Originally this post was going to cover the basics of what Qubes is along with a summary consisting of installation and basic use. Unfortunately it seems that I do not have the appropriate hardware to successfully install Qubes. I tried installing Qubes in a Virtual Machine (which hung identifying hardware) and also on my desktop (where the graphical installer hung identifying basic storage). I did however document the process for verifying the integrity of the Qubes .iso that I downloaded (which may be of use to some people).
Qubes is is an open source operating system designed to provide strong security for desktop computing. Based on Xen, the X Window System, and Linux, Qubes can run most Linux applications and drivers.
In Qubes OS programs are divided between different “domains” such as work, personal, banking and so on – effectively sand-boxing applications. While users can securely copy and paste and transfer files between domains each domain remains isolated from the others. Even the networking and storage subsystems reside in different virtual machines. If a virus is acquired in your ‘browsing’ domain for example it will have no access to the online banking session that you have open in your ‘banking; domain.
The minimum hardware requirements for Qubes is as follows:
- 4GB of RAM
- 64-bit Intel or AMD processor
- Intel GPU strongly recommended (if you have Nvidia GPU, prepare for some troubleshooting – ATI hardware has not been tested yet)
- 10GB of disk (Note that it is possible to install Qubes on an external USB disk but bear in mind that USB disks are usually slow!)
Note: it is not recommended that you try installing Qubes in a Virtual Machine.
With the basics out of the way download the Qubes.iso and .asc files to your home directory from here.
The security conscious will want to verify the integrity of the Qubus .iso which is done as follows.
Click Applications, Accessories and then Terminal.
Download the public portion of the Qubes Master Signing Key (0x36879494):
gpg --recv-keys 0x36879494
The fingerprint of the Master Key is published here (as duplicated below):
pub 4096R/36879494 2010-04-01 Key fingerprint = 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 uid Qubes Master Signing Key
We can verify the fingerprint of the Master Key as follows:
gpg --fingerprint 0x36879494
As we can see the fingerprints match.
Now we can import the Master Key and set its trust level so that it can be used to verify other Qubes keys:
gpg --edit-key 0x36879494
You will now see a Command> prompt in the terminal:
Enter the command trust and press Enter:
Press the number 5 key for ultimate trust and then press Enter. At the question Do you really want to set this key to ultimate trust? press the Y key and then press Enter again.
You will be returned to the Command> prompt – press the Q key to exit.
Now that we have imported the Master Key we can download the Qubes OS Release 1 Signing Key:
gpg --recv-keys AC1BF9B3
With the Qubes OS Release 1 Key we can now verify the Qubes .iso with the following command:
gpg -v Qubes-R1-Beta1-x86_64-DVD.iso.asc
As you can see we have successfully verified the integrity of the Qubes OS .iso.
Burn the .iso to a DVD to install or follow the instructions here to install to a USB drive.
This is what Qubes will look like if you get it running – it is certainly something that I would like to take a look at again (hardware permitting) especially once it reaches a stable release (hopefully later this year). Windows are colored according to their domain:
There is also a good overview of Qubes OS on geek.com.