Trying to implement a light VM based Qubes OS on OpenBSD (topic renamed)


EDIT: let me share my pet project, OpenKuBSD. The point is to see how I could recreate a similar Qubes OS experience using OpenBSD tooling. That’s not really a serious project now, but experimentations. This is very valuable since I started, I understand many design decisions done in Qubes OS, and make me regularly in awe for the good work done!

TLDR: the goal is to have an OpenBSD template (and Alpine later) to quickly create new Kubes (equivalent to AppVm with /home persistent), and be able to use ssh to run remote program on a dedicated local Xephyr server. No USB/PCI passthrough, no “netless VMs” in the plans. Not a new distro, just something to use on top of OpenBSD. NFS is used to exchange files between the host and a Kube, and then can be used to move a file from a Kube to another by using the host.

The current state is that I can create a template, generate Kubes, generate desktop entries in XFCE menu to run programs, handle starting + connection + running a program in a single command, NFS storage, persistent /home/. Dedicated X server per program, sharing clipboard tool.

TODO: firewall, VPN support to use a Kube as a net source like in Qubes OS

Here are some links:


Hi @solene, is there any specific reason why you’re asking this in the All Around Qubes category? It seems perfectly on topic for General Discussion and would be seen by more people there! :slightly_smiling_face:

This explains how it works.

1 Like

To be honest, I wasn’t very sure about the category :slight_smile: I changed it.

Thanks. There is something I don’t understand here, which channel is used to communicate the X memory from the xen guest to dom0? :thinking: I really can’t figure how dom0 tells the guest it can use a piece of memory, after that, I suppose the memory is shared through Xen between dom0 X and domU X

I don’t know how it works, but from what I understand it’s done using the Xen gntalloc to allocate the memory.

It would be good to explain what is your goal there. Someone might help better then.

I’m having fun making a lighter Qubes OS using OpenBSD (but really lighter, it’s a week end project). But using OpenBSD vmd as a VM hypervisor, I only found ssh forwarding to display GUI programs from the VMs, unfortunately ssh with trusted X11 works fine but isn’t secure at all, and without trusted X11 it’s super slow and not reliable.

So I was wondering how Qubes OS GUI displaying was working :slight_smile:

1 Like

Well, that’s great experiment. If I were you, I’d immediately change the topic title and category in order to better reflect your goal. And I think it would be great you to share your findings on the way,

Is it ok to share about my project on this discourse?


I updated the first post with links :slight_smile:

1 Like

Yes, Xen shared memory.

See the Qubes OS architecture, you will find the Architecure Spec v0.3 PDF file, in the 5th chapter you should read closely the 5.3 section.

Another good entries are the Qubes OS articles and the ITL blog.

The next is may be in qubes-gui-agent-linux.

1 Like


I found a nice solution using Xephyr for each remote program. Solène :flan_hacker:: "OpenKuBSD progress report! I've been able to fig…" - BSD Network

I had to write an extra tool to allow user to copy a clipboard from a Kube to another.

Video demo:


A summary of all the progress made since the beginning: Solene'% : OpenKuBSD progress report


Hi, thanks for working on OpenKuBSD, sounds promising, will definitetly try it. Your Blog is also helpfull and interesting. Have you seen GitHub - BawdyAnarchist/quBSD: A FreeBSD jails and bhyve wrapper; which emulates a Qubes-like containerization schema ?

I didn’t know about it, sounds interesting. I’ll certainly give it a try to learn about the implementation.

1 Like

This is maybe also interesting for you.
FreeBSD Jails for QubesOS isolation

1 Like

@gonzalo-bulnes are you a Qubes OS Forum moderator? :slightly_smiling_face:

The forum welcomes everyone to ensure the forum follows the Code of Conduct regardless of whether or not they are moderators. The key thing really is that regular users can only reply in the thread or use the :black_flag: button, while moderators can intervene directly and have some other tools. As far as I can see @gonzalo-bulnes has done great work in that regard.

If you feel mistreated in some way, or saw someone be mistreated, please don’t be open an out-of context reply in another thread. Instead flag the post where you believe you were mistreated, give some context and forum moderators will take a look. Please, engage with eachother in a positive way. If unhappy with how that went, there is always #feedback:forum-feedback.

Now, let’s keep this discussion and on-topic.