Insurgo PrivacyBeast X230 Laptop – QubesOS Certified & preinstalled – Single Order

CAD $1,581.00

Available on backorder

(1 customer review)

This QubesOS certified refurbished laptop is the highest-end Lenovo Thinkpad X230 model, with following specifications  (~986$CAD/unit, shipping and taxes included to be shipped to Insurgo)

  1. Intel Core i7 3520M 3rd Gen. 2x 2.90GHz-3.60GHz (Turbo) (4MB L2 cache) CPU
  2. 16GB DDR3 memory
  3. 256GB Solid State Drive, SSD-III 6GB/s Hard drive
  4. Trusted Module Platform (TPM) v1.1
  5. Brilliant 12.5″ IPS LED HD 1366×768 Panel
  6. Intel HD 4000 graphic card
  7. Built-in Webcam
  8. 2x Fast USB 3. 0 ports (left side blue ports) + 1x USB 2.0 port (right side yellow port)
  9. HD Mini-DisplayPort TV-Out (Mini-DP port)
  10. Backlit keyboard
  11. WiFi controller: Atheros AR5BHB116 a/b/g/n 300Mbps MINI PCI-E
  12. Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection
  13. Original Lenovo AC Adapter
  14. Original Lenovo Working Battery (60% capacity, guaranteed for 14 days upon delivery)

It comes with a Librem Key/NitroKey Pro v2, required for visual firmware integrity attestation (~80$CAD/Unit shipping and custom taxes clearance included to be shipped to Insurgo). It is also used to attest boot files integrity after each system components upgrade, for which integrity is validated against user’s public key inserted into the ROM.

It also comes with 16Gb microsd and a SD-to-microsd converter, permitting to put the microsd into Read Only mode when put in untrusted computers. It comes with the latest installation media and signatures files of QubesOS, while original Lenovo firmware files and provisioned secrets are stored in an encrypted partition for which randomly selected diceware passphrase to unlock it will be communicated to you through secure communication channel (~15$CAD/Unit, included in price).

You pay a fixed fee of 500$CAD (included in price) for the Intel ME neutering, Heads installation, QubesOS preinstallation and tamper evidence seals, while helping me maintain Heads and integrate it to a larger number of models, while collaborating on QubesOS to ease user experience and facilitate hardware acquisition from freedom defenders all around the world.

Available on backorder

Category:

Description

Insurgo Technologies Libres / Open Technologies’s PrivacyBeast X230 laptops are highest-end, refurbished A quality Lenovo ThinkPad X230 laptops, in which Intel ME has been neutered and the proprietary boot firmware, replaced with Heads Open Source firmware to attest it’s integrity at each boot, making it trustworthy.

Insurgo preinstalls latest QubesOS on it, with diceware randomly selected passphrases to encrypt disk content,  seals the boot and firmware integrity with the provided Librem Key/Nitrokey Pro v2 for you to visually validate that nothing has been tampered with during transit. Insurgo also owns the Librem Key/Nitrokey Pro v2 with diceware selected Admin and User PINs, injecting a temporary public GPG key into the firmware. Insurgo seals the integrity of the firmware both through TPMTOTP (using laptop’s Trusted Platform Module) which is also sealed into NitroKey/Librem Key, providing the user with two ways of making sure the hardware has not been tampered with since it left his hands: with a QRCode to scan on his smartphone prior to hardware reception and by plugging the NitroKey Pro v2/Librem Key at first boot, which should flash green to attest laptop firmware and boot configuration trustability.

Upon reception, you will be asked to re-own your new hardware by: re-encrypting your QubesOS installation, selecting a new Recovery Disk Key passphrase to replace OEM’s, factory resetting your Librem Key/Nitrokey Pro which will generate a new GPG key pair, asking you to choose your own Admin and User PINs to use this USB GPG SmartKey also externally, to encrypt/sign files and E-Mails. At the end of this re-ownership process, the firmware will contain your public key injected in it. Your GPG card will be required to sign each QubesOS boot related upgrades, the signatures of the files being validated with your public key present in ROM, automatically at each boot. Your new Librem Key/NitroKey will need to be plugged in at each boot, visually attesting that the boot firmware (root of trust of the computer) has not been tampered with by a third party by flashing its LED green if in a known state or red if taken measurements mismatches.

 

 

Additional information

Weight 2.5 kg
Dimensions 37.5 × 31 × 11 cm

1 review for Insurgo PrivacyBeast X230 Laptop – QubesOS Certified & preinstalled – Single Order

  1. Jan

    I haven’t tried Insurgo’s devices yet, but friends of mine have been using coreboot on this model for years now and are happy. I’ve been using one of these with qubes for several years now and it’s awesome. The i7 config of this laptop with 16GB RAM is great with qubes and can even run a Windows VM at 4~8GB memory allocated. CPU speed is about the same as for much newer (and more expensive) models. Only battery runtime is a bit lacking (2~3h on a 9-cell battery for me) but spare batteries are available easily enough.

Add a review

Your email address will not be published.