What I don't like in Qubes OS

drtduit · October 9, 2022, 5:51am

I created the thread referring to the thread “Why I use Qubes” and my last post there. So that everyone can express in the new thread what they do not like in the Qubes system and what bothers them, as well as what problems are noticed and ignored by creators like this with more colors (really we need make x issues and pools for COLORS to show creators that it’s really needed?).

Szewcu · October 9, 2022, 7:47am

Personally I don’t like:

lack of Yubikey support for decrypting LUKS system partition (even when there is an “insecure” option that allows usb keybord during boot so adding yubikey can be only more secure then just typing a password when bootloader is exposed to usb anyway)
lack of any integration with such old technology as secureboot
that conversion most of drive .img into hvms fails, and there is no other way too boot .img file

drtduit · October 9, 2022, 8:14am

@Szewcu I understand you perfectly. I am bothered by the basic errors of the installer on little newer equipment and the lack of extensive HVM capabilities, e.g. for taking snapshots as it is in Virtualbox.

Szewcu · October 9, 2022, 8:52am

For 2 first points on my list I know that there are some plans to add it but I don’t know if they are on the roadmap for now. As for HVMs I’m feel that it is out of the scope.

aronowski · October 9, 2022, 9:41am

Any?

While I haven’t tested Qubes OS with Secure Boot, I did tinker a lot when it comes to implementing Secure Boot in the Enterprise Linux family.

I wouldn’t be surprised if one could implement Secure Boot themselves by enrolling their own certificates and signing a shim with them rather than just having the default certificates and having Microsoft sign a shim.

That’s just a wild guess, please correct me if I’m wrong.

Szewcu · October 9, 2022, 10:36am

Secure boot support · Issue #4371 · QubesOS/qubes-issues · GitHub it is still an open issue, and looks more like personal initiative of community devs then something on the roadmap according to tags. I just recall:

And Yes, I will love to have Heads on my Lenovo Legion but I would have to port it myself, and secureboot is shiped with almost all modern laptops.

enmus · October 10, 2022, 1:00am

I don’t like lack of devs in Qubes.

qub411 · October 10, 2022, 2:21am

I don’t like that the current stability of Qubes seems compromised and is making normal workflow difficult: