I use a dedicated machine. It’s not recommended to dual-boot Qubes because even if the Qubes install is encrypted, /boot isn’t. A second OS can modify it and compromise Qubes before it loads. Sharing hardware also means the other OS can tamper with BIOS/UEFI firmware, which puts the entire system at risk. Anti Evil Maid can alert you if /boot was changed, but it can’t prevent it or undo the damage. It’s also recommended to buy new hardware if you’re serious about security. And if you’re looking to run QubesOS on a dedicated machine, the hardware compatibility list is your friend. With Qubes, newer doesn’t always mean compatible. It should be noted that the unofficial community-recommended hardware list is for 4.1, and we are on 4.2.4 with 4.3-rc3 already released for testing, but you can find good recommendations and answers on the forum.

Qubes OS

System requirements

Minimum: CPU: 64-bit Intel or AMD processor (also known as x86_64, x64, and AMD64)- Intel VT-x with EPT or AMD-V with RVI, Intel VT-d or AMD-Vi (al...

Qubes OS

Hardware compatibility list (HCL)

Qubes is a security-oriented, free and open-source operating system for personal computers that allows you to securely compartmentalize your digita...

Qubes OS

Certified hardware

The Qubes OS Project aims to partner with a select few computer vendors to ensure that Qubes users have reliable hardware purchasing options. We ai...

Qubes OS Forum

Community-recommended computers

R4.1 Note: upgrading heads/coreboot is required for R4.1 install to work. Laptops brand model CPU max. mem in GB (slots)[1] USB ctrl.[2] core ...

Isn't the BIOS/UEFI firmware closed source? Meaning the attack vector is by intelligence agencies being allowed to install their blobs into the image pre signing?