From what I understand, Qubes entirely relies on the hypervisor for security. My issue is that it leaves me with a single point of failure. AFAIK Qubes doesn’t automatically harden the Linux distributions it uses by default (Fedora, Debian, Whonix) so I’m thinking of hardening it myself. But this leaves me with a few questions.
Are there any tips/tools I can use to prevent or mitigate the effects of a Xen 0day?
Should I try to harden dom0? Even if it means installing additional software to do so?
Are there any good guides on hardening Linux distributions, especially the ones used in Qubes by default? (Fedora, Debian, Whonix)