Not to derail the convo, but this sounds scary:
“In Qubes, NetVM acts as netback to FirewallVM, which acts as a netback in turn to its clients. But in Qubes, NetVM is supposed to be untrusted! So, we have code running in kernel mode in the (trusted) FirewallVM that is talking to and trusting the (untrusted) NetVM!”
This post is from 2016. Has there been some patches to alleviate such described scenario?
Also, if MirageOS is lighter on RAM and, if, it is “safer” why is not being deployed in QubesOS by default?