Thanks for your feedback.
When you put unnecessary stuff in quotation marks, do you mean it is not really that (i.e. that it is actually necessary) or something else?
I did what you suggested:
root@dom0:~ # repoquery -q --installed --whatrequires amd-gpu-firmware.noarch
linux-firmware-1:20230625-148.fc32.noarch
root@dom0:~ #
IOW, the developers have decided that it should be impossible not to have AMD GPU firmware (and lots of other) if one wants to use small part of the Linux firmware. Yes, I know firmware is supposed to run on the device’s chip, not on the CPU, but it does not remove the fact that tons of proprietary (unreadable) stuff is present all the time and it is possible a bug (or intentional exploit) to activate unknown things in unknown new ways at unknown times.
Another example:
root@dom0:~ # repoquery -q --installed --whatrequires LibRaw
ImageMagick-libs-1:6.9.11.27-1.fc32.x86_64
root@dom0:~ # repoquery -q --installed --whatrequires ImageMagick-libs
ImageMagick-1:6.9.11.27-1.fc32.x86_64
root@dom0:~ # repoquery -q --installed --whatrequires ImageMagick
qubes-utils-0:4.1.19-1.fc32.x86_64
root@dom0:~ #
Is that really necessary (in the sense - unavoidable) in dom0?
I’ll be grateful if you would like to take efforts to identify and remove the unnecessary packages. However keeping the minimal required packages list is a maintenance burden.
I am not saying I would not like to help. However, the approach “let’s remove the bloat” seems like an attempt to fix the approach “let’s have everything first”. Wouldn’t it be saner to use only what is strictly necessary instead? Isn’t that how minimal templates are created? I wonder what we can really do.
And for hardware-specific packages I do not think it’s easy to make them uninstalled by default and then install them on your demand, as it’s not easy to keep the linux kernel ( which is quite bloated with all those firmware and modules that may not be used by your hardware ) light-weighted and contain only those code that you actually use.
This raises the questions:
- How are lightweight Linux kernels created?
- Can’t we have the same in Qubes OS?
Many years ago, when I (like others) played with recompiling the kernel for various reasons, I remember we used to do things like having needed stuff in the kernel all the time, not-so-often used as modules, remove everything else. That gave the fastest and smallest possible, yet fully functional kernel binary.
I understand that today things are probably different, but I wonder - can’t this (or a similar) approach be used?
And I have to point out that installing additional software in dom0 does not increase the attack surface ( make it easier for random attackers on the internet to hack you ): they only mean an increase on the code that you have to trust. That’s why dom0 can use an EOL fedora release and people do not need to worry. Those random packages are not security critical. As long as they do not contain code to specifically breach Xen and send telemetry home, you are safe.
Data security is not just about keeping it hidden.
In the InfoSec CIA triad, confidentiality is just one of its aspects. Integrity and availability are the other two.
Suppose there is a bug (or unnoticed exploit) in one of those bloated libraries which damages rarely used file contents randomly. Considering dom0 has full access to everything the whole time, you can figure the potential consequences. One day one may turn on the computer and find out that old data is simply not there, the messed up copies are backed up and the backup has rotated. Yeah, nothing is sent to anyone (and you are safe from other’s eyes) but the data’s integrity and availability are damaged.
Looking at the thread you linked to, the locked in 2021 GH issue and the (already closed) issue I reported today, I wonder if anyone has considered the above.