Qubes OS and Crypto safety

Hello!

I have some form of linux experience, but not much. Just heard about Qubes OS and I find it interesting when it comes to store crypto wallets seed phrases in the vault (since its always offline).

Is this a dumb idea?

Any other thougs around the subject?

Thanks :slight_smile:

Hi, welcome to the community! Yes, Qubes OS is probably the most secure OS, very much suitable for dealing with crypto. Perhaps only hardware wallets are better (and they should work on Qubes, too).

See also: What privacy/security minded cryptocurrency wallets work with Qubes?

Thanks alot :). And thats for the response :).

Just ordered a new SSD to test out Qubes OS. Getting it tomorrow ill guess. Spend the whole day today looking at YT videos, so im exited to get it :).

Havent found alot of info about the “vault” other than its offline? Would you store your seed phrase there, or is it kinda risky if the computer gets stolen?

Also thinking about the Librem 14 as I dont have a laptop today.

Any recommendations?


Hardware wallets looks nice, only thing is that I would see myself lose small stuff like that ;p.

For that reason you should in principle create a backup of your private key before writing it to the hardware wallet. And, optionally, have two identical wallets.

Happy user of Librem 15 here. I think that Librem 14 is a great choice with cool security features. See also: https://forum.qubes-os.org/t/hcl-librem-14-v1/4409. Some people on this forum are skeptical though.

“vault” is an offline-VM. One can indeed store secrets there with very low chance of getting them leaked. See Data Leaks though.

You should always have your hard drive encrypted (which is the default in Qubes OS). If you laptops gets stolen while it’s on then you are in trouble though. Per-VM encryption and Hidden AppVMs are not implemented yet.

2 Likes

By the way, not all videos about Qubes are accurate. See a good list here: Qubes OS Videos Megathread.

Thanks a lot again for good answers :).

Where would you recommend a newbie like me to start with the Qubes OS?

From my understanding the OS will be ready to use right after the installation?

Is “the vault” passwordprotected? :slight_smile:

I will only use the computer for cryptowallets and mails, will use my regular computer for everything else.

Do you know if Purism are coming with some new models soon?

The only model I can find on their website are the Librem 14 ( Purism– Librem 14), aint this model very old?

No necessarily dumb. I guess Qubes vault appvm without network is the closest option to offline computer.

Personally I don’t store any master keys, cold wallets and any of that stuff to Qubes. I’m practical with this. It’s a physical computer controlled and configured with software, so ultimately I don’t trust it. For the most valuable data, I have a separate physical computer without network.

2 Likes

The best start should ideally be the documentation. Qubes OS is a quite different system than the others and can only provide security if the user takes advantage of its secure design: Introduction | Qubes OS and Getting started | Qubes OS.

Yes, it creates the Vault VM, Personal VM, Work VM by default and is ready to be used.

Some people (like me) use Qubes OS as their daily driver, so you can always ask here for an advice.

No, because Qubes OS is not a multi-user system. Vault is protected from the other VMs but not from the user.

Librem 14 is the latest, very recent laptop model by Purism, with many improvements over earlier Librem 13 and Librem 15. These numbers don’t show the version but the screen size.

1 Like

Ok, thanks again for answers :).

Tried to install it, but after installing to an SSD and booting from the SSD im “Entering emergency mode” nothing happends from there.

Tried to install it on my regularing gaming pc, any tips? ;p

This should go to a separate thread, so others with the same problem could find the solution, too. Did you take a look here: Installation troubleshooting | Qubes OS?

Sounds like secure boot is enabled. You have to disable it