Living Systems_

Installing Qubes OS

I just switched to Qubes OS as operating system on my main work laptop (a Dell Latitude). Or in fact, one of the reasons was to be able to combine work and private hobby coding projects, that’s increasinbly been happening on the same machine. Anyways, these are my experiences and notes, as a way to document caveats and quirks in case I need to do this again, while possibly also being of use for others.

What is Qubes OS?

Qubes OS is an operating system that tries to provide “reasonable security” to users by means of compartmenalization. By using virtualization technologies, it makes it easy to create multiple virtual machines that co-exist on the same computer. Now, couldn’t you just use multiple VirtualBoxes, you might ask? Well, Qubes makes the whole process a lot more smooth and integrated than that. For example:

If you are still not convinced, you might be when you learn that Qubes is recommeded by Edward Snowden :)

Preliminaries

The first thing I did was to try and install Qubes in a virtual machine in Virtual Box. It did warn a lot about various hardware drivers though:

The message as text: Unsupported Hardware Detected - This hardware
lacks features required by Qubes OS: Missing features: HVM/VT-x/AMD-V,
IOMMU/VT-d/AMD-Vi, HAP/SLAT/EPT/RVI, Interrupt Remapping. Without these
features, Qubes OS will not function normally. It is recommended that
only developers and power users proceed with the installation. Fore more
information on supported hardware, please refer to
<a href="https://www.qubes-os.org/doc/system-requirements/" target="_blank" rel="noopener">https://www.qubes-os.org/doc/system-requirements/</a>

Thus, trying out Qubes fully in VirtualBox didn’t seem like an option. Based on this info, you should also probably go though your BIOS settings and make sure that these settings are turned on if you plan on installing it “on metal”. In particular VT-x use to be possible to turn on/off in BIOS I think.

I still managed to install the base system in virtualbox though, but I reckon the actual boxes, or “qubes” would not work that well:

Creating an installable media

Anyways, on to the installation on metal. I first tried creating a USB stick with the Qubes OS .iso file using the popular UNetBootin software in Ubuntu, but that did not work. There was a warning about that during the installation. Thus, you need to instead use the dd tool to copy the image to the USB stick. BE WARNED though that this will completely erase all other data on the USB stick, so make sure to move away any data you might have there first!

The command is something like:

dd bs=4M if=/path/to/qubesos.iso of=/dev/sdb

WARNING: Check first that sdb is actually your usb drive! This can be done using a software such as gparted.

“No bootable device found”

After booting up the computer and installing Qubes OS through the graphical installer, with most settings set to default (a pretty easy and painless process), when restarting the computer, I got the message:

No bootable device found.

Not so fun. On the other hand, it turned out to be pretty easily fixed, by booting up the computer with a Live Ubuntu USB stick, and fixing the file paths in the UEFI partition according to this advice in the Qubes Docs . Copying the instructions here for backup:

Some firmware will not recognize the default Qubes EFI configuration. As such, it will have to be manually edited to be bootable. This will need to be done after every kernel and Xen update to ensure you use the most recently installed versions.

  1. Copy the /boot/efi/EFI/qubes/ directory to /boot/efi/EFI/BOOT/ (the contents of /boot/efi/EFI/BOOT should be identical to /boot/efi/EFI/qubes besides what is described in steps 2 and 3):

    cp -r /boot/efi/EFI/qubes/. /boot/efi/EFI/BOOT
    
  2. Rename /boot/efi/EFI/BOOT/xen.cfg to /boot/efi/EFI/BOOT/BOOTX64.cfg:

    mv /boot/efi/EFI/BOOT/xen.cfg /boot/efi/EFI/BOOT/BOOTX64.cfg
    
  3. Copy /boot/efi/EFI/qubes/xen-*.efi to /boot/efi/EFI/qubes/xen.efi and /boot/efi/EFI/BOOT/BOOTX64.efi. For example, with Xen 4.8.3 (you may need to confirm file overwrite):

    cp /boot/efi/EFI/qubes/xen-4.8.3.efi /boot/efi/EFI/qubes/xen.efi
    cp /boot/efi/EFI/qubes/xen-4.8.3.efi /boot/efi/EFI/BOOT/BOOTX64.efi
    

It works!

Some caveats

After doing this and rebooting, it just works! What followed is just the normal setting up of things in Qubes OS. There were some things I learned that were not obvious from the start, and which can be useful to know though:

Apart from these caveats though, everything works surprisingly well! The whole concept and implementation is very very impressive!

Screenshot showing QubesOS installed

Further reading