search

freedomofpress / securedrop-workstation-docs

User documentation for the SecureDrop Workstation
https://workstation.securedrop.org/
GNU Affero General Public License v3.0
5 stars 4 forks source link

Overhaul the hardware guide #224

Open nathandyer opened 3 months ago

nathandyer commented 3 months ago

This PR overhauls the hardware guide by making a few key changes:

  1. It removes our specific laptop recommendations, instead referring people to the Qubes hardware compatibility list.
  2. It clarifies a few specific requirements for hardware, namely 32GB of RAM (removing the confusing language about production use), as well as a USB 3.0 flash drive with minimum 8GB of capacity.
  3. It provides a generalized BIOS update section, which points folks to fwupd on supported systems, and to their manufacturers instructions for instances where fwupd is not supported.

Fixes

Fixes #211 Fixes #210 Fixes #69

Testing

zenmonkeykstop commented 3 months ago

Seconded on the HCL - ISTR it was discussed and we were kindof leaning towards:

nathandyer commented 3 months ago

Thanks both for the review and discussion! I'll table this for now and we can return to it again when the timing is right.

deeplow commented 2 months ago

I just learned via @deeplow that Qubes how has fwupd integration - https://github.com/freedomofpress/securedrop-workstation/issues/1125; is that stable enough for us to recommend via docs until we build it into the updater? Otherwise I think the steps you added are fine.

If we're recommending fwupd anyways, we might as well use the integrated one, especially in the installation phase, where it's an admin fully dedicated to the thing and not a regular user just wanting to get work done. I don't think it matters much if we do the firmware update prior to the Qubes install or after.

1x Qubes-certified recco (most likely the Novacustom NV41 (coreboot/heads still undecided) 1x "mainstream" recco (most likely a Lenovo T-series known to work well with 4.2) only as a 3rd option would we mention the HCL, with limited support implications.

I think these are reasonable recommendations. However, for the novacustom one we may want to to provide some guidance. For example, some may see a 32gb dimm and choose it, where the proper choice would be 2*16GB, and then the firmware part may have too many options. In my opinion guidance here will be critical to avoid some avoidable situations.