What is Qubes (Reasonably secure OS).
A virtualisation masterpiece built around Xen Dom0 and Fedora. A security focused Polish lady named Joanna Rutkowska founded / created the idea for Qubes. Focusing on security through isolation using virtualisation.
Building an OS where every application and even OS layer cannot be trusted, and thus can be replaced with alternate or disposible VM layers each with varying degree’s of security(paranoia) applied to them.
Qubes also allows classification of the security contexts (via color coding of security levels). So that you can easily determine if a VM/Application is related to your “work” or insecure/disposable or personal etc.
This enable use-cases that would otherwise be very hard to configure on a stand-alone Linux installation.
Allowing for instance running certain applications over a Tor network stack, while keeping all your internet banking separate. While being able to separate all your “work” and personal information in separate VM’s that could be running totally different versions of Linux or Windows. While hard to verbally describe. It’s simple to visualize the separation of concerns.
For Qubes to work properly, you will need an Intel CPU with VT-x or AMD CPU with SVM along with IOMMU support allowing for physical device pass through to your virtual machines.
To check your CPU flags for SVM:
cat /proc/cpuinfo |grep svm
Let’s go over the installation steps, it’s essentially like installing any other Linux distro. With a bit of post setup configuration thrown in for good measure.
Selecting the default language / keyboard layout.
From the installation summary page you can modify your installation and setup your full disk encryption (except boot) using the hard drive partitioning selection to continue the installation.
From here you can encrypt and choose your partitioning scheme along with encryption pass-phrase.
You are prompted to create your user account during the actual installation process.
That’s it reboot, and onto the post-install configuration steps.
From here a bit of house keeping for how you actually want your system to run / startup. And you will be thrown into the desktop environment afterwards.
Once installed and configured, you will be greeted with a relatively tame XFCE desktop environment, with a menu that’s been pre-populated with all the Qubes goodies / Template VM’s and Qubes manager.
The Qubes manager allows the management of all the VM’s through Dom0’s virtual machine manager.
Here’s what the menu looks like basically just allowing launching all sorts of Virtual machines, which you will later be able to configure as separate environments for each of the application contexts that you will be running. There is a fair bit of work in using Qubes. However the benefits are literally security. So sometimes things are worth the bit of extra effort.