Is installing qubes on a compromised system dangerous

If i install qubes os in a hypothetical not so trusted network and there is an MITM attack could the signatures prove that it was tampered. Also if hypothetically the base os was infected and i reverified that everything with this step How to re-verify installation media after writing could it be still tampered without me knowing? Thanks


Personally, I like to double-check hashes from a library computer. It seems unlikely that the same person would be able to compromise both my ISP/home network and the library’s network. Unless they have a lot of resources or are literally the government, in which case I don’t have the resources to defend anyway.

1 Like

What do you mean library computer? Is it like an extra computer offline.

There is a difference between:

  1. proving that a file/ISO has been tampered with (let’s call this goal 1)
  2. proving that a file/ISO has not been tampered with (let’s call this goal 2)

On one hand: file signatures cannot prove that the file has been tampered with (goal 1). If the signature is invalid:

  • the file may have beem tampered with
  • or there might have been an error when downloadimg or copying the file

The signature itself cannot help you distinguish between those two cases.
The good part is that in both cases, if the signature is invalid you shouldn’t use the file/ISO.

On the other hand, file signatures can prove that a file has not been tampered with (goal 2). If the signature is valid, then the file hasn’t been tampered with (and there has been no error when downloading or copying the file). In that case, it doesn’t matter if the file was downloaded through an insecure or untrusted network, the file is exactly what is should be, otherwise the signature would be invalid.

Now, you need to trust the system on which you check the signatures, if the system is not trustworthy, then the signature check is not trustworthy either and there isn’t much you can do about that except checking the signatures in a different system that you can trust. (That’s explained in the documentation that @apparatus linked above.)

When installing Qubes OS, it’s usually (goal 2) that you’re interested in. :slightly_smiling_face:

1 Like

I just mean a computer at a local public library. Using a computer and network that is categorically different than my home computer/network (public-use “utility” managed by an organization vs consumer product meant for an individual) makes it less likely that both have been tampered with in the same way.

Though as I unfortunately learned the hard way, bandwidth expectations on their network are much more restrictive than my home network - reasonable considering the number of computers they have. So it’s better to just download the hash file from the library and get the ISO locally.


Interesting :thinking:.