mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-07-30 18:19:05 -04:00
Merge branch 'sys-req-update'
This commit is contained in:
Andrew David Wong
commit
cf9da2f7d7
3 changed files with 56 additions and 81 deletions
|
|
@ -54,8 +54,8 @@ The benefits of hardware certification include:
|
|||
|
||||
## Hardware Certification Requirements
|
||||
|
||||
(Please note that these are the requirements for hardware *certification*, *not* the requirements for *running* Qubes 4.
|
||||
For the latter, please see the [system requirements for Qubes 4].)
|
||||
(Please note that these are the requirements for hardware *certification*, *not* the requirements for *running* Qubes.
|
||||
For the latter, please see the [system requirements].)
|
||||
|
||||
One of the most important security improvements introduced with the release of Qubes 4.0 was to replace paravirtualization (PV) technology with **hardware-enforced memory virtualization**, which recent processors have made possible thanks to so-called Second Level Address Translation ([SLAT]), also known as [EPT][EPT-enabled CPUs] in Intel parlance.
|
||||
SLAT (EPT) is an extension to Intel VT-x virtualization, which originally was capable of only CPU virtualization but not memory virtualization and hence required a complex Shadow Page Tables approach.
|
||||
|
|
@ -102,10 +102,9 @@ If you are interested in having your hardware certified, please [contact us].
|
|||
[version-scheme]: /doc/version-scheme/
|
||||
[Hardware Testing]: /doc/hardware-testing/
|
||||
[stateless laptop]: https://blog.invisiblethings.org/2015/12/23/state_harmful.html
|
||||
[System Requirements]: /doc/system-requirements/
|
||||
[Hardware Compatibility List]: /hcl/
|
||||
[Hardware Certification]: #hardware-certification
|
||||
[system requirements for Qubes 4]: /doc/system-requirements/#qubes-release-4x
|
||||
[system requirements]: /doc/system-requirements/
|
||||
[contact us]: mailto:business@qubes-os.org
|
||||
[SLAT]: https://en.wikipedia.org/wiki/Second_Level_Address_Translation
|
||||
[EPT-enabled CPUs]: https://ark.intel.com/Search/FeatureFilter?productType=processors&ExtendedPageTables=true&MarketSegment=Mobile
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ redirect_from:
|
|||
- /wiki/SystemRequirements/
|
||||
---
|
||||
|
||||
# System Requirements #
|
||||
# System Requirements
|
||||
|
||||
<div class="alert alert-warning" role="alert">
|
||||
<i class="fa fa-exclamation-triangle"></i>
|
||||
|
|
@ -19,60 +19,42 @@ redirect_from:
|
|||
We strongly recommend consulting the <a href="/hcl/">Hardware Compatibility List</a> to verify that Qubes can install and run on your specific model in the ways you need it to.
|
||||
</div>
|
||||
|
||||
## Qubes Release 3.x ##
|
||||
## Minimum
|
||||
|
||||
### Minimum ###
|
||||
- **CPU:** 64-bit Intel or AMD processor (also known as `x86_64`, `x64`, and `AMD64`)
|
||||
- [Intel VT-x] with [EPT] or [AMD-V] with [RVI]
|
||||
- [Intel VT-d] or [AMD-Vi (also known as AMD IOMMU)]
|
||||
- **Memory:** 4 GB RAM
|
||||
- **Storage:** 32 GB free space
|
||||
|
||||
* 64-bit Intel or AMD processor (x86\_64 aka x64 aka AMD64)
|
||||
* 4 GB RAM
|
||||
* 32 GB disk space
|
||||
* Legacy boot mode (required for R3.0 and earlier; UEFI is supported beginning with R3.1)
|
||||
## Recommended
|
||||
|
||||
### Recommended ###
|
||||
- **CPU:** 64-bit Intel or AMD processor (also known as `x86_64`, `x64`, and `AMD64`)
|
||||
- [Intel VT-x] with [EPT] or [AMD-V] with [RVI]
|
||||
- [Intel VT-d] or [AMD-Vi (also known as AMD IOMMU)]
|
||||
- **Memory:** 16 GB RAM
|
||||
- **Storage:** 128 GB free space
|
||||
- High-speed solid-state drive strongly recommended
|
||||
- **Graphics:** Intel integrated graphics processor (IGP) strongly recommended
|
||||
- Nvidia GPUs may require significant [troubleshooting][nvidia]
|
||||
- AMD GPUs have not been formally tested, but Radeons (especially RX580 and earlier) generally work well
|
||||
- **Peripherals:** A non-USB keyboard or multiple USB controllers
|
||||
- **TPM:** Trusted Platform Module (TPM) with proper BIOS support (required for [Anti Evil Maid])
|
||||
- **Other:** Satisfaction of all [hardware certification requirements for Qubes 4.x]
|
||||
|
||||
* Fast SSD (strongly recommended)
|
||||
* Intel IGP (strongly preferred)
|
||||
* Nvidia GPUs may require significant [troubleshooting][nvidia].
|
||||
* AMD GPUs have not been formally tested, but Radeons (RX580 and earlier) generally work well
|
||||
* See the [Hardware Compatibility List]
|
||||
* [Intel VT-x] or [AMD-V] (required for running HVM domains, such as Windows-based AppVMs)
|
||||
* [Intel VT-d] or [AMD-Vi (aka AMD IOMMU)] (required for effective isolation of network VMs)
|
||||
* TPM with proper BIOS support (required for [Anti Evil Maid])
|
||||
## Choosing Hardware
|
||||
|
||||
## Qubes Release 4.x ##
|
||||
|
||||
### Minimum ###
|
||||
|
||||
* 64-bit Intel or AMD processor (x86\_64 aka x64 aka AMD64)
|
||||
* [Intel VT-x] with [EPT] or [AMD-V] with [RVI]
|
||||
* [Intel VT-d] or [AMD-Vi (aka AMD IOMMU)]
|
||||
* 4 GB RAM
|
||||
* 32 GiB disk space
|
||||
|
||||
### Recommended ###
|
||||
|
||||
* Fast SSD (strongly recommended)
|
||||
* Intel IGP (strongly preferred)
|
||||
* Nvidia GPUs may require significant [troubleshooting][nvidia].
|
||||
* AMD GPUs have not been formally tested, but Radeons (RX580 and earlier) generally work well
|
||||
* See the [Hardware Compatibility List]
|
||||
* TPM with proper BIOS support (required for [Anti Evil Maid])
|
||||
* A non-USB keyboard or multiple USB controllers
|
||||
* Also consider the [hardware certification requirements for Qubes 4.x].
|
||||
|
||||
## Choosing Hardware ##
|
||||
|
||||
* Please see the [Hardware Compatibility List] for a compilation of hardware reports generated and submitted by users across various Qubes versions.
|
||||
- Please see the [Hardware Compatibility List] for a compilation of hardware reports generated and submitted by users across various Qubes versions.
|
||||
(For more information about the HCL itself, see [here][hcl-doc].)
|
||||
* See the [Certified Hardware] page.
|
||||
* See the [Hardware Testing] page.
|
||||
- See the [Certified Hardware] page.
|
||||
- See the [Hardware Testing] page.
|
||||
|
||||
## Important Notes ##
|
||||
## Important Notes
|
||||
|
||||
* **Installing Qubes in a virtual machine is not recommended, as it uses its own bare-metal hypervisor (Xen).**
|
||||
* Qubes **can** be installed on systems which do not meet the recommended requirements.
|
||||
- **Installing Qubes in a virtual machine is not recommended, as it uses its own bare-metal hypervisor (Xen).**
|
||||
- Qubes **can** be installed on systems which do not meet the recommended requirements.
|
||||
Such systems will still offer significant security improvements over traditional operating systems, since things like GUI isolation and kernel protection do not require special hardware.
|
||||
* Qubes **can** be installed on a USB flash drive or external disk, and testing has shown that this works very well. A fast USB 3.0 flash drive is recommended for this.
|
||||
- Qubes **can** be installed on a USB flash drive or external disk, and testing has shown that this works very well. A fast USB 3.0 flash drive is recommended for this.
|
||||
(As a reminder, its capacity must be at least 32 GiB.)
|
||||
Simply plug the flash drive into the computer before booting into the Qubes installer from a separate installation medium, choose the flash drive as the target installation disk, and proceed with the installation normally.
|
||||
After Qubes has been installed on the flash drive, it can then be plugged into other computers in order to boot into Qubes.
|
||||
|
|
@ -80,8 +62,8 @@ redirect_from:
|
|||
store) before deciding on which computer to purchase.
|
||||
(See [hcl-report] for advice on hardware compatibility testing.)
|
||||
Remember to change the devices assigned to your NetVM and USBVM if you move between different machines.
|
||||
* [Advice on finding a VT-d capable notebook][vt-d-notebook].
|
||||
* You can check whether an Intel processor has VT-x and VT-d on [ark.intel.com](https://ark.intel.com/content/www/us/en/ark.html#@Processors)
|
||||
- [Advice on finding a VT-d capable notebook][vt-d-notebook].
|
||||
- You can check whether an Intel processor has VT-x and VT-d on [ark.intel.com](https://ark.intel.com/content/www/us/en/ark.html#@Processors).
|
||||
|
||||
|
||||
[nvidia]: /doc/install-nvidia-driver/
|
||||
|
|
@ -92,13 +74,11 @@ redirect_from:
|
|||
[hcl-doc]: /doc/hcl/
|
||||
[hcl-report]: /doc/hcl/#generating-and-submitting-new-reports
|
||||
[Anti Evil Maid]: /doc/anti-evil-maid/
|
||||
[live USB]: /doc/live-usb/
|
||||
[#230]: https://github.com/QubesOS/qubes-issues/issues/230
|
||||
[vt-d-notebook]: https://groups.google.com/d/msg/qubes-users/Sz0Nuhi4N0o/ZtpJdoc0OY8J
|
||||
[Intel VT-x]: https://en.wikipedia.org/wiki/X86_virtualization#Intel_virtualization_.28VT-x.29
|
||||
[AMD-V]: https://en.wikipedia.org/wiki/X86_virtualization#AMD_virtualization_.28AMD-V.29
|
||||
[Intel VT-d]: https://en.wikipedia.org/wiki/X86_virtualization#Intel-VT-d
|
||||
[AMD-Vi (aka AMD IOMMU)]: https://en.wikipedia.org/wiki/X86_virtualization#I.2FO_MMU_virtualization_.28AMD-Vi_and_Intel_VT-d.29
|
||||
[AMD-Vi (also known as AMD IOMMU)]: https://en.wikipedia.org/wiki/X86_virtualization#I.2FO_MMU_virtualization_.28AMD-Vi_and_Intel_VT-d.29
|
||||
[EPT]: https://en.wikipedia.org/wiki/Second_Level_Address_Translation#Extended_Page_Tables
|
||||
[RVI]: https://en.wikipedia.org/wiki/Second_Level_Address_Translation#Rapid_Virtualization_Indexing
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue