Hello
I use Arch Linux.
I recently heard of Qubes and it sounds appealing, I want to know if I could replicate something similar to my current configuration on Qubes.
Right now:
I run Arch Linux on my host, my host uses Secure Boot with sbctl to sign my kernel (so I’m not too familiar with the typical secure boot setup) . My root partition is also encrypted with LUKS2 (not that it matters as long as it’s encrypted).
My host operating system is rather bare, it contains nothing but a GNOME wayland desktop, tor browser, a video player, Mullvad VPN client, and a QEMU/KVM virtual machine manager.
Most of my time is spent within an Arch VM where I do my web browsing and in a Windows VM where I play games and use Windows-only software.
I know many of the core components of my setup aren’t available on Qubes (Secure boot and KVM virtual machines) however I would be willing to settle if the security is similar to that.
These are my main questions:
-Would I be able to setup something similar to a vfio virtual machine as a Qube HVM where I pass through an NVIDIA GPU and keep my AMD APU running the host’s graphics? I use looking glass to interface with my Windows VM and I’m not sure if that kind of setup would work. (I would hope to have comparable security)
-Could I use Wayland on Qubes? I mainly need Wayland for it’s security and I know Qubes is mainly based on X. Would Qubes provide similar security to Wayland in the sense that the input and output of applications who’s input and output I would want to be isolated (i.e. a web browser and a game)? (I assume applications would be isolated within their Qube.)
-I assume the answer is yes but just to be sure, is disk encryption supported?
My hardware, if it matters:
Gigabyte motherboard with a b450 chipset
An AMD CPU w/ integrated graphics
An NVIDIA RTX 3070 within an isolated IOMMU slot (not that I explicitly configured this, but it is required for VFIO as far as I know)