mirror of
https://github.com/Anon-Planet/thgtoa.git
synced 2024-12-24 23:09:40 -05:00
commit
5e17456d28
15
guide.md
15
guide.md
@ -4922,7 +4922,9 @@ We will follow the instructions from their own guide <https://www.qubes-os.org/d
|
||||
|
||||
(Secure Boot is not supported as per their FAQ: <https://www.qubes-os.org/faq/#is-secure-boot-supported> <sup>[[Archive.org]][369]</sup> so it should be disabled in the BIOS/UEFI settings.)
|
||||
|
||||
- Download the latest Qubes OS 4.0.x installation ISO according to their hardware compatibility list.
|
||||
- Download the latest Qubes OS 4.1.x installation ISO according to their hardware compatibility list.
|
||||
|
||||
- Get and verify the Qubes OS Master Signing key: <https://keys.qubes-os.org/keys/qubes-master-signing-key.asc>
|
||||
|
||||
- Prepare a USB key with the Qubes OS ISO file
|
||||
|
||||
@ -4932,8 +4934,16 @@ We will follow the instructions from their own guide <https://www.qubes-os.org/d
|
||||
|
||||
- If you want to use Tor over VPN or cannot use any of those, leave it unchecked.
|
||||
|
||||
- Be absolutely sure that you are verifying the signature of the ISO, which you can find on this page: <https://www.qubes-os.org/security/verifying-signatures/> <sup>[[Archive.org]][1367]</sup>. Check by obtaining the fingerprint from multiple independent sources in several different ways as recommended. This is to ensure the image has not been tampered with. Do not skip this vital step even though we know we are getting the ISO from a trusted source, because it's possible for the Qubes website to be compromised.
|
||||
|
||||
- If you cannot use Tor at all, there is also no point in installing Whonix. So, you should disable Whonix installation within the Software Selection Menu.
|
||||
|
||||
To be sure your Qubes ISO hasn't been tampered with, you should get the Qubes master key fingerprint from multiple different sources. This guide can be used as one source.
|
||||
|
||||
The Qubes master signing key fingerprint should match `427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494`.
|
||||
|
||||
*Remember to read the guide to verifying signatures on the Qubes website: <https://www.qubes-os.org/security/verifying-signatures/> <sup>[[Archive.org]][1367]</sup>.*
|
||||
|
||||
### Lid Closure Behavior:
|
||||
|
||||
Unfortunately, Qubes OS does not support hibernation[^366] which is IMHO an issue regarding cold-boot attacks. To mitigate those, I highly recommend that you configure Qubes OS to shut down on any power action (power button, lid closure). You can do set this from the XFCE Power Manager. Do not use the sleep features.
|
||||
@ -4992,7 +5002,7 @@ After you are connected to a Wi-Fi you need to update Qubes OS and Whonix. You m
|
||||
|
||||
### Updating Whonix from version 15 to version 16:
|
||||
|
||||
Follow the instructions on <https://www.whonix.org/wiki/Qubes/Install> <sup>[[Archive.org]][371]</sup>
|
||||
Follow the instructions on <https://www.whonix.org/wiki/Qubes/Install> <sup>[[Archive.org]][371]</sup>. *If you're running Qubes 4.1, this is already done for you.*
|
||||
|
||||
### Hardening Qubes OS:
|
||||
|
||||
@ -14791,3 +14801,4 @@ You can find some introduction on these on these projects:
|
||||
[1364]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
|
||||
[1365]: https://web.archive.org/web/https://github.com/psal/anonymouth
|
||||
[1366]: https://web.archive.org/web/https://psal.cs.drexel.edu/index.php/Main_Page
|
||||
[1367]: https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/
|
||||
|
Loading…
Reference in New Issue
Block a user