Qubes and Windows 11 multi-boot

I would like to use qubes for programming, studying and private things and I want to use windows 11 for gaming.
It seems like there is alot of things I must do or else dual booting them wont work. Also there seems to be potential security risks.
Can someone tell me all the security risks and preventing it. Also how do I dual boot them. I have qubes right now, downloaded but not windows.
I am aware of windows being untrustworthy, however, if I am only gaming and listening to music whilst following general security with vpns and not downloading anything potentially harmful does that make it fine for my aims?

1 Like
2 Likes

Do you think it’s better if I just use only windows on my primary device using other Linux distros as vms and get qubes on another computers aimed towards those areas where I need more security.

1 Like

I’m convinced that multibooting Qubes with other OSes is still a much more secure way of using your computer than giving Windows a full control. Especially if you use something like Heads to verify the integrity of your BIOS every boot.

2 Likes

Personally, I would use a dedicated computer for games with nothing of consequence on it. And another computer for Qubes.

It really depends on what you want/need. Perhaps booting Tails off a USB stick for privacy is what you’re really looking to try and not security-focused Qubes.

2 Likes

I’ve been thinking about also running vms on windows to learn and also try out other linux distros too. I assume it will run faster on windows (which I will debloat) so that will probably be a good idea to learn linux better since I would be on as OS I am already comfortable with.

1 Like

Would it make the OS’s tun slower because my drives will be holding 2 different systems?
So a system that multiboots qubes and windows would run said operating systems much slower than if it just had one of them on there.

1 Like

This will not slow down any of the operating systems installed, as there is always only one of them running. But consider the security implications!

2 Likes

If I do anything that needs security (client programming projects, dark web etc) I can use qubes. Otherwise, for (gaming, which I do rarely anyway, trying out other linux os in a vm and general use) I can use windows.
Either way, I will follow general security measures like using proxies or a vpn, not going on untrusted websites or anything where I must enable js or accept cookies on windows.
I saw that if dual booting them, it could compromise qubes through the bios. But if I don’t use windows for anything potentially dangerous and I use it safely, security shouldn’t be an issue, right?

1 Like

When it comes to security Windows 11 is a car crash. Dual booting isn’t a fix.

Are you certain security (Qubes) and not privacy (Tails) is what you need?

2 Likes

I need security, I do sometimes read articles around on the dark web for fun, but primarily, I want projects which I code for clients or for my own personal projects to be secure and not likely to be compromised.

I also want to game occasionally and use vm to practice Linux on windows, which I am more comfortable with. Linux mint is also a potential option, but windows is more like windows than linux mint, so it would probably be more comfortable for these things.

1 Like

So if (or when) Windows gets compromised, it can in principle compromise your /boot and BIOS, which in turn can compromise Qubes. This is definitely less likely than just being compromised on Windows though.

2 Likes

Run Qubes.
Use PassThru for grating a full gaming virtual.
Less issues and hassle for yourself.

Dual booting, if you want a secure system is meaningless.

If you have Windows on one drive, and another drive with Qubes, then Windows can still see Qubes and all the guests. It can see it all.

So saying that you want security, then dual-booting, is pointless.

If you want to dual boot, then have 2 drives. and turn off the ones you don’t want to have used each time you want to switch.

Or else do what I do, hot swap drives.

I unplug my Windows drives and plug in my Qubes drives.

So depending what I’m doing determines what I am plugging in.

But before I plug in my Qubes drives, I do boot to a specific USB drive that clears my RAM and anything in the CPU cache. Along with a few other things that I clean up. But you get the idea.
This maintains my security.

If you are willing to do this, then I see no issue with you having multiple systems running when you need them.

If you want Qubes, then gaming under Qubes, build yourself a gaming HVM.

I see no one has linked it through to you yet.

Here is the link that I have seen that has been linked to other people asking about things.

This should make things better for you, and easier.

It’s actually very very easy to get things going whichever way you go, whether it’s a GPU passthru or installing the OpenGL passthru system for accessing the parent GPU.

So it’s up to you. Gaming under Linux would be better if that’s what you want.

As for doing things with Linux, is easier under Qubes. Linux under Windows is silly. Windows under Linux is smarter. No Windows at all is smartest.
So, for gaming, just use Linux, run WINE or CROSSOVER or any of the things that are based on WINE which allow Windows things to run under Linux, natively.

2 Likes

If the Qubes drive is encrypted, Windows will just see that it is there, but not its contents - unless you stored the encryption passphrase somewhere where Windows can read it. But there are numerous ways to shoot oneself in the foot.

2 Likes

But you can update bios with scripts or windows update. You never know whats in automatic bios update.
We have problem with dell laptop. Latest bios have bugged disk drive functions. After update can’t load windows and linux loads 5 minutes. After that it works.

1 Like

If Windows can see it, it can decrypt it if you have spyware on there and only using Windows Defender. Saving passphrase or not, doesn’t matter.
Just a matter of time for the drive to be accessed.
Or else MS might just be accessing it because you gave them permission to.

I never allow the BIOS to automatically update, I get the drivers directly from the manufacturer and do it myself directly to the bios.

2 Likes

But on Dell and HP laptops you have BIOS automatic BIOS update routine and in windows there dell updater with administrator rights for automatic in background update.
Didn’t know that. Need to disable it by hand and some people have problem with that. Whatever they do that service had told them to do not works.

1 Like