Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Move documentation-related pages back into qubes-doc

Browse Source
This commit is contained in:
Axon 2015-09-23 12:39:06 +00:00
parent 41c6988d8b
commit b948b32ae0
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
2 changed files with 224 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
doc.md Normal file
View File

@ -0,0 +1,145 @@
---
layout: doc
title: Documentation
permalink: /doc/
redirect_from:
- "/doc/UserDoc/"
- "/wiki/UserDoc/"
- "/doc/QubesDocs/"
- "/wiki/QubesDocs/"
---
Qubes OS Documentation
======================
The Basics
----------
* [A Simple Introduction to Qubes](/intro/)
* [Getting Started](/doc/GettingStarted/)
* [Users' FAQ](/doc/UserFaq/)
* [Further reading: How is Qubes different from...?](http://blog.invisiblethings.org/2012/09/12/how-is-qubes-os-different-from.html)
* [Further reading: Why Qubes is more than a collection of VMs](http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)
Choosing Your Hardware
----------------------
* [System Requirements](/doc/SystemRequirements/)
* [Hardware Compatibility List (HCL)](/hcl)
* Qubes Certified Laptops ([coming soon!](https://twitter.com/Puri_sm/status/644963433293717504))
Installing Qubes
----------------
* [Use Qubes without installing: Qubes Live USB (alpha)](https://groups.google.com/d/msg/qubes-users/IQdCEpkooto/iyMh3LuzCAAJ)
* [How to Install Qubes](/doc/InstallationGuide/)
* [Qubes Downloads](/downloads/)
* [Why and How to Verify Signatures](/doc/VerifyingSignatures/)
* [Security Considerations when Installing](/doc/InstallSecurity/)
Common Tasks
------------
* [Copying and Pasting Text Between Domains](/doc/CopyPaste/)
* [Copying and Moving Files Between Domains](/doc/CopyingFiles/)
* [Copying Files to and from dom0](/doc/CopyToDomZero/)
* [Mounting USB Drives to AppVMs](/doc/StickMounting/)
* [Updating Software in dom0](/doc/SoftwareUpdateDom0/)
* [Updating and Installing Software in VMs](/doc/SoftwareUpdateVM/)
* [Backup, Restoration, and Migration](/doc/BackupRestore/)
* [Disposable VMs](/doc/DisposableVms/)
* [Managing Application Shortcuts](/doc/ManagingAppVmShortcuts/)
* [Enabling Fullscreen Mode](/doc/FullScreenMode/)
Managing Operating Systems within Qubes
---------------------------------------
* [TemplateVMs](/doc/Templates/)
* [Templates: Fedora - minimal](/doc/Templates/FedoraMinimal/)
* [Templates: Debian](/doc/Templates/Debian/)
* [Templates: Archlinux](/doc/Templates/Archlinux/)
* [Templates: Ubuntu](/doc/Templates/Ubuntu/)
* [Templates: Whonix](/doc/Templates/Whonix/)
* [Installing and Using Windows-based AppVMs (Qubes R2 Beta 3 and later)](/doc/WindowsAppVms/)
* [Creating and Using HVM and Windows Domains (Qubes R2+)](/doc/HvmCreate/)
* [Advanced options and troubleshooting of Qubes Tools for Windows (R3)](/doc/WindowsTools3/)
* [Advanced options and troubleshooting of Qubes Tools for Windows (R2)](/doc/WindowsTools2/)
* [Uninstalling Qubes Tools for Windows 2.x](/doc/UninstallingWindowsTools2/)
* [Upgrading the Fedora 20 Template](/doc/FedoraTemplateUpgrade20/)
* [Upgrading the Fedora 18 Template](/doc/FedoraTemplateUpgrade18/)
* [Tips for Using Linux in an HVM](/doc/LinuxHVMTips/)
* [Creating NetBSD VM](https://groups.google.com/group/qubes-devel/msg/4015c8900a813985)
Security Guides
---------------
* [General Security Information](/doc/QubesSecurity/)
* [Security Guidelines](/doc/SecurityGuidelines/)
* [Understanding Qubes Firewall](/doc/QubesFirewall/)
* [Understanding and Preventing Data Leaks](/doc/DataLeaks/)
* [Installing Anti Evil Maid](/doc/AntiEvilMaid/)
* [Using Multi-factor Authentication with Qubes](/doc/Multi-factorAuthentication/)
* [Using GPG more securely in Qubes: Split GPG](/doc/SplitGpg/)
* [Configuring YubiKey for user authentication](/doc/YubiKey/)
* [Note regarding password-less root access in VM](/doc/VMSudo/)
Configuration Guides
--------------------
* [Configuration Files](/doc/ConfigFiles/)
* [How to Install a Transparent Tor ProxyVM (TorVM)](/doc/TorVM/)
* [How to set up a ProxyVM as a VPN Gateway](/doc/VPN/)
* [Storing AppVMs on Secondary Drives](/doc/SecondaryStorage/)
* [Where are my external storage devices mounted?](/doc/ExternalDeviceMountPoint/)
* [Resizing AppVM and HVM Disk Images](/doc/ResizeDiskImage/)
* [Extending `root.img` Size](/doc/ResizeRootDiskImage/)
* [Installing ZFS in Qubes](/doc/ZFS/)
* [Creating Custom NetVMs and ProxyVMs](http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html)
* [How to make proxy for individual tcp connection from networkless VM](https://groups.google.com/group/qubes-devel/msg/4ca950ab6d7cd11a)
* [HTTP filtering proxy in Qubes firewall VM](https://groups.google.com/group/qubes-devel/browse_thread/thread/5252bc3f6ed4b43e/d881deb5afaa2a6c#39c95d63fccca12b)
* [Adding Bridge Support to the NetVM (EXPERIMENTAL)](/doc/NetworkBridgeSupport/)
* [Assigning PCI Devices to AppVMs](/doc/AssigningDevices/)
* [Enabling TRIM for SSD disks](/doc/DiskTRIM/)
* [Configuring a Network Printer](/doc/NetworkPrinter/)
* [Using External Audio Devices](/doc/ExternalAudio/)
* [Booting with GRUB2 and GPT](https://groups.google.com/group/qubes-devel/browse_thread/thread/e4ac093cabd37d2b/d5090c20d92c4128#d5090c20d92c4128)
Customization Guides
--------------------
* [DispVM Customization](/doc/DispVMCustomization/)
* [XFCE Installation in dom0](/doc/XFCE/)
* [Customizing the GUI experience with KDE](https://groups.google.com/d/topic/qubes-users/KhfzF19NG1s/discussion)
* [Language Localization](/doc/LanguageLocalization/)
Troubleshooting
---------------
* [Home directory is out of disk space error](/doc/OutOfmemory/)
* [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76)
* [How to install an Nvidia driver in dom0](/doc/InstallNvidiaDriver/)
* [Solving problems with Macbook Air 2012](https://groups.google.com/group/qubes-devel/browse_thread/thread/b8b0d819d2a4fc39/d50a72449107ab21#8a9268c09d105e69)
* [Getting Sony Vaio Z laptop to work with Qubes](/doc/SonyVaioTinkering/)
* [Getting Lenovo 450 to work with Qubes](/doc/Lenovo450Tinkering/)
Reference Pages
---------------
* [Dom0 Command-Line Tools](/doc/DomZeroTools/)
* [DomU Command-Line Tools](/doc/VmTools/)
* [Glossary of Qubes Terminology](/doc/Glossary/)
* [Qubes Service Framework](/doc/QubesService/)
* [Command Execution in VMs (and Qubes RPC)](/doc/Qrexec/)
For Developers
--------------
* [Developer Documentation](/doc/SystemDoc/)
* [Developers' FAQ](/doc/DevelFaq/)
* [How can I contribute to the Qubes project?](/doc/ContributingHowto/)
* [Source Code](/doc/SourceCode/)
* [Coding Guidelines](/doc/CodingStyle/)
* [Documentation Guidelines](/doc/doc-guidelines/)
* [Books for Developers](/doc/DevelBooks/)
* [Research Papers](/doc/QubesResearch/)
* [Architecture](/doc/QubesArchitecture/)
* [Licensing](/doc/QubesLicensing/)

79
intro.md Normal file
View File

@ -0,0 +1,79 @@
---
layout: doc
title: Introduction
permalink: /intro/
redirect_from:
- "/doc/SimpleIntro/"
- "/wiki/SimpleIntro/"
---
A Simple Introduction to Qubes
==============================
This is a short, non-technical introduction to Qubes intended for a popular audience. (If you just want to quickly gain a basic understanding of what Qubes is all about, you're in the right place!)
What is Qubes?
--------------
Qubes is a security-oriented operating system (OS). The OS is the software which runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software (FOSS). This means that everyone is free to use, copy, and change the software in any way. It also means that the source code is openly available so others can contribute to and audit it.
Why is OS security important?
-----------------------------
Most people use an operating system like Windows or OS X on their desktop and laptop computers. These OSes are popular because they tend to be easy to use and usually come pre-installed on the computers people buy. However, they present problems when it comes to security. For example, you might open an innocent-looking email attachment or website, not realizing that you're actually allowing malware (malicious software) to run on your computer. Depending on what kind of malware it is, it might do anything from showing you unwanted advertisements to logging your keystrokes to taking over your entire computer. This could jeopardize all the information stored on or accessed by this computer, such as health records, confidential communications, or thoughts written in a private journal. Malware can also interfere with the activities you perform with your computer. For example, if you use your computer to conduct financial transactions, the malware might allow its creator to make fradulent transactions in your name.
Aren't antivirus programs and firewalls enough?
-----------------------------------------------
Unfortunately, conventional security approaches like antivirus programs and (software and/or hardware) firewalls are no longer enough to keep out sophisticated attackers. For example, nowadays it's common for malware creators to check to see if their malware is recognized by any popular antivirus programs. If it's recognized, they scramble their code until it's no longer recognizable by the antivirus programs, then send it out. The best antivirus programs will subsequently get updated once the antivirus programmers discover the new threat, but this usually occurs at least a few days after the new attacks start to appear in the wild. By then, it's typically too late for those who have already been compromised. In addition, bugs are inevitably discovered in the common software we all use (such as our web browsers), and no antivirus program or firewall can prevent all of these bugs from being exploited.
How does Qubes provide security?
--------------------------------
Qubes allows you to separate the various parts of your digital life into securely isolated virtual machines (VMs). A VM is basically a simulated computer with its own OS which runs as software on your physical computer. You can think of a VM as a *computer within a computer*. This allows you to have, for example, one VM for visiting untrusted websites and a different VM for doing online banking. This way, if your untrusted browsing VM get compromised by a malware-laden website, your online banking activities won't be at risk. Similarly, if you're concerned about risky email attachments, Qubes can make it so that every attachment gets opened in its own single-use, "disposable" VM.
In general, Qubes takes an approach called **security by isolation**, which in this context means keeping the things you do on your computer securely isolated in different VMs so that one VM getting compromised won't affect the others. This allows you to do everything on a single physical computer without having to worry about one successful cyberattack taking down your entire digital life in one fell swoop.
How does Qubes compare to using a "live CD" OS?
-----------------------------------------------
Booting your computer from a live CD (or DVD) when you need to perform sensitive activities can certainly be more secure than simply using your main OS, but this method still preserves many of the risks of conventional OSes. For example, popular live OSes (such as [Tails](https://tails.boum.org/) and other Linux distributions) are still **monolithic** in the sense that all software is still running in the same OS. This means, once again, that if your session is compromised, then all the data and activities performed within that same session are also potentially compromised.
How does Qubes compare to running VMs in a convential OS?
---------------------------------------------------------
Not all virtual machine software is equal when it comes to security. You may have used or heard of VMs in relation to software like VirtualBox or VMware Workstation. These are known as "Type 2" or "hosted" hypervisors. (The **hypervisor** is the software, firmare, or hardware that creates and runs virtual machines.) These programs are popular because they're designed primarily to be easy to use and run under popular OSes like Windows (which is called the **host** OS, since it "hosts" the VMs). However, the fact that Type 2 hypervisors run under the host OS means that they're really only as secure as the host OS itself. If the host OS is ever compromised, then any VMs it hosts are also effectively compromised.
By contrast, Qubes uses a "Type 1" or "bare metal" hypervisor called [Xen](http://www.xenproject.org). Instead of running inside an OS, Type 1 hypervisors run directly on the "bare metal" of the hardware. This means that an attacker must be capable of subverting the hypervisor itself in order to compromise the entire system, which is vastly more difficult.
Qubes makes it so that multiple VMs running under a Type 1 hypervisor can be securely used as an integrated OS. For example, it puts all of your application windows on the same desktop with special colored borders indicating the trust levels of their respective VMs. It also allows for things like secure copy/paste operations between VMs, securely copying and transferring files between VMs, and secure networking between VMs and the Internet.
How does Qubes compare to using a separate physical machine?
------------------------------------------------------------
Using a separate physical computer for sensitive activities can certainly be more secure than using one computer with a conventional OS for everything, but there are still risks to consider. Briefly, here are some of the main pros and cons of this approach relative to Qubes:
Pros:
- Physical separation doesn't rely on a hypervisor. (It's very unlikely that an attacker will break out of Qubes' hypervisor, but if she were to manage to do so, she could potentially gain control over the entire system.)
- Physical seaparation can be a natural complement to physical security. (For example, you might find it natural to lock your secure laptop in a safe when you take your unsecure laptop out with you.)
Cons:
- Physical separation can be cumbersome and expensive, since we may have to obtain and set up a separate physical machine for each security level we need.
- There's generally no secure way to transfer data between physically separate computers running conventional OSes. (Qubes has a secure inter-VM file transfer system to handle this.)
- Physically separate computers running conventional OSes are still independently vulnerable to most conventional attacks due to their monolithic nature.
- Malware which can bridge air gaps has existed for several years now and is becoming increasingly common.
(For more on this topic, please see the paper [Software compartmentalization vs. physical separation](http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf).)
More information
----------------
This page is just a brief sketch of what Qubes is all about, and many technical details have been omitted here for the sake of presentation.
- If you're a current or potential Qubes user, you may want to check out the [documentation](/doc/UserDoc/) and the [FAQ](/doc/UserFaq/).
- If you're a developer, there's dedicated [documentation](/doc/SystemDoc/) and an [FAQ](/doc/DevelFaq/) just for you.
- Ready to give Qubes a try? Head on over to the [downloads page](/downloads/).
- Once you've installed Qubes, here's a guide on [getting started](/doc/GettingStarted/).