Hello, I want to discuss my specific use case that requires a dual boot configuration and some measures that I am putting in place to secure it. Any suggestions would be greatly welcomed. This will likely be a lengthy post, so please bear with me.
To begin, I’ve read similar posts and the documentation on this topic before posting so I don’t want to retread ground that’s already been covered. Yes, a dual boot between Qubes and an insecure OS is not a good idea 99% of the time. So to anyone who doesn’t have a very specific reason for doing so, do not do it. Beyond the security implications, it will save you a lot of headache.
Now, what’s my use case then? I’m a cybersecurity student and my university has proctored exams that only work on Windows. The exam software will fail you if it detects virtualization. This means I have to keep Windows just for these exams. However, I really would like to install Qubes both as a learning tool and my primary OS for security reasons. Buying a second computer is out of the question financially for me at the time. This greatly limits my options, but I’ve made the decision that dual booting is the way to go over a live USB, or host VM (Qubes of course uses Xen, which is a Type 1 hypervisor; Windows running Qubes in a VM seems very insecure as well).
I haven’t installed Qubes yet, but I’ve already taken many of these steps to move to it as my primary OS and ensure it will be as secure as possible given the circumstances. In no particular order:
1.) Backup important files (pictures, documents, etc.) to external USB drive.
2.) Partition Windows disk by shrinking the volume to make room for Qubes.
3.) Delete ALL unnecessary programs, disable ALL unnecessary services, delete ALL files that have been backed up or are no longer needed, block internet access to every program not necessary using simplewall (including telemetry, update, and UWP apps, only disabled once a week to check for updates).
this is because I will only be using Windows to take exams, reduces attack surface
4.) Set UEFI/BIOs password to secure access to firmware settings. This is important because I will have to turn secure boot off to install Qubes, and my HP laptop is incompatible with coreboot and other open source firmwares.
5.) Keep firmware and both operating systems updated regularly after installation.
6.) Encrypt Windows partition with Bitlocker AFTER installing Qubes (to avoid potential install issues), encrypt Qubes with LUKS.
7.) Disable network boot and other unused options in UEFI.
8.) After installing Qubes, perform regular data backups.
9.) Use Windows ONLY for taking exams.
10.) Use VPN and firewall on both operating systems.
Security Risks:
Transferring files - To make Qubes my primary OS, there are files that I need to transfer from Windows, bringing the risk of cross contamination.
Secure boot disabled - Disabling secure boot to install Qubes presents a vulnerability for potential threats to take advantage of, which could be allayed by something like Libreboot or Heads but…
Proprietary firmware - Classic HP and their terrible proprietary systems… I’m using an Omen 15 laptop which is not compatible with coreboot, therefore not compatible with Heads or Libreboot. This means there is not alternative to secure boot (that I’m aware of) for firmware security.
These are all considerations that I’ve made going into this dual boot configuration, it definitely feels like something is missing and I would love to hear from any experienced Qubes experts here. I’m very new to Qubes and this forum. Thanks! 
