←back to thread

QubesOS – A reasonably secure operating system

(www.qubes-os.org)
176 points TheFreim | 1 comments | 11 Jul 23 18:11 UTC | HN request time: 0.242s | source
Show context
KingMachiavelli ◴[11 Jul 23 19:18 UTC] No.36685961[source]
QubesOS is very cool but I've always thought it'd cool/better if it was a patchset or repo on top of an existing distro like Archlinux or NixOS. I think that would be useful so you could adopt features from QubesOS individually and swap out different components. For example, it'd be nice to use KVM (QEMU or even crosvm) instead of Xen or build a Wayland based system instead of X11.
replies(5): >>36685974 #>>36685987 #>>36686283 #>>36687774 #>>36688749 #
1. vacuity ◴[11 Jul 23 23:56 UTC] No.36688749[source]
They did consider KVM initially; I don't know how much things have changed and if they've reconsidered. The reasoning was that KVM's means of virtualization is too closely coupled with the Linux kernel, whereas Xen's hypervisor and dom0 are more separable.

> In Xen, at no point does the execution path jump out of the hypervisor to e.g. Dom0. Everything is contained within the hypervisor. Consequently itʼs easier to perform the careful security code audit of the Xen hypervisor, as itʼs clear which code really belongs to the hypervisor.

From the original 0.3 spec