I’ve had a good time with my Thinkpad E16 Gen 1 over the past few months (definitely lower spec than your machine - pretty much all of them have only an iGPU). A lot of them are still upgradable - I upgraded mine from 8GB of RAM to 24GB, and the thing had dual drive bays, so I just left the stock 256GB Windows drive and put in a 2TB alongside it for Linux stuff.

As long as you have a recent kernel, hardware support is decent, so long as you avoid the models with Realtek (my E16 does have Realtek, but I managed to smooth out issues).

BTW usually the graphics glitches weren’t immediate, but would come after waking it from sleep a few times.

As an ex-Linux on Surface Go 1 user, I didn’t like the experience. Under Debian Testing, it was always mostly usable, but I’d come across the weirdest bugs, like graphics glitches. Also, last time I checked, the camera was miserable to set up - I got it working, but it’s really weird. Secure boot was also really painful.

Running Linux on the Surface Go made me curse the Surface line and put the Go in a junk drawer. I might go back to it one day, but I have no reason at the moment. Still, if you already own one, it’s worth a shot.

If you go ahead, though:

1. Whatever easily supported the linux-surface kernel.
2. I really don’t know. I don’t quite use Linux in that manner.
3. No. SD cards are slow, so the system will take an eternity to load. Put personal files on the SD and the install internal, not the other way around.
4. I have no idea about the pen, but the keyboard mostly worked fine. I remember it having problems in the Debian installer, so I had to use a USB hub dongle and a keyboard to install, but after that I remember it working pretty well both mainline and linux-surface.

Debian is on the right track. XFCE might work - I remember it running pretty well on a laptop with 4 gigs.

Not necessarily - pavucontrol switched to GTK4, and there are a lot of other applications that I use that are on it as well. If XFCE stays on X11, I wouldn’t be able to run any application that updates to GTK5 (except through some hack like running Weston nested in X, which I used to do when I used Waydroid).

Stares in Debian Testing. (Though I use Bookworm on my laptop, probably soon to be Trixie. Nice thing about Trixie is I’ll no longer have to use the Backports kernel on my Thinkpad and can just stay on the LTS one.)

Let’s just hope XFCE can finish the transition before then. If not, I am not looking forward to having to shop for a new DE.

I’m not sure about NVIDIA drivers. Otherwise, it depends on what kernel your distro is using; if it’s Debian, there’s a chance you might have problems, though you could install the backports kernel, which I do on my Thinkpad E16.

I think it wasn’t actually Stallman - it’s a common misattribution.

Depends on your hardware and distro. Might not be so bad assuming it’s one of those old Thinkpads. Also, though, if you’re on Debian; they deblob their kernel already and put the blobs in separate packages so they can be optionally used. Don’t install any blobs and you’re good.

It’s mostly a breeze. The only misery I can recall is I remember I had a wonky knockoff Arduino board that kept jumping serial ports, but that was a hardware issue.

I agree. The only feature where I’d say it’s weaker feature-wise is it doesn’t have any form of virtual GPU acceleration - either you deal with software rendering or have to pass through a graphics card (I’ve done it, but it’s not easy.).

Otherwise, I’d say it tends to run better than VirtualBox, though it’s been years since I last used Vbox anyhow. A plus is Virt Manager comes in most distro repos, whereas VirtualBox doesn’t. Also, it allows you to directly edit the XML, so you can do some cool stuff that would be really annoying (not impossible) to do in VirtualBox.

Coolio, but I won’t be using it at least until it hits Debian Testing. Hopefully this can be in Trixie - looks like the freeze hasn’t happened yet.

I don’t know that I’ve used enough handheld Linux devices to say. The only major one was I had Debian on my Surface Go 1. Power management never worked quite right - after a few suspends, I’d get these weird graphics glitches and have to reboot.

Also, I kind of hated the keyboard- it wasn’t very sturdy and often flexed, causing accidental trackpad clicks.

I still have the device, but when I need a portable Linux machine, I just go to my Thinkpad these days, which other than installing the backports kernel for Wi-Fi support and then adjusting the modprobe.d entry because it was Realtek pretty much just goes brrrr - even my desktop gave more of fuss, as I used to be in a room without ethernet and needed a card that worked with Windows, Linux, and Hackintosh (from before I got rid of my Windows install and my Hackintosh SSD conked out, leading me to switch to virtualization).

He also is oddly enraged about Debian including slightly old versions of Xscreensaver in stable. I get his reasons - dumb people will submit bug reports for things that might already be fixed - but also, Debian has a promise to keep and is well within their rights since the software is FOSS.

Not quite. Upon a Google, it looks like they are hacks, but Wayland doesn’t support programs (like the Xscreensaver daemon) blanking the screen and would need a standard to do so.

However, these screensavers are just individual binaries that the daemon executes, so although they won’t pop up automatically, you should still be able to run and enjoy them as fun little graphics demos.

Cool. In a little over a month, I hit 3 years.

If it doesn’t simulate a connected monitor, it looks like there are little HDMI shims that do called EDID emulators that are available for relatively cheap.

(Note: Anything I say could be B.S. I could be completely misunderstanding this.)

Clevis isn’t too difficult to set up - Arch Wiki documents the process really well. I’ve found it works better with dracut that mkinitcpio.

As for PCR registers (which I haven’t set up yet but should), what I can tell, it sets the hash of the boot partition and UEFI settings in the TPM PCR register so it can check for tampering on the unencrypted boot partition and refuse to give the decryption keys if it does. That way, someone can’t doctor your boot partition and say, put the keys on a flash drive - I think they’d have to totally lobotomize your machine’s hardware to do it, which only someone who has both stolen your device and has the means/budget to do that would do.

You do need to make sure these registers are updated every kernel update, or else you’ll have to manually enter the LUKS password the next boot and update it then. I’m wondering if there’s a hook I can set up where every time the boot partition is updated, it updates PCR registers.

You’re somewhat right in the sense that the point of disk encryption is not to protect from remote attackers. However, physical access is a bigger problem in some cases (mostly laptops). I don’t do it on my desktop because I neither want to reinstall nor do I think someone who randomly breaks in is going to put in the effort to lug it away to their vehicle.