I currently use Arch but use QEMU VMs for everyday tasks, is Qubes right for me?

Hello
I use Arch Linux.
I recently heard of Qubes and it sounds appealing, I want to know if I could replicate something similar to my current configuration on Qubes.

Right now:
I run Arch Linux on my host, my host uses Secure Boot with sbctl to sign my kernel (so I’m not too familiar with the typical secure boot setup) . My root partition is also encrypted with LUKS2 (not that it matters as long as it’s encrypted).
My host operating system is rather bare, it contains nothing but a GNOME wayland desktop, tor browser, a video player, Mullvad VPN client, and a QEMU/KVM virtual machine manager.
Most of my time is spent within an Arch VM where I do my web browsing and in a Windows VM where I play games and use Windows-only software.

I know many of the core components of my setup aren’t available on Qubes (Secure boot and KVM virtual machines) however I would be willing to settle if the security is similar to that.

These are my main questions:
-Would I be able to setup something similar to a vfio virtual machine as a Qube HVM where I pass through an NVIDIA GPU and keep my AMD APU running the host’s graphics? I use looking glass to interface with my Windows VM and I’m not sure if that kind of setup would work. (I would hope to have comparable security)

-Could I use Wayland on Qubes? I mainly need Wayland for it’s security and I know Qubes is mainly based on X. Would Qubes provide similar security to Wayland in the sense that the input and output of applications who’s input and output I would want to be isolated (i.e. a web browser and a game)? (I assume applications would be isolated within their Qube.)

-I assume the answer is yes but just to be sure, is disk encryption supported?

My hardware, if it matters:
Gigabyte motherboard with a b450 chipset
An AMD CPU w/ integrated graphics
An NVIDIA RTX 3070 within an isolated IOMMU slot (not that I explicitly configured this, but it is required for VFIO as far as I know)

Hi @AmazingArchUser123, welcome to the Community! I’m glad you find Qubes OS appealing.

On Qubes, the AdminVM runs nothing but VMs and has no Internet connection, so it should be more secure than your current setup.

Related discussions: one, two.

Yes, if you have a second GPU: see Another 2. GPU passthrough post and Can I run applications, like games.

Yes.

Not yet.

Yes. Actually, Qubes provides a stronger security, because it relies on hardware virtualization to isolate the VMs and has a much smaller Trusted Computing Base.

You can try to find similar hardware in the HCL and make a guess whether it would behave well with Qubes.

4 Likes

@AmazingArchUser123 , I have a background in running cloud infra and building platforms on Unix and Unix-like operating systems. The relevant technical details are available out there in Qubes’ documentation and other projects’ documentation. My suggestion to you would be, contemplate: Design is Destiny. Categorically, you’re much safer on Qubes than Linux+KVM+Qemu on Arch.

Check the HCL, if there is not much on this device at the HCL, please consider not just what the Qubes forum can do for you, but what you can do for the Qubes forum.