubes on x200/t400, due to

unstable virtualization without microcode updates

if you want something that works well with qubes and is libreboot, get a workstation with the asus kgpe-d16 board and a 16-core (or 2 16-core!) opteron CPUs in it. it’s plenty fast, supports huge amounts of RAMand supports everything that qubes requires.

opteron 62xx series is stable without microcode updates. avoid older ones and avoid 63xx series