[xrd]

I didn't know about qubes before this, but Edward Snowden's testimonial hooked me.

So, qubes is an OS where each "process" is more or less an isolated Xen VM, is that a good starting point?

I have so many more questions about qubes than your project, but I've been struggling to find a good way to run Windows VMs on Linux reliably and your project looks great for that. Once I get a qubes os box up, I'll give it a try.

[elliotkillick]

You're starting to get the idea:

Qubes OS assumes that it's impossible to ensure every single application you will be running on your computer is secure. Therefore, the best way to secure your computer is to isolate all of the applications as much as possible so the exploitation of one doesn't lead to compromise of another or the entire system. Through (heavily minimized) Xen VMs is the most basic way Qubes seeks to provide this isolation. However, it goes much further than that into the networking stack, audio stack, GUI stack, and much more. This all lies on a security principle known as "security by isolation" or "security by compartmentalization".

You typically have different "qubes" (VMs) for all of your different day-to-day tasks/activities. Although, not necessarily each process.

By all means give it a try, you won't regret it!

[allset_]

If only the hardware compatibility was better. It hasn't worked on my past three laptops.

[elliotkillick]

I'm aware hardware support on Qubes has been problematic for some users. Luckily, it's looking to get a lot better with the up-and-coming Qubes R4.1 (currently on it's first release candidate). It will be shipping with a fully updated base hypervisor and kernel feature set to allow support for newer hardware.

I'm not quite sure the specifics of your hardware problem, but, feel free to file a bug on the Qubes issue tracker.

[Bombthecat]

Does 3d card passthrough work?

[elliotkillick]

If you're referring to GPU passthrough, then yes, in practice much better with AMD cards then Nvidia cards.

[ncmncm]

I have been wondering... Instead of exposing the hardware GPU to the appVM, would a Vulkan virtualization work? I.e., VM sees a Vulkan API that forwards calls to a dedicated graphics VM that runs them.

(I understand that getting windos to use them could be hard.)

[shadilay]

Nvidia no longer throws error 43 on new drivers. AMD cards before the 6000 series also have a PCIe reset bug which forces you to reboot the host.

[xrd]

Yes, I was wanting to try this on a spare laptop but having to trial on a bunch until one works is going to be challenging. Is there a place to find supported hardware?

I actually care very little about anything other than the network stack. If audio doesn't work, it won't bother me.

[elliotkillick]

You're in luck, there exists exactly what you're looking for. It's called the Hardware Compatibility List (HCL), see here: https://www.qubes-os.org/hcl/

[fsflover]

See also: https://forum.qubes-os.org/t/community-recommended-computers

[xrd]

Wow, this is so incredible. Thank you!

[formerly_proven]

FWIW I've run Qubes on a few random Intel laptops years ago and it just worked on all of them. (Including on an esoteric milspec laptop which oozed hacker-street-cred at the time).

[ncmncm]

There is a hardware compatibility page with user reports.

The main thing is that, to be practical, it needs at least 16GB of RAM. With only 16GB, you will want to use the ZRAM swap driver on your linux VMs. Dunno if any equivalent exists for windos.

[crtasm]

Well that isn't universal. I've made do with 8gb and get on fine with 16gb while never having heard of that ZRAM driver.

[ncmncm]

OK. My personal recommendation is, don't even try with a machine smaller than 16GB, and expect to need to manually apportion memory between VMs if you have less than 32GB.