mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-01-24 13:41:28 -05:00
moved Getting Started & Research to site repo QubesOS/qubes-issues#1460
This commit is contained in:
Brennan Novak
parent
40c1312dad
commit
1ae209a64a
@ -1,120 +0,0 @@
|
||||
---
|
||||
layout: doc
|
||||
title: Getting Started
|
||||
permalink: /doc/getting-started/
|
||||
redirect_from:
|
||||
- /en/doc/getting-started/
|
||||
- /doc/GettingStarted/
|
||||
- /wiki/GettingStarted/
|
||||
---
|
||||
|
||||
Getting Started with Qubes OS
|
||||
=============================
|
||||
|
||||
Note: This guide assumes that you've just installed Qubes for the first time. The installation guide for your Qubes release can be found on the [Downloads](/downloads/) page.
|
||||
|
||||
Now that you've installed Qubes, let's cover some basic concepts.
|
||||
|
||||
AppVMs (Domains) and TemplateVMs
|
||||
--------------------------------
|
||||
|
||||
In Qubes, you run all your programs in **domains**. Domains are also called **AppVMs** because they're implemented as lightweight virtual machines (VMs). Not every app runs in its own VM. (That would be a big waste of resources!) Instead, each VM represents a *security domain* (e.g., "work," "personal," "banking," etc.). Each domain is based, by default, on a single, common **TemplateVM** (but you can create as many as you'd like). This means that when you create a new AppVM, you don't copy the whole root filesystem needed for this AppVM to work (which would include copying all the programs). Instead, each AppVM *shares* the root filesystem with its respective TemplateVM. An AppVM has read-only access to the filesystem of the Template on which it's based, so an AppVM cannot modify a TemplateVM in any way. This is important, as it means that if an AppVM is ever compromised, the TemplateVM on which it's based (and any other AppVMs based on that TemplateVM) will still be safe. This means that creating a large number of domains is cheap: Each one needs only as much disk space as is necessary to store its private files (e.g., the "home" folder).
|
||||
|
||||
If you've installed Qubes using the default options, a few domains have already been created for you:
|
||||
|
||||
- work
|
||||
- personal
|
||||
- untrusted
|
||||
|
||||
Each domain, apart from having a distinct name, is also assigned a **label**, which is one of several pre-defined colors. The trusted window manager uses these colors in order to draw window decorations (color frames) around the windows of applications running in each domain. These allow you to quickly and easily identify the trust level of a given window at a glance. It's totally up to you how you'd like to interpret these colors. Personally, I find it natural to associate red with that which is untrusted and dangerous (the “red light” -- stop! danger!), green with that which is safe and trusted, and yellow and orange with things in the middle. I've also extended this scheme to include blue and black, which I interpret as indicating progressively more trusted domains than green, with black being ultimately trusted.
|
||||
|
||||
|
||||
|
||||
In addition to AppVMs and TemplateVMs, there's one special domain called "dom0," which is where the Desktop Manager runs. This is where you log in to the system. Dom0 is more trusted than any other domain (including TemplateVMs and black-labeled domains). If dom0 were ever compromised, it would be Game Over<sup>TM</sup>. (The entire system would effectively be compromised.) Due to its overarching importance, dom0 has no network connectivity and is used only for running the Window and Desktop Managers. Dom0 shouldn't be used for anything else. In particular, [you should never run user applications in dom0](/doc/security-guidelines/#dom0-precautions). (That's what your AppVMs are for!)
|
||||
|
||||
Qubes VM Manager and Command Line Tools
|
||||
---------------------------------------
|
||||
|
||||
All aspects of the Qubes system can be controlled using command line tools run under a dom0 console. To open a console window in dom0, either go to Start-\>System Tools-\>Konsole or press Alt-F2 and type `konsole`.
|
||||
|
||||
Various command line tools are described as part of this guide, and the whole reference can be found [here](/doc/dom0-tools/).
|
||||
|
||||
|
||||
|
||||
Alternatively, you can use a rather intuitive GUI tool called **Qubes VM Manager**. It supports most of the functionality that command line tools provide. The Qubes VM Manager starts and opens automatically when Qubes starts up, but you can also start it by going to Start-\>System Tools-\>Qubes Manager. Once the Qubes VM Manager is running, you can open the window at any time by clicking on the Qubes tray icon, which typically resides in the bottom-right corner of the screen.
|
||||
|
||||
|
||||
|
||||
Starting Apps in Domains
|
||||
------------------------
|
||||
|
||||
Apps can be started either by using the shortcuts in the Desktop Manager's menu or by using the command line (i.e., a console running in dom0).
|
||||
|
||||
You can start apps directly from the start menu. Each domain has its own menu directory under the scheme **Domain: \<name\>**. After navigating into one of these directories, simply click on the application you'd like to start:
|
||||
|
||||
 
|
||||
|
||||
By default, each domain's menu contains only a few shortcuts. If you'd like to add more, simply click **Add more shortcuts...**, select the desired applications, and click **OK**. You can also add shortcuts manually. (This is sometimes necessary if the desired application doesn't show up in the Qubes VM Manager window.) To do this in KDE, right-click on the **Start** button and click **Menu Editor**. Click the domain directory in which you'd like the menu to appear, click **New Item**, enter its name as **\<domain name\>: \<app name\>**, and provide the command for starting the app (see below). Then click **Save** and wait approximately 15 seconds for the changes to propagate to the KDE menu.
|
||||
|
||||
To start apps from the console in dom0, type:
|
||||
|
||||
qvm-run -a <domain> "<app name> [arguments]"
|
||||
|
||||
e.g.:
|
||||
|
||||
qvm-run -a untrusted firefox
|
||||
|
||||
Adding, Removing, and Listing Domains
|
||||
-------------------------------------
|
||||
|
||||
Domains can easily be added and removed by clicking on the **Add** and **Remove** buttons in the Qubes VM Manager.
|
||||
|
||||
Domains can also be added, removed, and listed from command line (i.e., a console running in dom0) using the following tools:
|
||||
|
||||
- `qvm-create`
|
||||
- `qvm-remove`
|
||||
- `qvm-ls`
|
||||
|
||||
How Many Domains Do I Need?
|
||||
---------------------------
|
||||
|
||||
That's a great question, but there's no one-size-fits-all answer. It depends on the structure of your digital life, and this is at least a little different for everyone. If you plan on using your system for work, then it also depends on what kind of job you do.
|
||||
|
||||
It's a good idea to start out with the three domains created automatically by the installer: work, personal, and untrusted. Then, if and when you start to feel that some activity just doesn't fit into any of your existing domains, you can easily create a new domain for it. You'll also be able to easily copy any files you need to the newly created domain, as explained [here](/doc/copying-files/).
|
||||
|
||||
More paranoid people might find it worthwhile to read [this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html), which describes how one of the Qubes authors partitions her digital life into security domains.
|
||||
|
||||
Full Screen Domains
|
||||
-------------------
|
||||
|
||||
By default, Qubes doesn't allow any application window to occupy the entire screen such that its window name (which includes the name of the domain to which it belongs) and colored window border are no longer visible. This is a security precaution designed to prevent a situation in which an application which has been allowed to enter full screen mode begins to emulate the entire Qubes system. We want it to be the case that the user is always able to identify which domain is displaying any given window. Otherwise, a compromised domain which is able to occupy the entire screen could trick the user into thinking that she is interacting with a variety of different domains (including dom0), when in fact she is interacting with only a single, compromised domain pretending to be the whole system.
|
||||
|
||||
However, if the user makes use of an "expose-like" desktop switcher, such as the "Desktop Grid" effect that is enabled by default under KDE (default activation command: Ctrl-F8), then we can safely allow domains to enter full screen mode, as we have assurance that we can always "preempt" them by hitting the magic key combination (e.g., Ctrl-F8), which will be consumed by the trusted window manager and not passed down to the fullscreen AppVM. This means that the AppVM has no way of effectively "faking" the fullscreen view of the system, as the user can easily identify it as "just another AppVM." Theoretically, this could be achieved even with primitive Alt-Tab like switching, which should be available on simpler Window Managers (such as Xfce4, which we also support as an alternative dom0 Desktop Environment), but this might be less obvious to the user.
|
||||
|
||||
To allow domains to enter full screen mode, one should edit the `/etc/qubes/guid.conf` file in dom0.
|
||||
|
||||
E.g. to allow all domains to enter full screen mode, set `allow_fullscreen` flag to `true` in the `global` section:
|
||||
|
||||
global: {
|
||||
# default values
|
||||
allow_fullscreen = false;
|
||||
#allow_utf8_titles = false;
|
||||
#secure_copy_sequence = "Ctrl-Shift-c";
|
||||
#secure_paste_sequence = "Ctrl-Shift-v";
|
||||
#windows_count_limit = 500;
|
||||
};
|
||||
|
||||
To allow only select AppVMs to enter full screen mode, create a per-VM section, and set `allow_fullscreen` flag there to `true`:
|
||||
|
||||
VM: {
|
||||
work: {
|
||||
allow_fullscreen = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
In order for the changes to take effect, restart the AppVM(s).
|
||||
|
||||
* * * * *
|
||||
|
||||
Now that you're familiar with the basics, please have a look at the rest of the [documentation](/doc/).
|
||||
@ -1,35 +0,0 @@
|
||||
---
|
||||
layout: doc
|
||||
title: Qubes Research
|
||||
permalink: /doc/qubes-research/
|
||||
redirect_from:
|
||||
- /en/doc/qubes-research/
|
||||
- /doc/QubesResearch/
|
||||
- /wiki/QubesResearch/
|
||||
---
|
||||
|
||||
Here are some links to various papers/research projects that somehow relate to Qubes.
|
||||
|
||||
### Attacks on Intel TXT
|
||||
|
||||
- [Attacking Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf) by Rafal Wojtczuk, Joanna Rutkowska
|
||||
- [ACPI: Design Principles and Concerns](http://www.ssi.gouv.fr/IMG/pdf/article_acpi.pdf) by Loic Duflot, Olivier Levillain, and Benjamin Morin
|
||||
- [Another Way to Circumvent Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf) by Rafal Wojtczuk, Joanna Rutkowska, Alex Tereshkin
|
||||
- [Attacking Intel TXT® via SINIT code execution hijacking](http://www.invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT_hijacking.pdf) by Rafal Wojtczuk and Joanna Rutkowska
|
||||
|
||||
### Software attacks coming through devices
|
||||
|
||||
- [Can you still trust your network card?](http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf) by Loïc Duflot, Yves-Alexis Perez and others
|
||||
- [Remotely Attacking Network Cards (or why we do need VT-d and TXT)](http://theinvisiblethings.blogspot.com/2010/04/remotely-attacking-network-cards-or-why.html) by Joanna Rutkowska
|
||||
- [On Formally Verified Microkernels (and on attacking them)](http://theinvisiblethings.blogspot.com/2010/05/on-formally-verified-microkernels-and.html) by Joanna Rutkowska
|
||||
- [Following the White Rabbit: Software Attacks against Intel® VT-d](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) by Rafal Wojtczuk and Joanna Rutkowska
|
||||
|
||||
### Application-level security
|
||||
|
||||
- [Virtics: A System for Privilege Separation of Legacy Desktop Applications](http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-70.pdf) by Matt Piotrowski
|
||||
|
||||
### VMM/Xen disagregation
|
||||
|
||||
- [[http://tjd.phlegethon.org/words/sosp11-xoar.pdf](http://tjd.phlegethon.org/words/sosp11-xoar.pdf) "Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor] by Patrick Colp at el.
|
||||
(Also see [this thread on xen-devel](http://www.gossamer-threads.com/lists/xen/devel/230011))
|
||||
|
||||
18
doc.md
18
doc.md
@ -1,6 +1,6 @@
|
||||
---
|
||||
layout: default
|
||||
title: Qubes OS Documentation
|
||||
title: Documentation
|
||||
permalink: /doc/
|
||||
redirect_from:
|
||||
- /en/doc/
|
||||
@ -14,7 +14,6 @@ redirect_from:
|
||||
The Basics
|
||||
----------
|
||||
* [A Simple Introduction to Qubes](/intro/)
|
||||
* [Getting Started](/doc/getting-started/)
|
||||
* [Users' FAQ](/doc/user-faq/)
|
||||
* [Mailing Lists](/doc/mailing-lists/)
|
||||
* [Further reading: How is Qubes different from...?](http://blog.invisiblethings.org/2012/09/12/how-is-qubes-os-different-from.html)
|
||||
@ -87,13 +86,13 @@ Security Guides
|
||||
|
||||
Privacy Guides
|
||||
--------------
|
||||
* [Whonix for privacy & anonymization](/en/doc/privacy/whonix/)
|
||||
* [Install Whonix in Qubes](/en/doc/privacy/install-whonix/)
|
||||
* [Updating Whonix in Qubes](/en/doc/privacy/updating-whonix/)
|
||||
* [Customizing Whonix](/en/doc/privacy/customizing-whonix/)
|
||||
* [Uninstall Whonix from Qubes](/en/doc/privacy/uninstall-whonix/)
|
||||
* [How to Install a Transparent Tor ProxyVM (TorVM)](/en/doc/privacy/torvm/)
|
||||
* [How to set up a ProxyVM as a VPN Gateway](/en/doc/privacy/vpn/)
|
||||
* [Whonix for privacy & anonymization](/doc/privacy/whonix/)
|
||||
* [Install Whonix in Qubes](/doc/privacy/install-whonix/)
|
||||
* [Updating Whonix in Qubes](/doc/privacy/updating-whonix/)
|
||||
* [Customizing Whonix](/doc/privacy/customizing-whonix/)
|
||||
* [Uninstall Whonix from Qubes](/doc/privacy/uninstall-whonix/)
|
||||
* [How to Install a Transparent Tor ProxyVM (TorVM)](/doc/privacy/torvm/)
|
||||
* [How to set up a ProxyVM as a VPN Gateway](/doc/privacy/vpn/)
|
||||
|
||||
|
||||
Configuration Guides
|
||||
@ -164,5 +163,4 @@ For Developers
|
||||
* [Coding Guidelines](/doc/coding-style/)
|
||||
* [Documentation Guidelines](/doc/doc-guidelines/)
|
||||
* [Books for Developers](/doc/devel-books/)
|
||||
* [Research Papers](/doc/qubes-research/)
|
||||
* [Qubes OS License](/doc/license/)
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: doc
|
||||
title: Customizing Whonix
|
||||
permalink: /en/doc/privacy/customizing-whonix/
|
||||
permalink: /doc/privacy/customizing-whonix/
|
||||
---
|
||||
|
||||
Customizing Whonix
|
||||
@ -13,7 +13,7 @@ There are numerous ways to customize your Whonix install. All require a degree o
|
||||
|
||||
This is an optional security enhancement (for testers-only). If you're technical & interested, proceed, but do so *at your own risk!*
|
||||
|
||||
Note, if you want to use [Tor bridges](), AppArmor has been known in the past to cause problems with `obfsproxy` [see this issue](https://github.com/Whonix/Whonix/issues/67)
|
||||
Note, if you want to use [Tor bridges](https://www.whonix.org/wiki/Bridges), AppArmor has been known in the past to cause problems with `obfsproxy` [see this issue](https://github.com/Whonix/Whonix/issues/67)
|
||||
|
||||
You will want to complete the following instructions in both the **Whonix Gateway** referred to in Qubes VM Manager as `whonix-gw` and the **Whonix Workstation** or `whonix-ws`. You only need to apply these settings to the TemplateVMs before creating any template based VMs from these Whonix templates.
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: doc
|
||||
title: Install Whonix in Qubes
|
||||
permalink: /en/doc/privacy/install-whonix/
|
||||
permalink: /doc/privacy/install-whonix/
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: doc
|
||||
title: Uninstall Whonix from Qubes
|
||||
permalink: /en/doc/privacy/uninstall-whonix/
|
||||
permalink: /doc/privacy/uninstall-whonix/
|
||||
---
|
||||
|
||||
Uninstall Whonix from Qubes
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: doc
|
||||
title: Updating Whonix in Qubes
|
||||
permalink: /en/doc/privacy/updating-whonix/
|
||||
permalink: /doc/privacy/updating-whonix/
|
||||
---
|
||||
|
||||
Updating Whonix in Qubes
|
||||
@ -72,8 +72,6 @@ After upgrading either (easy) reboot.
|
||||
sudo reboot
|
||||
~~~
|
||||
|
||||
Or (harder) if you want to omit rebooting, use `checkrestart`. If you are interested in the latter, please click on expand on the right side.
|
||||
|
||||
|
||||
### Restart after Kernel Upgrades
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: doc
|
||||
title: Whonix for privacy & anonymizations
|
||||
permalink: /en/doc/privacy/whonix/
|
||||
permalink: /doc/privacy/whonix/
|
||||
---
|
||||
|
||||
Whonix for Privacy & Anonymity
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: doc
|
||||
title: Updating Debian and Whonix
|
||||
permalink: /en/doc/troubleshooting/updating-debian-and-whonix/
|
||||
permalink: /doc/troubleshooting/updating-debian-and-whonix/
|
||||
---
|
||||
|
||||
Updating Debian and Whonix
|
||||
@ -84,8 +84,6 @@ Install these packages without verification [y/N]?
|
||||
|
||||
Don't proceed! Press `N` and `<enter>`. Running `apt-get update` again should fix it. If not, something is broken or it's a [Man in the middle attack](https://www.whonix.org/wiki/Warning#Man-in-the-middle_attacks), which isn't that unlikely, since we are updating over Tor exit relays and some of them are malicious. Try to [change your Tor circuit](https://www.whonix.org/wiki/Arm#Arm).
|
||||
|
||||
{{Anchor|signature verification errors}}
|
||||
{{Anchor|signature verification warnings}}
|
||||
|
||||
### Signature Verification Warnings
|
||||
|
||||
@ -137,4 +135,4 @@ Be careful. If the updated file isn't coming from Whonix specific package (some
|
||||
How could you find out if the file is coming from a Whonix specific package or not?
|
||||
|
||||
* Whonix specific packages are sometimes called `whonix-...`. In the example above it's saying `Setting up ifupdown ...`, so the file isn't coming from a Whonix specific package. In this case, you should press `n` as advised in the paragraph above.
|
||||
* If the package name does include `whonix-...`, it's a Whonix specific package. In that case, your safest bet should be pressing `y`, but then you would loose your customized settings. You can re-add them afterwards. Such conflicts will hopefully rarely happen, if you use [Whonix modular flexible .d style configuration folders].
|
||||
* If the package name does include `whonix-...`, it's a Whonix specific package. In that case, your safest bet should be pressing `y`, but then you would loose your customized settings. You can re-add them afterwards. Such conflicts will hopefully rarely happen, if you use [Whonix modular flexible .d style configuration folders](https://www.whonix.org/wiki/Whonix_Configuration_Files).
|
||||
|
||||
Loading…
Reference in New Issue
Block a user