Dom0 Security

Is there any security benefit which can be derived from using an alternative distro other than fedora-25/32

for dom0? Those are listed here:

There have been plenty of discussions in the past. It might be a good idea to read through them before starting a new discussion that is bound to touch all the same opinions again.

… there are plenty more discussions about alternative windows managers (mostly Gnome) in dom0 and why the distri in dom0 is so old / EOL (see FAQ for this too).

In summary (my understanding):

  • Since there is no networking in dom0, any bugs discovered in dom0 desktop components (e.g., the window manager) are unlikely to pose a problem for Qubes, since none of the third-party software running in dom0 is accessible from VMs or the network in any way. Nonetheless, since software running in dom0 can potentially exercise full control over the system, it is important to install only trusted software in dom0.

  • The Qubes OS project is actively working on moving more of the hardware handling into dedicated qubes: sys-net, sys-usb, sys-audio, sys-gui, etc. Once this is isolated in a qube you can choose which distro to use.

  • Eventually there won’t be any GUI and only very little hardware handling left in dom0 at which point the project might switch to a very minimal build specific to Qubes OS (no other distribution needed).

  • Even longer term Qubes OS (Air) might make use of other compartmentalization techniques and there might not even be a Xen/dom0 anymore but only admin qube(s).

Basically: it is what it is now, it’s not an issue short-term and long-term the whole question becomes irrelevant.


Please consider the explanations in the last paragraphs of this post.

Understandably the admin qubes/compartmentalization/Xen part is far away from current times, the above two bullet points would be a huge boost to security, as trusting fedora, as it says in the docs, isn’t very wise whatsoever.

1 Like