A not-so-badly secure OS config

Jump to posts ↓

Since several years now, I use Qubes OS (https://www.qubes-os.org/). It is an awesome general-purpose operating system, one of the most secure I was able to try and one I enjoyed using on a daily basis for all those years. It really fits my basic needs such as browsing and coding. Gaming might be a bit more challenging, but I didn't need it.

Anyway, using Qubes OS when having strong security requirements is a no-brainer to me.

After running it for a while, I realized that it might be a bit too much to cover my current threat model in regard to the constraints it involves. The most annoying ones for me are the memory consumption and the fact it is complex to generate and configure my qubes [1].

Regarding the former, I am usually doing several things in parallel, such as looking at bank accounts while browsing something for the house during a never ending coding session. As all of this involves different security contexts, it takes place in different qubes and I often have to stop a qube in order to start another one due to lack of memory. 8GB of RAM is definitively not enough for basic needs.

Regarding the latter, I tried to play with SaltStack which is natively integrated within Qubes OS. Nevertheless, it has limitations such as splitting qube creation from qube configuration and limited reuse, it involves interacting with dom0 [2] and have OS packages mostly tied to Fedora or Debian. In addition, it requires a lot of maintenance, qubes generation are hard to reproduce and bugs are hard to fix because dom0 slowly evolves by design [3].

The objective of this series is to find a fully declarative and reproducible way to configure a rather secure Linux laptop.

Let's be honest, it is also a pretext to play a bit more with current open source operating systems.

For sure, I might not be able to mitigate as many risks as Qubes OS does, but I might not need it as well.

  1. A qube is an isolated compartment in Qubes OS, so far implemented as a virtual machine in a Xen-based virtualization.

  2. dom0 is the most trusted zone in Qubes OS and you should not mess up with. Having dom0 compromised means the entire system is compromised.

  3. As dom0 is the most trusted zone in Qubes OS, frequent OS updates can be a threat and dom0 will generally rely on an old Fedora version (see Qubes OS documentation for more details)

All posts

  • 1

Choosing an OS according to expectations and security threats

osguixnixsecurity

A quick definition of my expectations and threats regarding operating systems and the choice of the one that might best meet them, at least on paper

Read more 
  • 2

Preparing for Guix System installation

osguix

How to be ready to install Guix System on a laptop, from checking hardware to preparing the installation media

Read more