2022-08-06 19:45:00 -04:00
---
layout: default1
2022-09-02 07:17:25 -04:00
description: For Qubes OS
2022-09-18 15:57:57 -04:00
title: Qubes OS
2022-08-06 19:48:45 -04:00
permalink: /qubes
2022-08-06 19:45:00 -04:00
---
< div style = "text-align:center;" >
2022-09-02 07:17:25 -04:00
A collection of Qubes OS-related information.
2022-08-06 19:45:00 -04:00
< / div >
< br >
2022-11-12 23:03:50 -05:00
Website: [https://qubes-os.org ](https://qubes-os.org ) < button type = "button" class = "btn btn-default btn-xs" >< a href = "http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/" > Tor</ a ></ button >
2022-09-18 15:57:57 -04:00
< br >
2022-08-06 19:45:00 -04:00
#### Table of contents:
2022-12-06 11:54:36 -05:00
-\>> [Best Practices ](#best-practices ) < br >
2022-08-06 19:45:00 -04:00
-\>> [Template Setup ](#template-setup ) < br >
- -\> *[Debian](#debian)* < br >
- -\> *[Security](#debian-security)* < br >
- -\> *[Fedora](#fedora)* < br >
- -\> *[Upgrading Fedora](#upgrading-fedora)* < br >
2022-12-06 11:54:36 -05:00
- -\> *[Whonix](#whonix)* < br >
2022-08-31 19:50:40 -04:00
-\>> [Links & Resources ](#links--resources ) < br >
2022-10-05 19:35:01 -04:00
- -\> *[Customizations](#customizations)* < br >
2022-08-31 19:50:40 -04:00
- -\> *[Guides](#guides)* < br >
2022-10-05 19:35:01 -04:00
- -\> *[Templates](#templates)* < br >
2022-08-31 19:50:40 -04:00
- -\> *[Wiki](#wiki)* < br >
2022-12-06 11:54:36 -05:00
< br >
### Best Practices
- All repositories should be routed over Tor and [onionized ](https://anonymousland.org/#onionizing-repositories )
- Each application should be installed in its own separate minimal template Qube (provided your system has applicable resources for such)
- `sys-usb` should be configured on a laptop
- Avoid using `sleep` on a Qubes system
2022-12-20 14:52:19 -05:00
- Read all of the Qubes documentation
2022-12-06 11:54:36 -05:00
- Frequently visit the Qubes forums
- Consider creating a shutdown script / shortcut
- Consider if you would benefit by creating backups of your Qubes system
- Update frequently
2022-12-06 11:56:00 -05:00
- Harden Qubes if applicable (Debian kicksecure, Fedora CORP hardened-malloc, etc.)
2022-12-06 11:54:36 -05:00
2022-08-06 19:45:00 -04:00
< br >
### Template Setup
Small notes for template setup
< br >
#### Debian
Running in Dom0:
```
sudo qubes-dom0-update qubes-template-debian-11-minimal
```
2022-08-29 22:48:36 -04:00
```
qvm-run --pass-io -u root template-debian-11-minimal 'apt instal qubes-core-agent-passwordless-root'
```
2022-08-06 19:45:00 -04:00
Running inside the template:
```
sudo apt update
```
Installing packages
```
2022-08-31 19:50:40 -04:00
sudo apt install qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git apt-transport-tor curl
2022-08-06 19:45:00 -04:00
```
Configuring git proxy
```
2022-08-12 13:12:22 -04:00
git config --global http.proxy http://127.0.0.1:8082/
2022-08-06 19:45:00 -04:00
```
< br >
#### Debian Security
2022-08-31 19:50:40 -04:00
```
sudo apt-get install grub2 qubes-kernel-vm-support
```
```
sudo apt-get -t bullseye-backports --no-install-recommends install linux-image-amd64 linux-headers-amd64
```
```
2022-09-02 16:44:58 -04:00
sudo grub-install /dev/xvda
2022-08-31 19:50:40 -04:00
```
2022-08-07 09:28:46 -04:00
Adding the Kicksecure repository:
2022-08-06 19:45:00 -04:00
```
curl --proxy http://127.0.0.1:8082/ --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.kicksecure.com/derivative.asc
```
```
sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc
```
```
echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
```
2022-08-07 09:28:46 -04:00
Installing Kicksecure package:
2022-08-06 19:45:00 -04:00
2022-08-07 09:28:46 -04:00
``kicksecure-qubes-cli`` and ``kicksecure-qubes-gui`` are available.
```
sudo apt install --no-install-recommends kicksecure-qubes-cli
```
Installing LKRG:
2022-08-06 19:45:00 -04:00
```
2022-08-31 19:50:40 -04:00
sudo apt install --no-install-recommends lkrg-dkms
2022-08-06 19:48:45 -04:00
2022-08-06 19:45:00 -04:00
```
Enabling Hardened Malloc:
```
2022-08-07 09:51:15 -04:00
echo "/usr/lib/libhardened_malloc.so/libhardened_malloc.so" | sudo tee /etc/ld.so.preload
2022-08-06 19:45:00 -04:00
```
< br >
#### Fedora
Running in Dom0:
```
sudo qubes-dom0-update qubes-template-fedora-36-minimal
```
2022-08-29 22:49:13 -04:00
```
qvm-run --pass-io -u root template-fedora-36-minimal 'apt instal qubes-core-agent-passwordless-root'
```
2022-08-06 19:45:00 -04:00
Running inside the template:
```
sudo dnf update
```
Installing packages
```
2022-08-31 19:50:40 -04:00
sudo dnf install qubes-core-agent-passwordless-root qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git
2022-08-06 19:45:00 -04:00
```
Configuring git proxy
```
2022-08-12 13:12:22 -04:00
git config --global http.proxy http://127.0.0.1:8082/
2022-08-06 19:45:00 -04:00
```
< br >
#### Upgrading Fedora
Running in Dom0:
```
qvm-clone fedora-35 fedora-36
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
truncate -s 5GB /var/tmp/template-upgrade-cache.img
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
qvm-run -a fedora-36 gnome-terminal
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img)
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
2022-08-31 19:50:40 -04:00
```
2022-08-12 13:12:22 -04:00
qvm-block attach fedora-36 dom0:${dev##*/}
2022-08-06 19:45:00 -04:00
```
Running inside Fedora-36:
```
sudo mkfs.ext4 /dev/xvdi
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
sudo mount /dev/xvdi /mnt/removable
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
sudo dnf clean all
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
sudo dnf --releasever=36--setopt=cachedir=/mnt/removable --best --allowerasing distro-sync
```
Running inside Dom0:
```
qvm-shutdown fedora-36
2022-08-31 19:50:40 -04:00
```
```
2022-08-06 19:45:00 -04:00
sudo losetup -d $dev
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
2022-08-31 19:50:40 -04:00
```
2022-08-06 19:45:00 -04:00
rm /var/tmp/template-upgrade-cache.img
2022-08-31 19:50:40 -04:00
```
< br >
2022-12-06 11:54:36 -05:00
#### Whonix
Whonix-GW and Whonix-WS should be upgraded via:
```
upgrade-nonroot
```
Installing LKRG:
```
sudo apt install --no-install-recommends lkrg-dkms
```
Enabling Hardened Malloc:
```
echo "/usr/lib/libhardened_malloc.so/libhardened_malloc.so" | sudo tee /etc/ld.so.preload
```
< br >
2022-08-31 19:50:40 -04:00
### Links & Resources
2022-11-13 00:13:27 -05:00
- [qpowerkill ](https://github.com/NobodySpecial256/qpowerkill )
2022-08-31 19:50:40 -04:00
- [Qubes for security auditing ](https://forum.qubes-os.org/t/qubes-for-organizational-security-auditing-talk-notes/199 )
2022-10-03 22:58:27 -04:00
- [Qubes-lite with KVM and Wayland ](https://roscidus.com/blog/blog/2021/03/07/qubes-lite-with-kvm-and-wayland/ )
2022-08-31 19:50:40 -04:00
< br >
2022-10-05 19:35:01 -04:00
#### Customizations
2022-12-05 14:34:09 -05:00
2022-10-05 19:35:01 -04:00
- [Wallpapers ](https://forum.qubes-os.org/t/qubes-os-wallpapers/2819 )
- [KDE ](https://forum.qubes-os.org/t/kde-changing-the-way-you-use-qubes/4730 )
- [XFCE Global Dark Mode ](https://forum.qubes-os.org/t/guide-xfce-global-dark-mode-in-qubes-4-0-4-1/10757 )
2022-10-06 18:30:39 -04:00
< br >
2022-08-31 19:50:40 -04:00
#### Guides
2022-12-05 14:26:50 -05:00
- [Fom’ s giant list of Qubes OS workarounds, tweaks and shenanigans ](https://forum.qubes-os.org/t/fom-s-giant-list-of-qubes-os-workarounds-tweaks-and-shenanigans/15162 )
2022-08-31 19:50:40 -04:00
- [Fully ephemeral dispvms ](https://forum.qubes-os.org/t/fully-ephemeral-dispvms/12030 )
- [Opening all files in disposable qube ](https://forum.qubes-os.org/t/opening-all-files-in-disposable-qube/4674 )
- [Kicksecure Guide ](https://forum.qubes-os.org/t/guide-kicksecure-for-disp-sys/13324 )
2022-09-03 10:24:21 -04:00
- [Qubes OS installation encrypted boot and header ](https://forum.qubes-os.org/t/qubes-os-installation-detached-encrypted-boot-and-header/6205 )
2022-08-31 20:38:01 -04:00
2022-10-05 19:35:01 -04:00
- [Trezor Bridge in 4.1 ](https://forum.qubes-os.org/t/how-to-set-up-the-trezor-bridge-in-4-1/11103 )
- [split-ProtonMail ](https://forum.qubes-os.org/t/guide-split-protonmail-offline-send-receive-qubes-pm-bridge-vm/11096 )
- [How to create an Android Qube ](https://forum.qubes-os.org/t/how-to-create-an-android-qube/8467 )
2022-08-31 19:50:40 -04:00
< br >
2022-10-05 19:35:01 -04:00
#### Templates
- [Windows ](https://github.com/elliotkillick/qvm-create-windows-qube )
- [Minimal ](https://www.qubes-os.org/doc/templates/minimal/ )
2022-10-06 18:30:39 -04:00
< br >
2022-08-31 19:50:40 -04:00
#### Wiki
2022-11-12 23:03:50 -05:00
- [Hardened-Kernel ](https://www.kicksecure.com/wiki/Hardened-kernel ) < button type = "button" class = "btn btn-default btn-xs" >< a href = "http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/wiki/Hardened-kernel" > Tor</ a ></ button >
2022-08-31 19:50:40 -04:00
2022-11-12 23:03:50 -05:00
- [VM Fingerprinting ](https://www.whonix.org/wiki/VM_Fingerprinting ) < button type = "button" class = "btn btn-default btn-xs" >< a href = "http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/wiki/VM_Fingerprinting" > Tor</ a ></ button >