For the Qubes ISO there are GPG signatures that can be verified. The default templates must be therefore trusted upon installation.
After that, the system is updated. There will be updates from both Debian and Qubes. The user may also install software from Qubes or Debian repositories (let’s ignore third parties).
Is there a way to recheck the signatures for all distribution and Debian software, in all templates and persistent VMs?
I get that, all the user has to do is to verify the initial signatures. Optionally, the user may also verify the Qubes master that is in the template and dom0. After that, the template and dom0 will take care of signature verification automatically. But this may not be true in a compromise system. I want to manually check and see that the binaries (or source code from which these binaries are produced) are signed by a key that is signed by the master key. I hope this doesn’t get me to reproducible builds, which is incomplete!
I do not understand what you are trying to do. Are you talking about a compromised Template VM or dom0? In the latter case, it’s game over™ and no verification will help you. However, a system restore might . In the former case, checking signatures in a compromised VM can return you any result, depending on what your attacker wants, i.e., it’s meaningless. If you suspect a compromise, recreate the VM, or follow the same guide .