I’ve been running Qubes 4.1 on a very old (2012!) laptop without IOMMU. 4.1 reaches EOL in July, and my understanding is that Qubes 4.2 won’t run without IOMMU support. My attempts to upgrade 4.1 in-place or fresh-install 4.2 have failed. I’m also having problems starting the Debian 12 template under 4.1 - something about a different Qubes protocol version. Anyway, my question is, is this summer the end-of-the-road for Qubes without IOMMU?
I know many people will say just get a newer laptop, and perhaps I should, but:
- This one has a nice 17" full-HD screen and room for an SSD AND TWO HDDs (OS and mirrored data respectively) AND a DVD drive; that’s not common on modern laptops.
- Even if I found a modern machine that did the above, it would be expensive and have no guarantee to work with Qubes.
- I just don’t want to buy a new computer when I already have a working one.
My threat model is relatively simple: no targeted attacks, just random malware delivered by web browser or email, leading to a cryptolocker or whatever the ordinary user account can get (e.g. website login passwords).
I am aware of the extra security offered by IOMMU and although I probably don’t need it myself, I see why Qubes uses it these days. However, it’s a shame that this may lead me to abandon Qubes.
It seems my ‘best’ option for running an up-to-date OS with isolation will be to use a plain host OS and add VirtualBoxes with immutable drive images for my DVMs. Which is a big step backwards for efficiency and usability compared to Qubes, but at least it will keep working and updating on this laptop. Are there any better options?