Most Linux distributions are fairly similar these days, but Qubes OS is different. Qubes OS is based on Linux, but it runs applications in lightweight virtual machines. Applications can be completely isolated from each other, limiting the damage a security vulnerability can cause and aiding in privacy. It's no surprise Edward Snowden said he was excited by Qubes OS.
Purism seems excited by Qubes OS, too. Purism's Librem laptops currently ship with Trisquel GNU/Linux, but the Librem 13 will soon ship with Qubes OS pre-installed, according to Ars Technica. All that virtualization requires some heavy hardware—the Qubes OS won't run on just anything. The Librem 13 gives Qubes OS users a supported hardware platform with the operating system preinstalled. Qubes will also certify the Librem 15, and begin testing and certifying laptops as diverse as possible in terms of geography, cost, and availability. This would give users a much better idea where to start, so they could buy laptops guaranteed to run Qubes OS well.
Purism can't yet free the firmware
Interestingly, this could also help rescue Purism from the controversy it's in with the free software community. Purism promised that its laptop hardware would be free of any closed-source code, but the Intel Management Engine and other firmware running on a modern Intel CPU will remain closed-source for the foreseeable future.
Purism Founder Todd Weaver sounds hopeful, at least in public statements. As he said to Ars Technica: "Some people say it’s impossible to free the BIOS. We’ve proposed the business case to Intel and they are evaluating it. I don’t think it’s likely it’s going to happen anytime soon, but as our numbers grow, then our leverage grows."
But even in this best case scenario, Purism's Librem laptops will have that closed-source firmware for many years to come. Qubes OS could come to the rescue here.
In a blog post titled "Intel x86 considered harmful," Qubes OS lead developer Joanna Rutkowska wrote that she "believed we could use VT-d to protect the host OS from the potentially malicious ME-based rootkits...." She went further: "I spoke to a few clever people, and concluded it’s possible to come up with a reasonable solution that would require only minor hardware modifications. Modifications which could be done by laptop OEMs, or even by more advanced users."
This is potentially big news for Purism. While Purism has no hope of getting rid of this closed-source code in the near future, Qubes OS could potentially provide a system that can isolate and protect itself from attacks, bugs, backdoors, and whatever other potentially nasty stuff could come from the firmware. It would require a minor modification that Purism could likely perform on its laptops, making Purism's laptops more compelling.
The combination of Qubes OS and Purism will be an interesting one to watch. It'll be beneficial for both sides. Qubes OS will get a certified hardware platform shipping its operating system, one that can perform whatever minor hardware changes are necessary for full security. Purism will get a much more unique operating system and package, one that makes its hardware stand out next to inexpensive Linux laptops from Dell and other manufacturers.