Qubes OS
Qubes OS is a reasonably secure operating system.[1]
There is some overlap with user-base when you have a security focused operating system and a opensource bios. This page aims to detail some specific issues one might face when using Qubes on the 15h platform.
Speculative execution mitigations
There are two Speculative execution vulnerabilities of intrest that is Inception and Retbleed the mitigations implemented in xen to patch these two vulnerabilities makes it impossible to run Qubes with a PCIe device attached to a qube[2]
Inception
Inception aka CVE-2023-20569 is a Speculative Return Stack Overflow vulnerability[3] Following xens XSA-434 advisory qubes published QSB 093[4] detailing the package versions containing the patches.
read more
https://xenbits.xen.org/xsa/advisory-434.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html https://comsec.ethz.ch/research/microarch/inception/ https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf https://github.com/comsec-group/inception https://raw.githubusercontent.com/QubesOS/qubes-secpack/refs/heads/main/QSBs/qsb-093-2023.txt
Retbleed
Retbleed aka CVE-2022-23816 is a Branch Type Confusion vulnerability[5] Following xens XSA-407 advisory qubes published QSB 083[6] detailing the package versions containing the patches.
read more
https://xenbits.xen.org/xsa/advisory-407.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1037.html https://comsec.ethz.ch/research/microarch/retbleed/ https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf https://github.com/comsec-group/retbleed https://raw.githubusercontent.com/QubesOS/qubes-secpack/refs/heads/master/QSBs/qsb-083-2022.txt
Workarounds
Fortunately there is workarounds that make the system usable without losing to much security and a limited performance impact. By setting the kernel paramter spec-ctrl[7] to spec-ctrl=ibpb-entry=no-pv as detailed under qubes issue 9150 will disable the mitigations for all pv qubes then all you would have to do is change the settings for any pcie dependent qube (ie sys-net and sys-usb) to be pv instead of hvm
performance impact
According to news media reporting mitigations hurt cpu performance by 14~39%[8].
Measurements conducted by 15h.org member Arha utilizing qubes 4.2.3 in combination with the Heads bios and 2x AMD Opteron 6282 SE's running on the Asus KGPE-D16 produced a performance impact of ~27% noting qubes os was still very usable.
- ↑ https://www.qubes-os.org/
- ↑ https://github.com/QubesOS/qubes-issues/issues/9150
- ↑ https://xenbits.xen.org/xsa/advisory-434.html
- ↑ https://raw.githubusercontent.com/QubesOS/qubes-secpack/refs/heads/main/QSBs/qsb-093-2023.txt
- ↑ https://xenbits.xen.org/xsa/advisory-407.html
- ↑ https://raw.githubusercontent.com/QubesOS/qubes-secpack/refs/heads/master/QSBs/qsb-083-2022.txt
- ↑ https://xenbits.xen.org/docs/unstable/misc/xen-command-line.html#spec-ctrl-x86
- ↑ https://www.phoronix.com/review/retbleed-benchmark