What are the supply chain security risks surrounding the linux kernel? Is the linux kernel even safe to be using at all?
Could the Linux kernel have malicious software libraries or microcode?
How would a supply chain attack on the Linux kernel occur?
Is the Linux kernel built reproducibly?
Why should the Linux kernel in QubesOS be trusted not to be maliciously modified?
Every Qubes-related components are open source and hosted on Github/Gitlab.
These components are also built publicly too using Gitlab CI and tested using OpenQA.
When it comes to the kernel, the full build process is visible. Example with kernel 6.1.62.