Intrustion Detectors in dom0: bad idea?
I think the effort by Purism to detect tampering from coreboot is worth mentioning here. It can scan the /boot partition before the OS starts.
To hack Qubes, i.e., dom0, you need to escape the hypervisor or perform a side channel attack. AFAIK, last time the former was achieved in 2006 by the Qubes founder. In other words, it’s extremely hard and unlikely. Concerning the latter, see also: Xen security advisory (XSA) tracker | Qubes OS and Qubes security bulletins (QSBs) | Qubes OS.