Outdated dom0, is it a problem?

fsflover · March 8, 2021, 9:55am

There are interesting questions about Qubes from a Hacker News discussion.

The part about the qubes dom0 being ‘outdated’ is worrying, because one of the important things to think about for good Xen linux-on-linux (PV) performance is to use a recent kernel on the dom0, and recent version of xen.

Even ultra conservative debian stable (buster, right now) uses something fairly up to date, and xen 4.11. I’d be concerned about using anything older than that.

I of course know about the FAQ, but this seems not to be covered by it.

Second question:

And if you are paranoid enough to need Qubes, then you want ECC memory to defend against side channel attacks.

Do these complains make sense?

427F11FD0FAA4B080123 · March 8, 2021, 2:12pm

I’m not an expert. I believe that having a more up to date Xen and Fedora in dom0 could help with performance, but let me just address two of the points you mention.

a recent kernel on the dom0

Qubes OS provides its own kernel for dom0, which is more recent than where the Fedora distro in dom0 stopped.

And if you are paranoid enough to need Qubes, then you want ECC memory to defend against side channel attacks.

I don’t know how ECC would help with side channel attacks. Perhaps this person was talking about row hammer attacks.