Kicksecure for Default Template?

I’m using debian-11 in Qubes OS as my default TemplateVM and it occurred to me that this would be more secure if it is Kicksecure.
In that case, do I just distromorph the debian-11’s TemplateVM, or should I clone the whonix-ws-16 TemplateVM, name it Kicksecure, and set it as default?
Has anyone done the same thing? Did you encounter any problems?
Do you think this is a good idea?

2 Likes

Clone debian-11 (or debian-11-minimal) and morph the clone. You may still need the clean template.

2 Likes

Does it cause any problems if I use the Kicksecure TemplateVM for service qubes like sys-net or sys-firewall?

2 Likes

I haven’t encountered any issues with ks on service vms. You should be ok.

2 Likes

Thank you :smiley:

1 Like

No problem mate, if the question is resolved please mark it as such (select a solution).

1 Like

As far as I know kicksecure is experimental, pre-release, and has not been audited in
any way.

4 Likes

just curious… if its not audited then why is it used in whonix?

2 Likes

That question might be more likely to receive an authoritative answer on the Whonix Forums.

3 Likes

Correct at the time of writing.

Update: See website for latest status.

See:

2 Likes