Insurgo PrivacyBeast X230 Laptop – QubesOS Certified & preinstalled

CAD $1,300.00

Out of stock

(2 customer reviews)

This QubesOS certified refurbished laptop is the highest-end Lenovo Thinkpad X230 model, with following specifications:

  1. Intel Core i7 3520M 3rd Gen. 2x 2.90GHz-3.60GHz (Turbo) (4MB L2 cache) CPU (fastest CPU available for that model)
  2. 16GB DDR3 memory (maximum capacity for that model)
  3. 256GB Solid State Drive, SSD-III 6GB/s Hard drive (option not customizable)
  4. Trusted Module Platform (TPM) v1.1
  5. Brilliant 12.5″ IPS LED HD 1366×768 Panel
  6. Intel HD 4000 graphic card
  7. Built-in Webcam
  8. 2x Fast USB 3. 0 ports (left side blue ports) + 1x USB 2.0 port (right side yellow port)
  9. HD Mini-DisplayPort TV-Out (Mini-DP port)
  10. Backlit USA keyboard
  11. WiFi controller: Atheros AR5BHB116 a/b/g/n 300Mbps MINI PCI-E
  12. Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection
  13. Original Lenovo USA AC Adapter (Input: 100-240V, 2.5A-0.5A 50/60Hz, Output: 20V, 4.5A, Connector: M11)
  14. Original Lenovo Working Battery (60% capacity, guaranteed for 14 days upon delivery)

It comes with a Librem Key/NitroKey Pro v2, required for visual firmware integrity attestation. It is also used to attest boot files integrity after each system components upgrade, for which integrity is validated against user’s public key inserted into the ROM.

It also comes with 16Gb sdcard, permitting to put it into Read Only mode through a mechanical switch when to be put in untrusted computers. It comes with the latest installation media and signatures files of QubesOS, while original Lenovo firmware files and provisioned secrets are stored in an encrypted partition for which randomly selected diceware passphrase to unlock it will be communicated to you through secure communication channel.

You pay a fixed fee of 500$CAD (included in price) for the Intel ME neutering, Heads installation, QubesOS preinstallation and tamper evidence seals, while helping me maintain Heads and integrate it to a larger number of models, while collaborating on QubesOS to ease user experience and facilitate hardware acquisition from freedom defenders all around the world.

Out of stock



Insurgo Technologies Libres / Open Technologies’s PrivacyBeast X230 laptops are highest-end, refurbished A quality Lenovo ThinkPad X230 laptops, in which Intel ME has been Neutered+Deactivated and the proprietary boot firmware and unused space replaced with Heads Open Source firmware to attest it’s integrity at each boot, making it trustworthier.

Insurgo preinstalls latest QubesOS on it, with diceware randomly selected passphrases to encrypt disk content,  seals the boot and firmware integrity with the provided Librem Key/Nitrokey Pro v2 for you to visually validate that nothing has been tampered with during transit. Insurgo also owns the Librem Key/Nitrokey Pro v2 with diceware selected Admin and User PINs, injecting a temporary public GPG key into the firmware. Insurgo seals the integrity of the firmware both through TPMTOTP (using laptop’s Trusted Platform Module) which is also sealed into NitroKey/Librem Key, providing the user with two ways of making sure the hardware has not been tampered with since it left his hands: with a QRCode to scan on his smartphone prior to hardware reception and by plugging the NitroKey Pro v2/Librem Key at first boot, which should flash green to attest laptop firmware and boot configuration trustability.

Upon reception, you will be asked to re-own your new hardware by: re-encrypting your QubesOS installation, selecting a new Recovery Disk Key passphrase to replace OEM’s, factory resetting your Librem Key/Nitrokey Pro which will generate a new GPG key pair for desired e-mail address, asking you to choose your own Admin and User PINs to use this USB GPG SmartKey also externally, to encrypt/sign files and E-Mails. At the end of this re-ownership process, the firmware will contain your public key injected in it. Your GPG card will be required to sign each QubesOS boot related upgrades, the signature of the files digest (sha256sum of files) being validated against signed version with your public key present in ROM, automatically at each boot. Your new Librem Key/NitroKey will need to be plugged in at each boot, visually attesting that the boot firmware (root of trust of the computer) has not been tampered with by a third party, by flashing its LED green if in a known state or red if taken measurements mismatches.



Additional information

Weight 2.5 kg
Dimensions 37.5 × 31 × 11 cm

2 reviews for Insurgo PrivacyBeast X230 Laptop – QubesOS Certified & preinstalled

  1. Jan

    I haven’t tried Insurgo’s devices yet, but friends of mine have been using coreboot on this model for years now and are happy. I’ve been using one of these with qubes for several years now and it’s awesome. The i7 config of this laptop with 16GB RAM is great with qubes and can even run a Windows VM at 4~8GB memory allocated. CPU speed is about the same as for much newer (and more expensive) models. Only battery runtime is a bit lacking (2~3h on a 9-cell battery for me) but spare batteries are available easily enough.

  2. Patrick U.

    I’ve been using this laptop for the past couple of months now and have to say I couldn’t be happier. Finally, I have a machine I can trust the software it comes with. Be forewarned it takes sometime to reown out of the box but it’s certainly worth the effort.

Add a review

Your email address will not be published.