KDE lock screen is not as secure on X11

Dropping it here, as I’m super new to Linux and Qubes and not really sure what is what and would like to hear what you have to say, especially @unman as he’s using KDE and part of the team.

Basically, because Qubes uses x11 instead of wayland, the lock screen isn’t as secure as with wayland.

proof: Reddit - Dive into anything

Disclaimer: I worked on the lockscreen implementation, thus my answer may be opinionated.

Your idea in general isn’t and cannot be secure. Detecting when the screen wakes up is too late. Plasma locks the screen before going to suspend. You could fix that by doing the same dance as kscreenlocker does, but that is out of the scope of a script.

Furthermore one of the tasks of a lockscreen is to ensure, that one cannot just kill the lockscreen. sddm isn’t meant for that task and doesn’t protect against it. On X11 it would be necessary to grab keyboard and mouse and do a dance to be the topmost window. That is difficult and error prone and one of the reasons why a lockscreen cannot be secure on X11. On Wayland the compositor takes care of the security by starting kscreenlocker. It is basically impossible to get sddm running like that.