Initial setup was smooth, the anaconda integration worked great and post-install provided a flawless ready to use environment.
System runs well, Qube tools, in particular Qube Manager is comprehensive and rock solid, community templates for popular distributions (except maybe NixOS) seem to be ubiquitous. Even MS Windows PV guest support has been fully integrated. tor/Whonix/ support out of the box, nice.
All of this is amazing and if i had a spare machine just sitting there waiting to be used as a self contained security research environment i would be in delight and look no further.
Fact is I arrived at Qubes through research into setting up a flexible daily driver laptop with a minimal, relatively immutable, robust, hardened, very simple to redeploy Dom0 (was last looking at Alpine/XEN) on which I would run guests for doing actual things in, anything from 2-3 “daily drivers” to on demand disposables and a local storage cache. (Imagine if you will an Ubuntu to run Flatpaks, a Windows Machine for proprietary software, a daily use “general” development/tinkering machine, a machine for playing with/learning embedded rust, an entertainment machine, a network/firewall/private network routing machine providing usecase specific bridges [the classic personal vpn, infra vpn, clearnet, etc…], a storage machine with a remotely replicated file dump serving “local” use over virtio-fs, SMB, NFS, ftp…, a management host, of course also the option to spin up disposables from simple templates and so on …) in order to get the vastly increasing and problematic divergence of software stacks that are prevalent nowadays under control.
And last but far from least to control the struggle of settling on and maintaining a single, machine specific mutable and persistent daily driver all-purpose OS environment without accumulating crud and security concerns over time, which seems nigh on impossible these days anyway. I’m an old dog who used to multitask on DR-DOS, listening to music on inertia tracker while having xpost and turbo C open… I’ve lived through the early Xen days and was an avid early adopter… All I want is a useable system that I control and that doesn’t eat my free time for dinner.
Basically, infrastructure in a box, including the “head” as in GUI/USB/BT/Wifi etc.
My pipe dream was to run a headless Dom0 and have some scripts that take care of device mapping, including the singular iGPU, USB controllers, etc… to the machine that is currently “on the desktop” with the option to manage and access other machines from that “foreground” machine as required through the host network. I realize it is probably not possible, from my understanding, to leverage paravirtualization between co-guest machines (e.g. graphics, audio) but that’s fine (however it might be an interesting topic to explore).
This problem of “sorting out the divergent mess”, which started sometime around 15 years ago, gave us great things like NixOS and Flatpak and dockerhub, and, well, oh my, would I like to get out and still be able to pursue my interests without lugging around and, eris forbid, maintaining, 2-4 physical machines…
Qubes seems to be doing this very well, but it is hindered by its own motivation.
My USB keyboard does not work for unlocking the FDE, presumably because of security considerations in the configuration of grub/initrd, my dual mode mouse works for about 2 seconds then stops responding (everything seems fine and i have no idea how to start debugging the internals, e.g. how to check if the problem is in sys-usb on a driver level or in Dom0’s qubes-guid or anywhere inbetween. I have resorted to using an old cheap office mouse I still had around for now, it just works), my bluetooth trackball hasn’t even been touched because i can’t get bluetooth integration to work (i scrounged the forum, did things which seemed reasonable and worked fine but have achieved no visible progress and am now too scared to make the 53rd “how to bluetooth” post), I have yet to figure out how to access USB block devices (I can map them to qubes alright, but they don’t show up), I would like to use seamless bluetooth audio, …
Now, conceptually, isolation is a great thing for security, but so is immutability. I wonder if a shift in focus towards individually configured immutable service qubes could solve those issues. It certainly would require making the setup of service qubes more accessible - e.g. shipping a builder that enables average users to roll their own sys-usb and so on.
But for now, I wonder if I should invest in bending Qubes to my needs or installing an alpine based minimal Dom0 and hand-roll from there. I really wish I knew what would work out better for me.
Nevertheless, this project is pretty cool and thinking about all of this has really allowed me to appreciate how much work went into this.
However, consider this: Targeted technical attacks are very rare. Most people fail on OpSec. There is no alternative to hardening and best practices, especially in the browser. Is it better to have an accessible, reasonably isolated immutable system or a cumbersome highly isolated system that will be fiddled with and bypassed left and right by people that just desperately want to get their headset working? There seems to be an open perspective.
It certainly is a journey. Let’s see how it pans out, how long I can cope with my mouse not working and dismissing bluetooth until I have another free evening to look into it.