Qubes Kernel Modules

Are there any other kernel modules other than the netback/netfront kernel module drivers in sys-net and
sys-firewall which could result in a breach of the entire Qubes security architecture? Are there other kernel modules within sys-net/firewall which use the same netback/netfront (client/server) model?


sure thing; here it is:

not FUD at all.


Come to think of it haven’t seen any documentation pertaining to the security of the Qubes kernel itself.

not all vulnerabilities are published as nice easy to find CVEs my friend, same goes for exploits. I mean thats what 0days effectively are, they are security vulnerabilities that only a small group of people or a single person is aware even exists.


I had never considered that the kernel would be the best place to start, Thomas Leonard pushed us in the right direction.

Because Qubes is supposed to have above average security right? I had never considered they would have kernel accessible code running on a VM connected to the internet which is supposed to be untrusted.

It makes me wonder if the Qubes kernel should be replaced with a MirageOS unikernel (which is coded in OCaml).

OCaml can also be compiled into coq-of-ocaml, which can be formally verified.