←back to thread

Qubes OS will ship pre-installed on Purism’s security-focused Librem 13 laptop

(arstechnica.com)
154 points walterbell | 3 comments | 15 Dec 15 07:52 UTC | HN request time: 0.901s | source
1. feld ◴[15 Dec 15 14:37 UTC] No.10737933[source]
How is Qubes immune to Xen security issues? Slimmed down, only using PVHVM? I'm sure there have still been some CVEs that apply...
replies(1): >>10738526 #
2. j_s ◴[15 Dec 15 16:07 UTC] No.10738526[source]
The reality appears to be as you have stated (some CVEs that apply).

https://news.ycombinator.com/item?id=10471912

https://raw.githubusercontent.com/QubesOS/qubes-secpack/mast...

Because there have been, of course, many more security bugs found in Xen over the last years (as the numbering of this XSA suggests). True, majority of these didn't affect Qubes OS, sometimes by pure luck, sometimes because of the extra prudence we applied, many other times because of the architectural decisions we made.

replies(1): >>10739020 #
3. nickpsecurity ◴[15 Dec 15 17:28 UTC] No.10739020[source]
I warned them Xen was a bad foundation versus extended more secure microkernel designs. Some already had Linux in user-mode. Joanna ranted a ton then to defend her decision. Funny to see her ranting at Xen now on their mailing list and writing crap like that about what bullets they dodged.

Fortunately, GenodeOS is improving nicely and follows right principles much like what I suggested for Qubes.