Merge branch 'cert-hw-req'

user/hardware/certified-hardware.md

@@ -85,9 +85,9 @@ compatible with Qubes OS. The benefits of hardware certification include:
 
 ## Hardware Certification Requirements
 
-(Please note that these are the requirements for hardware *certification*,
+**Note:** This section describes the requirements for hardware *certification*,
 *not* the requirements for *running* Qubes OS. For the latter, please see the
-[system requirements](/doc/system-requirements/).)
+[system requirements](/doc/system-requirements/).
 
 A basic requirement is that all Qubes-certified devices must be be available
 for purchase with Qubes OS preinstalled. Customers may be offered the option to
@@ -134,6 +134,20 @@ compatible with Qubes OS, the BIOS must properly expose all the VT-x, VT-d, and
 SLAT functionality that the underlying hardware offers (and which we require).
 Among other things, this implies **proper DMAR ACPI table** construction.
 
+Most laptops use PS/2 connections internally for their input devices (i.e.,
+keyboard and touchpad). On most desktops, however, USB-connected keyboards
+and mice have become standard. This presents a dilemma when the computer has
+only one USB controller. If that single USB controller is dedicated solely to
+the input devices, then no untrusted USB devices can be used. Conversely, if
+the sole USB controller is completely untrusted, then there is no way for the
+user to physically control the system in a secure way. In practice, Qubes users
+on such hardware systems are generally forced to use a single USB controller
+for both trusted and untrusted purposes --- [an unfortunate security
+trade-off](/doc/device-handling-security/#security-warning-on-usb-input-devices).
+For this reason, we require that every Qubes-certified non-laptop device
+**either** (1) supports non-USB input devices (e.g., via PS/2) **or** (2) has a
+separate USB controller that is only for input devices.
+
 Finally, we require that Qubes-certified hardware does not have any built-in
 _USB-connected_ microphones (e.g. as part of a USB-connected built-in camera)
 that cannot be easily physically disabled by the user, e.g. via a convenient

user/hardware/system-requirements.md

@@ -26,7 +26,9 @@ title: System requirements
 - **CPU:** 64-bit Intel or AMD processor (also known as `x86_64`, `x64`, and `AMD64`)
   - [Intel VT-x](https://en.wikipedia.org/wiki/X86_virtualization#Intel_virtualization_.28VT-x.29) with [EPT](https://en.wikipedia.org/wiki/Second_Level_Address_Translation#Extended_Page_Tables) or [AMD-V](https://en.wikipedia.org/wiki/X86_virtualization#AMD_virtualization_.28AMD-V.29) with [RVI](https://en.wikipedia.org/wiki/Second_Level_Address_Translation#Rapid_Virtualization_Indexing)
   - [Intel VT-d](https://en.wikipedia.org/wiki/X86_virtualization#Intel-VT-d) or [AMD-Vi (also known as AMD IOMMU)](https://en.wikipedia.org/wiki/X86_virtualization#I.2FO_MMU_virtualization_.28AMD-Vi_and_Intel_VT-d.29)
+
 - **Memory:** 6 GB RAM
+
 - **Storage:** 32 GB free space
 
 ## Recommended
@@ -34,19 +36,35 @@ title: System requirements
 - **CPU:** 64-bit Intel or AMD processor (also known as `x86_64`, `x64`, and `AMD64`)
   - [Intel VT-x](https://en.wikipedia.org/wiki/X86_virtualization#Intel_virtualization_.28VT-x.29) with [EPT](https://en.wikipedia.org/wiki/Second_Level_Address_Translation#Extended_Page_Tables) or [AMD-V](https://en.wikipedia.org/wiki/X86_virtualization#AMD_virtualization_.28AMD-V.29) with [RVI](https://en.wikipedia.org/wiki/Second_Level_Address_Translation#Rapid_Virtualization_Indexing)
   - [Intel VT-d](https://en.wikipedia.org/wiki/X86_virtualization#Intel-VT-d) or [AMD-Vi (also known as AMD IOMMU)](https://en.wikipedia.org/wiki/X86_virtualization#I.2FO_MMU_virtualization_.28AMD-Vi_and_Intel_VT-d.29)
+
 - **Memory:** 16 GB RAM
+
 - **Storage:** 128 GB free space
   - High-speed solid-state drive strongly recommended
+
 - **Graphics:** Intel integrated graphics processor (IGP) strongly recommended
   - Nvidia GPUs may require significant
     [troubleshooting](/doc/install-nvidia-driver/)
   - AMD GPUs have not been formally tested, but Radeons (especially RX580 and
     earlier) generally work well
+
 - **Peripherals:** A non-USB keyboard or multiple USB controllers
+
 - **TPM:** Trusted Platform Module (TPM) with proper BIOS support (required for
   [Anti Evil Maid](/doc/anti-evil-maid/))
-- **Other:** Satisfaction of all [hardware certification requirements for Qubes
+
-  4.x](/news/2016/07/21/new-hw-certification-for-q4/)
+The following are *required* for [Qubes-certified hardware
+devices](/doc/certified-hardware/) but *merely recommended* for *non-certified*
+hardware (see the [hardware certification
+requirements](/doc/certified-hardware/#hardware-certification-requirements) for
+details).
+
+- Open-source boot firmware (e.g., [coreboot](https://www.coreboot.org/))
+
+- Hardware switches for all built-in USB-connected microphones (if any)
+
+- Either support for non-USB input devices (e.g., via PS/2, which most laptops
+  already use internally) or a separate USB controller only for input devices
 
 ## Choosing Hardware