Github Issues #6191, #2051, #1415 - Installation Media Creation Issues - Long-term Goals & Targets


  • Issue #6191 - Improve secure installation media preparation process for Windows and Mac users
  • Issue #1415 - Make Qubes images compatible with UNetbootin
  • Issue #2051 - Consider relaxing installation medium validation check to accommodate Windows

All of the above are more or less the same. How many times people have asked about installation media verification failure on forum (and elsewhere)? Since they used Rufus on Windows to create their media.

Brief rant / ignore this

Telling user to go write the ISO to Flash stick with dd on a Linux/macOS/_nix based machine is far from perfect. Many just bought a PC with Windows preinstalled and do not have access to *nix based OS. And dd is scary not only for people from Windows background, but also for veteran Linux users. A simple typo and you wipe your precious data. Many humorously refer to it as Disk/Drive Destroyer or The Data Destroyer.

Telling them to go buy a certified Laptop with Linux preinstalled is also far from perfect.

We could/should do better.


Windows adds “Volume Information” directory to FAT filesystem automatically. What this directory is, its content and how to suppress its creation is discussed in issue #2051 during a detailed conversation between Marek and Pete Batard (creator of Rufus). It is impossible to completely switch to ext4 for installation media as (W)Intel had managed to force FAT in ESP specs.


Relaxing Installation Medium Validation

We could reject the above idea. Qubes OS is a security focused project. What we need is more verification. Not less.

Two stage Installation Media Creation

1st ISO is burnt to Flash. It has only one ext4 partition bootable in legacy mode. Verifies itself after boot. Then asks for another USB Flash to burn the actual installation media. This solution is complex and needs two Flash drives. Better to skip it.

Dedicated Media creation tool

It is not rocket science. It should be possible to fork one of the existing ones, make a native one for Qubes OS with advanced checksum verification. Adding Windows policy modification tricks to it to temporarily suppress Volume Information directory creation. So here are some of the candidates.

  • Rufus is open source but Windows only. So unusable.
  • UNetbootin code looks horrible. The project Github page is like a graveyard. With many unattended open issues and open pull-requests.
  • balenaEtcher has become popular recently. But has Apache License. We could skip it.
  • Fedora Media Writer - The best candidate so far. Written in C++ with Qt/QML. Cross-platform. Should be easy to compile and test on the existing templates.
Cross-platform concers

Since Qubes project might obtain a Windows Developer license for QWT, it might be possible to sign the Installation Media creator executable. We could skip macOS users for the time. Since new Macs are not x86-64 based machines and the old ones have dd.


New (arm64) Macs have dd too! So you can prepare the Qubes install media on any Mac, and use your trusty old T430 for Qubes. :wink:


I have to double check the cost of Apple Developer license. I remember it was around $100 per year. And it is also necessary to see if any of the current core team members owns an Apple and is willing to compile & sign the (hypotetical) Qubes Installation Media Writer. This will be far from now in the future.

We have to fork Fedora Media Writer which is GPL 2 licensed, then remove all Fedora specific Artwork and add Qubes Artwork. Then we add the Qubes ISO URLs & data to it. Then compile it on a Fedora based AppVM and test it. After using it for a while, we could proceed forward with ports for Windows, Mac and other Distros, adding the Windows Policy trick to Windows port of it.

I have no actual time-table for all of the above. I have some pending projects to complete and then will put this high on the agenda. If no-one else takes the initiative.

1 Like