I am on a surface device. There is custom kernel available on surface here GitHub - linux-surface/linux-surface: Linux Kernel for Surface Devices
I know this kernel works for my device and have previously installed it on pop os and it was working flawlessly. Pop os uses kernel stub and sytemd boot, so i have working wiki for installing this kernel on systemd boot pop os and kernel stub with auto update on .
I noticed vm’s can have their own kernels in qubes.
Is it possible to install this kernel either in dom 0 or as a optional kernel for vm’s.
If this works, it would allow touch and surface pen functionality on my surface pro.
Regarding security, i like qubes mainly for compartmentalization and don’t really have a high threat model. So if this gives me a little convenience with cost of security, i might be willing to take that tradeoff, or atleast am curious enough to try.
Any help in this regard is highly appreciated.
I was also wondering about this in isolation, then stumbled upon this. This would be interesting to pursue to see if this is possible.
However, I count myself lucky that I was able to install Surface Pro 4, as an example in February 2022 with Qubes OS version 4.1.0.
(Even though WiFi seems to work, I am currently having an Ethernet USB issue - but that’s a digression.)
My first guess is that it’s a lot easier to user the custom Linux Surface kernel with Linux installed onto a physical machine. Since Qubes OS isn’t like Pop!_OS, this could be tricky.
As mentioned, out of the two methods (installing the Linux Surface kernel via dom0, which has severe security implications; or via each VM template), the former seems the best. The latter seems more tricky.
Due to how touch was described on Qubes in a post from late 2019 on Qubes 4.0, I’m not super excited about touch working - especially some applications don’t scale properly, even when turning the scaling from 1x to 2x. Personally, I’d like to use the Surface Pen, but it’s not a very high priority.
Not sure if this is related at all, but even in 4.1.0, the GUI Domain is an opt-in feature.
It’s possible to use a custom kernel in a VM (as in non-default), but those seem to be more like going from the LTS Linux kernel 5.10 to current release 5.16, according to this per VM.
My best guess is figuring out a way to install such the Linux Surface kernel via dom0, but this might be done in a robust way via contributed packages - which would require passing the inclusion criteria and need maintenance efforts.
If there is a better way, I’d like to hear about it. However, all of this is not within my skill level right now, and I had found the above information with some quick online searching with DuckDuckGo (whose results have been poor lately for some reason).