Quick question about security critical code

Is third party firmware considered “security critical”?

There are some firmware that is required to be installed in dom0 (linux-firmware). Are they trusted or untrusted?

Which firmware exactly do you mean? Most hardware should not be connected to dom0, see How to use devices | Qubes OS.

Also, whether some firmware is trusted or not, is your own decision, depending on your threat model and hardware. Perhaps if you name the latter, the Community might help you but no one should decide it for you.

Related reading

(I’ve made the title more explicit)

Yeah. I have read the page before and the page failed to mention third-party firmwares. However some of them are obviously installed into dom0 and loaded on booting. That is the reason why I raised this question.

isn’t in this section ?

Security-critical Third-party Components

Third party firmware that are loaded in dom0 is neither Xen hypervisor (1) , xenstore (2), Xen’s block backend (3), rpm (4), and log viewing software (5). That is what confuses me.