Hold on to your Pi(s)... Qubes may have a use for them

I believe many of us are in the same situation: having a raspberry pi just gathering dust on the shelf. For those who haven’t been paying attention, the current development direction (Qubes Air) may take us to a oasis of raspberry pi usefulness:

Read more on the original blog post about this update

This is just really a post to catch anyone who had not seen this yet and may identify themselves with this wasted computing situation…


So If I’m understanding this correctly, the idea is to use each separate computing device as a single VM host and chain them together into a system, potentially allowing every RPi to host one or more fragments of the system in a physical package.

For example, I’ve often wondered whether sys-net is the most vulnerable given its an HVM that handles PCI devices and is connected to the internet without any filtration (internally). The biggest threat is sys-net being used as a bridgehead to punch through Xen, which leads to GameOver™. Moving sys-net onto a physically separated RPi adds another layer of insulation, but is not a magic bullet as that RPi will have to connect to the Qubes PC via NIC or USB, which entails a receiving HVM PCI qube, so an attacker with the ability to compromise the RPi can simply just repeat that step.

Maybe sticking a firewall (another RPi or smaller device running Mirage would be ideal IMO) between the sys-net RPi and the Qubes OS machine would provide enough insulation, but then again I’m not really knowledgeable about technical matters and am just thinking out loud.