Qubes OS: Difference between revisions

From 15h.org
Jump to navigation Jump to search
Arha (talk | contribs)
No edit summary
Arha (talk | contribs)
No edit summary
Line 43: Line 43:
=== instructions ===
=== instructions ===
in dom0 run the following commands
in dom0 run the following commands
<code>
<code>
sudo echo 'GRUB_CMDLINE_XEN_DEFAULT="$GRUB_CMDLINE_XEN_DEFAULT spec-ctrl=ibpb-entry=no-pv" >> /etc/default/grub'
sudo echo 'GRUB_CMDLINE_XEN_DEFAULT="$GRUB_CMDLINE_XEN_DEFAULT spec-ctrl=ibpb-entry=no-pv" >> /etc/default/grub'

Revision as of 13:55, 4 March 2025

Qubes OS is a reasonably secure operating system.[1]

There is some overlap with user-base when you have a security focused operating system and a opensource bios. This page aims to detail some specific issues one might face when using Qubes on the 15h platform.

Speculative execution mitigations

There are two Speculative execution vulnerabilities of intrest that is Inception and Retbleed the mitigations implemented in xen to patch these two vulnerabilities makes it impossible to run Qubes with a PCIe device attached to a qube[2]

Inception

Inception aka CVE-2023-20569 is a Speculative Return Stack Overflow vulnerability[3] Following xens XSA-434 advisory qubes published QSB 093[4] detailing the package versions containing the patches.

read more

https://xenbits.xen.org/xsa/advisory-434.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html

https://comsec.ethz.ch/research/microarch/inception/

https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf

https://github.com/comsec-group/inception

https://raw.githubusercontent.com/QubesOS/qubes-secpack/refs/heads/main/QSBs/qsb-093-2023.txt

Retbleed

Retbleed aka CVE-2022-23816 is a Branch Type Confusion vulnerability[5] Following xens XSA-407 advisory qubes published QSB 083[6] detailing the package versions containing the patches.

read more

https://xenbits.xen.org/xsa/advisory-407.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1037.html

https://comsec.ethz.ch/research/microarch/retbleed/

https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf

https://github.com/comsec-group/retbleed

https://raw.githubusercontent.com/QubesOS/qubes-secpack/refs/heads/master/QSBs/qsb-083-2022.txt

Workarounds

Fortunately there is workarounds that make the system usable without losing to much security and a limited performance impact. By setting the kernel paramter spec-ctrl[7] to spec-ctrl=ibpb-entry=no-pv as detailed under qubes issue 9150 will disable the mitigations for all pv qubes then all you would have to do is change the settings for any pcie dependent qube (ie sys-net and sys-usb) to be pv instead of hvm

instructions

in dom0 run the following commands

sudo echo 'GRUB_CMDLINE_XEN_DEFAULT="$GRUB_CMDLINE_XEN_DEFAULT spec-ctrl=ibpb-entry=no-pv" >> /etc/default/grub'

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

qvm-prefs sys-net virt_mode pv

qvm-prefs sys-usb virt_mode pv

security impact

if an attacker gets code execution in sys-net or sys-usb it is theoretically possible to leak secrets from other vms so make sure you keep all pv qubes very secure!

performance impact

According to news media reporting mitigations hurt cpu performance by 14~39%[8].

Measurements conducted by 15h.org member Arha utilizing qubes 4.2.3 in combination with the Heads bios and 2x AMD Opteron 6282 SE's running on the Asus KGPE-D16 produced a performance impact of ~27% noting qubes os was still very usable.