Qubes OS

Qubes OS is a security-focused desktop operating system that aims to provide security through isolation.^[7] Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines called qubes. Virtualization services in Qubes OS are provided by the Xen hypervisor.

"Qubes" redirects here. For the arcade game, see Q*bert's Qubes. For other uses, see Qube (disambiguation).

Developer

The Qubes OS Project

Invisible Things Labs

Joanna Rutkowska

Linux (Unix-like)

Current

Open source with proprietary blobs,^[1]^[2]

September 3, 2012 (2012-09-03)^[3]

4.2.1^[4] / 26 March 2024 (26 March 2024)

4.2.1-rc1^[5] / March 16, 2024 (2024-03-16)

security by compartmentalization, desktop

Multilingual

DNF (PackageKit)

RPM Package Manager

x86-64

Microkernel (Xen Hypervisor running minimal Linux-based OSes and others)

GNU^{[note 1]}

Official templates:
- Fedora
- Debian
Community templates:
- Whonix
- Ubuntu
- Arch Linux
- CentOS
- Gentoo

Xfce

Free software licenses
(mainly GPL v2^[6])

qubes-os.org

The runtimes of individual qubes are generally based on a unique system of underlying operating system templates. Templates provide a single, immutable root file system which can be shared by multiple qubes. This approach has two major benefits. First, updates to a given template are automatically "inherited" by all qubes based on it. Second, shared templates can dramatically reduce storage requirements compared to separate VMs with a full operating install per secure domain.

The base installation of Qubes OS provides a number of officially supported templates based on the Fedora and Debian Linux distributions. Alternative community-supported templates include Whonix, Ubuntu, Arch Linux, CentOS, or Gentoo.^[8] Users may also create their own templates.

Operating Systems like Qubes OS are referred to in academia as Converged Multi-Level Secure (MLS) Systems.^[9] Other proposals of similar systems have surfaced^[10]^[11] and SecureView and VMware vSphere are commercial competitors.

64-bit Intel or AMD processor with virtualization extensions (Since 2013, Qubes OS only supports 64-bit processors. In addition, since release 4.x, Qubes OS requires either an Intel processor with support for VT-x with EPT and Intel VT-d or an AMD processor with support for AMD-V with RVI (SLAT) and AMD-Vi (aka AMD IOMMU). ^[20] This is not a major issue for AMD processors since AMD IOMMU is functionally identical to Intel's VT-d.^[20])

[18]

6 GB RAM minimum

32 GB disk space minimum

[21]

As a desktop-focused operating system, Qubes OS targets personal computer hardware. This market is dominated by laptops running Intel and AMD processors and chipsets.

The base system requirements for Qubes OS are:

The creation of qubes (security domains) offers the means to create discrete, lean, secure application spaces by linking them to a complete root filesystem using shared templates.

Applications launched from their respective qubes are distinguished by a unique colored window border.

Opening an application for the first time in a given qube may incur a modest delay depending on system hardware.

Sharing files and clipboard paste buffers^[23] utilize a special mechanism, as qubes do not share a common clipboard or file system.

[22]

Users can create and manage as many qubes as desired to suit their specific requirements.

Users interact with Qubes OS in much the same manner that they interact with any standard graphical desktop operating systems with some key differences:

Qubes OS

Developer

Developer

OS family

Working state

Source model

Initial release

Latest release

Latest preview

Marketing target

Available in

Update method

Package manager

Platforms

Kernel type

Userland

Default
user interface

License

Official website

[18]

[21]

[22]

Hyperjacking

Whonix

Official website

Qubes OS