Qubes OS

A reasonably secure operating system. Security through compartmentalization using Xen virtual machines.

Overview

Why Qubes OS?

• Compartmentalization - Every activity runs in its own isolated VM (qube). A compromised browser cannot access your files, email, or other qubes.
• Security by isolation - Even if malware infects one qube, it is trapped there. Other qubes and the hypervisor remain unaffected.
• Color-coded trust levels - Assign colors to qubes (red=untrusted, green=trusted, etc.). Window borders show the color so you always know what trust level you're in.
• Whonix integration - Built-in Whonix qubes route traffic through Tor. Use them alongside your regular qubes.
• Disposable qubes - Spawn a temporary VM for risky tasks. It is destroyed completely when closed.
• Endorsed by experts - Recommended by Edward Snowden, the Freedom of the Press Foundation, and security researchers worldwide

How Qubes Works

• dom0 - The administrative domain. Runs the desktop (XFCE), manages all qubes. Has no network access for security.
• Template qubes - Base images (Fedora, Debian) where you install software. Changes propagate to qubes based on that template.
• App qubes - Where you actually work. Based on a template but with their own persistent home directory. e.g., "work", "personal", "banking".
• Disposable qubes - Ephemeral VMs that are destroyed when closed. Perfect for opening untrusted files or links.
• Service qubes - sys-net (networking), sys-firewall (firewall), sys-usb (USB handling). Network traffic flows through a chain of qubes.

Package Management

Package management in Qubes happens inside template qubes. Each template uses its own package manager.

# Install software in a Fedora template qube
# (Open a terminal in the template, not the app qube)
sudo dnf install firefox thunderbird

# Install software in a Debian template qube
sudo apt update && sudo apt install firefox-esr thunderbird

# After installing in the template, shut it down
# The software will be available in all app qubes based on that template

# Update a Fedora template
sudo dnf update

# Update a Debian template
sudo apt update && sudo apt full-upgrade

Qubes-Specific Commands

# List all qubes
qvm-ls

# Start / shutdown a qube
qvm-start work
qvm-shutdown work

# Create a new app qube
qvm-create --template fedora-39 --label green work-project

# Run a command in a qube from dom0
qvm-run work "firefox https://example.com"

# Copy a file between qubes (uses secure inter-qube copy)
qvm-copy-to-vm target-qube /path/to/file

# Open a file in a disposable qube
qvm-open-in-dvm suspicious-file.pdf

# Clone a qube
qvm-clone work work-backup

# Set a qube's networking
qvm-prefs work netvm sys-whonix    # Route through Tor
qvm-prefs work netvm sys-firewall  # Normal networking
qvm-prefs work netvm none          # No network

Common Qube Layouts

# A typical security-conscious setup:
#
# [vault]      - Offline qube for passwords, GPG keys (no network)
# [personal]   - Personal browsing, social media
# [work]       - Work email, documents, code
# [banking]    - Banking and financial sites only
# [untrusted]  - Random browsing, untrusted downloads
# [whonix-ws]  - Tor-routed browsing via Whonix
# [disposable] - One-off tasks, opening sketchy PDFs

Tips

• Install software in templates, do work in app qubes. Never install software directly in app qubes (it won't persist across template updates).
• Use disposable qubes liberally. Opening a PDF from the internet? Do it in a disposable.
• Keep a vault qube with no network access for passwords, GPG keys, and sensitive documents
• Route sensitive qubes through sys-whonix for Tor-based anonymity
• Use split GPG to keep your private keys in an offline qube while signing from other qubes
• dom0 should never be connected to the internet. Only update it through the Qubes updater.
• Expect to use 16 GB+ RAM. Each running qube consumes memory. Close qubes you aren't using.
• The Qubes documentation (qubes-os.org/doc/) is thorough. Read the "Getting Started" guide first.