Qubes Overview

Qubes is an open-sourced, security-centric Linux distribution operating system. Qubes effectively utilizes Xen-based virtualization for the creation of isolated virtual machines using Paravirtual (PV) or Hardware Virtual Machine (HVM) virtualization. These virtual machines (VMs), referred to as “qubes,” aim to decrease the damage done if one of them becomes compromised by dividing them into separate security domains.  For example, you would have a separate qube (VM) for insecure browsing, another for work-related tasks, and personal use and data, with each one  having its assigned level-of-trust. Some other features offered include:

• Use of multiple operating systems (Debian, Fedora, and Windows)
• Creation of disposable VMs
• Whonix integration
• Private key security with Split GPG

Qubes uses 5 levels of trust to differentiate between operating functions from “Safe and ultimately trusted” (level 5) to “Unsafe and untrusted” (level 1)

• Xen Hypervisor, AdminVM: level 5
• GuiVM, TemplateVMs, AppVM2: level 4
• Sys-firewall VM: level 3
• AppVM1 (OS & user applications): level 2
• sys-USB VM, Sys-net VM: level 1

For more information please refer to the Qubes website here

Verify Hardware Requirements

Qubes has very specific hardware requirements which can be found here. Successful installation has been accomplished on our FW6s and VP4630 which support VT-d and VT-x.

Note: With UEFI BIOS, legacy mode must be selected. Coreboot is also supported by Qubes.

Install Qubes

As of 8/2022, Qubes 4.1.1 is the most recent release and can be downloaded here. Note: Qubes 4.0.4 and all prior releases up to Qubes 4 including 3.2.1, 3.1, 3.0, live USB (alpha), Qubes 2 and Qubes 1 are all old and unsupported releases and Qubes strongly advise upgrading to 4.1.1 in order to receive the latest security updates.

Qubes 4.1.1 is the most recent release and can be downloaded here

Burn the Installation Image to a USB Drive

An easy way to create a bootable USB device is to use software such as balenaEtcher or Rufus. With Rufus, please note that it must be written in DD image mode.

Note: For a link on how to create a bootable USB please refer to our Knowledge base Article here

Install the Operating System on the Vault

Once the Qubes installation USB drive has been created, it is ready to be installed on the Vault.

• Verify the Vault is powered down.
• Verify the monitor is connected.
• Verify the USB keyboard is plugged in.
• Verify an Ethernet connection is in the “WAN” port that is connected to a DHCP server.
• Insert the USB install drive into a USB port on the Vault.
• While powering up the Vault, press “F11” key until it boots to the BIOS and you see the boot options screen.
• Select the USB drive to boot from.
• On the boot screen, select the Test this media & install Qubes option.
• When the installer screen appears, select your language preference.
• On the Installation summary screen, select appropriate installation configuration settings for Localization, Software, System, Root Account and User Account for installation destination. Select Done after making selections.
• Enter a passphrase for disk encryption (optional)
• Select Begin Installation.
• After installation is complete, select Reboot.
• Enter your encryption passphrase when prompted (if added during installation).
• At the Initial Setup screen, select Qubes OS. This creates the initial qubes. There are a number of defaults already selected. For an option description, please refer to the Qubes Install Guide here.
• Select Done after making configuration selection and this will start the final process.
• After the configuration is done, this ends the final Qubes installation process.

*The Qubes website provides additional information for install and can be found here

Qubes Compatibility

Qubes has been successfully installed on the Protectli Vaults.