Qubes OS, the security-focused operating system that Edward Snowden said in November he was “really excited” about, announced this week that laptop maker Purism will ship their privacy-focused Librem 13 notebook with Qubes pre-installed.
Built on a security-hardened version of the Xen hypervisor, Qubes protects users by allowing them to partition their digital lives into virtual machines. Rather than focus solely on security by correctness, or hide behind security by obscurity, Qubes implements security by isolation—the OS assumes that the device will eventually be breached, and compartmentalises all of its various subsystems to prevent an attacker from gaining full control of the device. Qubes supports Fedora and Debian Linux VMs, and Windows 7 VMs.
Enlarge / A screenshot of Qubes and KDE, with three documents in three different compartmentalised regions.
One of the biggest problems with Qubes is that hardware support can be tricky. In order to take full advantage of the OS’s many innovative security features, you’ll need a CPU that supports virtualisation technology, including both Intel VT-x (or AMD-v) and Intel VT-d (or IOMMU), plus a BIOS with TPM (for Anti-Evil Maid). Running a dozen VMs or more, as many Qubes users do, can be resource-intensive, so plenty of…