Does using PureOS or Trisquel in Qubes OS would improve security?

Does using PureOS or Trisquel in Qubes OS would improve security?
If so, do templates exist or should I use them as standalone vm ?

I’m sorry to ask, but please be a little more specific: What do you mean by “improve security”? Security [against|for] what exactly?

E.g.: Do you want to increase availability of service(s), improve the level of trust or simply be a little better protected against malicious attacks? Maybe something else?

Furthermore: Where exactly do you want to use it?

qubes-trust-level-architecture778×591 112 KB

(Source: Introduction | Qubes OS )

Well, I will say security related to malicious/surveillance code.
All source code of these 2 distros are free, open source and audit-able (from what I understand of the free software foundation).

Does anyone is using them successfully in a template or standalone vm?
Thanks

tl;dr: IMO you’ll gain nothing substantially. Maybe some good vibes while pressing the power button.

Again, and just to understand: Where would that malicious code come from? If a $DISTRO is audit-able … well, who does the audits? For what code exactly? Firmware included? Do you want to do it yourself?

Did you calculate your gains from the fact, that you change to $DISTRO? If so: What’s the percentage of actual gain? In what field? Did you calculate the risk, that anybody but yourself did something wrong (not in a malicius way) while creating a template or uploading or signing it? Did you calculate the risk, that you are doing something wrong, while “deviating” from the suggested path of KISS (including not to tinker with defaults you’re not sure that they are wrong)?

air_gap_2x684×432 23.8 KB

(Source: xkcd: Air Gap )

Essentially: Qubes security is not about any $DISTRO running somewhere. It’s about compartmentalisation. At the same time – please don’t get me wrong: If you just like PureOS or Trisquel more, so here you go. Just don’t expect substantial “SECURITY” gains from using it.

There are no template for those.

Yes, what I will do with audit-able code is my business (check the code, recompile some part, a package or an entire application from sources, monitor code that send suspect packet, …).

Isolation is not security, it is just containment of damage.

So does anyone use PureOS or Trisquel in Qubes OS?
Thanks

thk

And that “containment of damage” is all you can do (and I still think it’s a lot done, if you get it right) about “security”, because you can’t control everything all at once. Not the hardware, not the enclosed firmware, not the cell towers you are connected to, not all your data lines (end to end) …

BTW. and with all respect: I don’t believe, you can really audit any $DISTRO in a “serious” and sufficiently fast way (dealing with up- and downstream code) …

I would add that security is the ability to protect integrity, confidentiality and availability of a service or data.

Isolation not only reduce the reach of damages, but Qubes OS also isolate components like network and use strict firewall rules.

At the moment, the hardening of guests operating systems is quite minimal and left to the end user. However, I’m really not convinced that a FSF approved libre distro will have a better security than something like fedora or Debian where the high amount of contributers and we’ll defined internal processes are well established.

A bit off topic, but I write it down for people who read this later, I’d also add that pentester distros like parrot or Kali are just not made to be used as “hardened distro”, they are just useful for pentester in their job where they need tons of tools in a fresh environment. There are no reasons to use them for anything else.

Thank to share your ‘belief’
I believe the opposite way - auditable code bring security

It’s not like you can’t audit fedora or Debian code.

Yes. Security by strict code correctness is possible (in theory and for small amounts of code). But there is an amount of code and code complexity nobody can control. So it’s not the correctness I’m doubting, it’s the amount of time you’ll need …

Besides … manual reviews will always miss things. Automated tools will always miss things. Formal verification can work. But then you have to verify the right properties and avoid gaps in your formal model. (Before you even start verifying, you need to create a mathematical model of what your software is supposed to do, and what you explicitly want it never to do.) Also, you have to redo all the verification for every change in the system. And in the xz case, you wouldn’t have even found the problem by looking at any piece of source code.

Does using PureOS or Trisquel in Qubes OS would improve security?

It is quite possible that using a fully libre distro may actually worsen the security because CPU microcode (and its updates) are proprietary and if the distro does not include them, then your CPU will be vulnerable to Spectre-like stuff. OTOH, if a distro does include proprietary microcode, it is not truly libre.

Trisquel supports POWER9 (which has free microcode) but that CPU is not supported by Qubes OS.

Here just a paragraph - for people who will read it later as you say
[The section about Debian is in the link]
[Yes, It will take me a lot of time to remove the surveillance code currently in the so called common ‘best popular’ distro - At least Qubes provide the virtualization architecture required to isolate the damage - it should provide a template for PureOS or Trisquel]

https://www.gnu.org/distros/common-distros.en.html
Except where noted, all of the distributions listed on this page fail to follow the guidelines in at least two important ways:

• They do not have a policy of only including free software, and removing nonfree software if it is discovered. Most of them have no clear policy on what software they’ll accept or reject at all. The distributions that do have a policy unfortunately aren’t strict enough, as explained below.
• The kernel that they distribute (in most cases, Linux) includes “blobs”: pieces of object code distributed without source, usually firmware to run some device.

If this is important to you, you should not use Qubes OS because it also fails to these guidelines.

Right. For this reason on an ordinary install these have worse
security, and bizarrely hide the fact that there are kernel issues that
need to be fixed. But as Qubes templates, by default they will use the
provided kernels.
So then you are comparing distros- a Debian minimal template has fully
free software: in what way is this not auditable? @alain, What makes you think
that PureOS or Trisquel could improve security in Qubes?

I’ve provided Trisquel in the past and build it for some clients. I
could provide it publicly again if it was wanted. I wouldn’t touch
PureOS.

Yes maybe I should not use Qubes OS if it continue to let Debian add private code source in their template. Maybe the Qubes developers will understand their responsibility to force a clean open source vm in the future or stop pretending that Qubes OS is the most secure OS in the planet, since it is only as good as the default template (Debian)?

I don’t think it prevents microcode updates from being loaded by the firmware.

As far as I understand, it means you don’t get updates loaded by the OS, and you have to update your firmware to get microcode updates.

Putting the responsibility on the user doesn’t improve security, but it also doesn’t mean your computer will be vulnerable to transient attacks.

Qubes deliberately does not claim to be the most secure OS on the
planet.
Did you actually read my post?

The Debian template contains microcode for AMD and Intel processors, and
firmware. You could remove these packages - you would have a less secure
template, but it would contain only libre software.
My offer to provide a Trisquel template stands, if it is wanted. (I
mean, wanted by more than one person.)

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.