After almost two years of development, the release of the Qubes 4.2.0 operating system was presented, implementing the idea of using a hypervisor to strictly isolate applications and OS components (each class of applications and system services runs in separate virtual machines). For operation, we recommend a system with 16 GB of RAM (minimum 6 GB) and a 64-bit Intel or AMD CPU with support for VT-x with EPT/AMD-v with RVI and VT-d/AMD IOMMU technologies, preferably an Intel GPU (GPU NVIDIA and AMD are not well tested). The installation image size is 6 GB (x86_64).
Applications in Qubes are divided into classes depending on the importance of the data being processed and the tasks being solved. Each application class (e.g. work, entertainment, banking) as well as system services (network subsystem, firewall, storage, USB stack, etc.) run in separate virtual machines that run using the Xen hypervisor . At the same time, these applications are available within the same desktop and are distinguished for clarity by different colors of the window frame. Each environment has read access to the underlying root FS and local storage that does not overlap with the storages of other environments; a special service is used to organize application interaction.
The Fedora package base can be used as a basis for creating virtual environments and Debian, templates for Ubuntu, Gentoo and Arch LinuxIt is possible to organize access to applications in a virtual machine with Windows, as well as creation virtual machines Based on Whonix to provide anonymous access via Tor. The user interface is built on Xfce. When the user launches an application from the menu, it starts in a specific virtual machine. The content of the virtual environments is determined by a set of templates.
Major changes:
- The Dom0 base environment has been updated to the Fedora 37 package base (the template for virtual environments based on Fedora 37 was proposed in the last Qubes 4.1.2 update).
- Template for creating virtual environments based on Debian updated to branch Debian 12.
- The Xen hypervisor has been updated to branch 4.17 (previously Xen 4.14 was used).
- Templates for creating virtual environments based on Fedora and Debian switched to use the Xfce user environment instead of GNOME by default.
- The Fedora-based virtual environment template now supports the SE mandatory access control system.Linux.
- The implementation of the application menu has been completely rewritten, as well as graphical interfaces for configuration (Qubes Global Settings), creating new environments (Create New Qube) and updating virtual machine templates (Qubes Update).
- The location of the GRUB configuration file (grub.cfg) is unified for UEFI and classic BIOS.
- Added multimedia support Server PipeWire.
- The fwupd toolkit is used to update the firmware.
- Added an option to automatically clear the clipboard one minute after the last paste operation. To enable auto-wiping, use the command qvm-service —enable VMNAME gui-agent-clipboard-wipe
- To build official packages, the new Qubes Builder v2 assembly toolkit is used, which enhances the isolation of assembly processes.
- The configurator offers a separate section for managing GPG.
- Qrexec services use by default a new, more flexible format of Qrexec rules that define who can do what and where in Qubes. The new version of the rules features a significant increase in performance and a notification system that makes it easier to diagnose problems.
Source: opennet.ru
