After a few days tinkering around with Qubes OS 3.2 I must say that I am very impressed. It is an awesome operating system and has a lot of interesting use cases. I will not be able to use it as my main operating system, though. There are several reasons for that:
Poor hardware support - I sometimes need hardware acceleration from my two graphic cards, and Qubes OS does not support this, unless you create a HVM and pass-through one of the cards. HVMs do not work like PVMs, though - and have given me trouble on all three instances that I used HVMs. This poor hardware support also causes xorg in dom0 to run at about 25% to 40% CPU usage at all times, with no VMs started. That's not good. This is on an i7, mind you.
The double-edged sword - while the security architecture is amazing, it also causes some issues when you want to do some penetration testing for instance. There is no easy way to quickly lower security on any VM, so you have to setup new net and proxy vms for all of your …
Did not go all too well. The machine would load into the boot menu, but if I would change focus from the Kali HVM window to any other window the keyboard input in the Kali HVM starts to go haywire and have several seconds of delay.
Currently trying one of the alternatives (installing Kali on top of a Debian 9 VM template). Will let you know if that works better.
P.S.: Might also have a go at installing Blackarch in a HVM, since Archlinux seems to work very well in a HVM.
I have tried to install and use the Archlinux Template according to the official documentation, which completed fine, but left me with a system that can not be updated, because of dependency conflicts with Qubes-internal modules.
Like I said, everything was fine (and actually is fine if I do not want to update my Archlinux), but trying a system update shows dependency issues with pulseaudio and the xorg-server. I guess that's where the bleeding-edge aspect of Archlinux's rolling release method shows its head (leaving out the ugly on purpose). The maintainer of the Archlinux template for Qubes is already on the case from what I can tell by looking at the Qube repos on Github.
I have not tried compiling my own Qube, yet (the second part of the documentation) or to create a HVM for Archlinux. I might try that this coming weekend and will let you know how it goes.
The installation from the Qubes 2.3 i3 installation documentation worked very well, no issues whatsoever. After logging in and back out I was greeted by my familiar desktop (or lack thereof) and was able to make some tweaks to the config file (an ~/.config/i3/config).
I noticed that the Qubes VM Manager was gone. After restarting the laptop and logging back into i3 the manager loaded, though.
Everything seems to be working very well, just have to get used to starting the vm's name when using the dmenu. One glitch that I have noticed, but wasn't able to reproduce, yet, is that some of the icons disappeared from the i3 status bar at random. I think it happened when I reloaded the i3 config, but I am not sure. Will add to the post if I am able to reproduce it.
Qubes 3.2 is great if you need to handle malicious files. Just create yourself a quarantine vm that has no network access and you're good to go - you could of course use a disposable VM, but that is a topic for another post. There is also a pre-installed (if you have chosen so during setup) "vault vm" that is already configured for this purpose.
To get clamav onto these vms I opened a terminal on the "fedora-23 template vm" and installed clam:
sudo dnf -y install clamav clamav-update
sudo vim /etc/freshclam.conf
sudo vim /etc/sysconfig/freshclam
The two config files will tell you what to do when you edit them, so just follow the instructions.
Using freshclam on the template vm does not work, unless you allow it to access the internet for a while (in the vm settings, firewall tab). But since I'll only really need it in my quarantine vm I just started a terminal in the "quarantine vm" and did a "sudo freshclam" there.
So when I followed the installation instructions of Qubes 3.2 and got to the second stage of installing the system (after files had been copied, directly after the first reboot) the system froze during "network setup" and I had to cold start my laptop. Looking for similar issues and solutions was quite the challenge and involved sifting through Google groups threads which had some contradicting answers.
In my case the culprit was the wireless card, a BCM4313, and a too restrictive PCI arb. So I reinstalled and disabled my wifi card in the BIOS for this setup.
Everything went smooth now and I could finish the installation, but the system was still a little bit unstable.
I have the laptop connected to an external monitor via HDMI and the system was trying to initialize pulseaudio and could not properly connect to the audio output (monitor does not have one). So pulseaudio was going to 100% cpu usage every few seconds trying to initialize the output.
My blog does not seem to recognize me after four years of inactivity... At least it tells me that the post will be posted by "unknown"... Oh well, we will see if I can make it recognize me again with some upcoming articles about Qubes OS.
I've been tinkering around with if for a few days now and ran into some obstacles on the way that it was semi-hard to find some concrete answers to. So I thought I'd keep track of what I had to do to start using it on this blog.