I attempted to install QubesOS today. This is more of a postmortem of what didn’t work than an overt request for help, as I wound up spending most of the day dealing with just trying to get it installed and it ultimately crashed and got stuck in a reboot loop. However, if this is a known issue, please do let me know. Maybe I’ll give it another shot.
The context is that I was finally setting up a second NVMe drive to act as a btrfs RAID1 mirror. I’ve been using Arch, but I’ve wanted to give QubesOS a try so I can easily run untrusted things or sandbox things with the highest assurance, possibly switch my primary OS by running Arch in a VM as I migrate away from it.
My original hard drive configuration is an EFI system partition and LUKS over a btrfs filesystem with root and home subvolumes. For the mirror drive, I initially figured I would do an EFI system partition, a QubesOS root partition, and an LVM partition. I could not find a good description of how to manually partition the drive in the official install guide, so I came up with this based on a forum post where someone did a vague explanation of how their QubesOS drive partition table looked.
Initial attempt:
- biosboot (after the install nagged me that my system didn’t support EFI, I think I may have booted in the wrong mode)
- fat32 partition for boot (but no mountpoint)
- btrfs root partition (on /)
- LVM (empty)
GRUB couldn’t find the (I assume root) partition via UUID. I then attempted a second install.
Next:
- biosboot (didn’t bother trying without)
- boot partition (/boot/efi)
- LVM
- btrfs root partition in LVM (on /)
GRUB booted just fine, but it had no menu options, and trying to cryptomount what I thought was the LVM partition failed
Third try I just did automatic. This, finally, booted.
Initial setup:
- Not sure what default template to use, pros/cons aren’t specified
- Not all options are included in the install guide. I assume it’s out of date.
- Automatically accept USB mice isn’t explained. Why is this pad?
- Create vm-pool isn’t explained. Why is this an option?
- Implications of make sys-net disposable aren’t explained
- Template install takes a long time with no meaningful progress indication
I mostly left things alone. I did specify to make sys-net disposable, since I figured that was likely better.
After this, QubeOS rebooted. I attempted to boot it twice. Both times it prompted me for the disk password, then it blanked and rebooted.
At this point I gave up. I had spent hours trying to install it, and had simply run out of time and patience. If the distro is supposed to be secure, configuring a few user settings on startup shouldn’t be sufficient to cause it to crash or panic. That screams a memory issue to me, which is a red flag for something intended to be secure. The documentation seems to be out of date. The install was slow (though part of that may have been due to the flash drive I used) and the initial set up was even slower without any clear reason.
I can tell a lot of work has been put in to the OS, but I just don’t have time to figure things out via trial and error because of cut corners in the documentation.