Kicksecure for Default Template?

kzlz · March 5, 2023, 3:17am

I’m using debian-11 in Qubes OS as my default TemplateVM and it occurred to me that this would be more secure if it is Kicksecure.
In that case, do I just distromorph the debian-11’s TemplateVM, or should I clone the whonix-ws-16 TemplateVM, name it Kicksecure, and set it as default?
Has anyone done the same thing? Did you encounter any problems?
Do you think this is a good idea?

BEBF738VD · March 5, 2023, 8:56am

Clone debian-11 (or debian-11-minimal) and morph the clone. You may still need the clean template.

kzlz · March 7, 2023, 10:39am

Does it cause any problems if I use the Kicksecure TemplateVM for service qubes like sys-net or sys-firewall?

BEBF738VD · March 7, 2023, 11:06am

I haven’t encountered any issues with ks on service vms. You should be ok.

kzlz · March 7, 2023, 11:12am

Thank you

BEBF738VD · March 7, 2023, 11:35am

No problem mate, if the question is resolved please mark it as such (select a solution).

unman · March 7, 2023, 3:42pm

As far as I know kicksecure is experimental, pre-release, and has not been audited in
any way.

PostedPortal · December 7, 2023, 12:10am

just curious… if its not audited then why is it used in whonix?

adw · December 7, 2023, 8:34am

That question might be more likely to receive an authoritative answer on the Whonix Forums.

adrelanos · February 14, 2025, 1:45am

Correct at the time of writing.

Update: See website for latest status.

See: