awesome-qubes-os

A curated list of awesome qubes os links
https://github.com/xn0px90/awesome-qubes-os

Last synced: 3 days ago
JSON representation

Templates
- Xfce templates - If you would like to use Xfce (more lightweight compared to GNOME desktop environment) Linux distribution in your Qubes, you can install one of the available Xfce templates for Fedora, CentOS or Gentoo.
- Qvm-Create-Windows-Qube - Qvm-Create-Windows-Qube is a tool for quickly and conveniently installing fresh new Windows qubes with Qubes Windows Tools (QWT) drivers automatically.
- Shadow qube - The below script will create a Qube, launch the Tor browser, wait for the browser to close, then remove the qube and its RAM pool.
- Pentesting: BlackArch - BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers.
- Pentesting: Kali - How to create a Kali Linux VM.
- Template manager - A template manager application.
- USB Qubes - A USB qube acts as a secure handler for potentially malicious USB devices, preventing them from coming into contact with dom0 (which could otherwise be fatal to the security of the whole system). I
- Pentesting: PTF - "The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing.
- Template: Windows - Simple Windows install
- Windows Qubes - Like any other unmodified OSes, Windows can be installed in Qubes as an HVM domain.
- Tails OS - Tails stands for The Amnesic Incognito Live System. It is a live operating system that aims to preserve your privacy and anonymit.
- Templates - In Getting Started, we covered the distinction in Qubes OS between where you install your software and where you run your software.
- Template implementation - Describes template implementation.
- archlinux-minimal template - This is a community guide, not an official guide.
- audio-qubes - An audio qube acts as a secure handler for potentially malicious audio devices, preventing them from coming into contact with dom0
- Debian templates - The Debian template is an officially supported template in Qubes OS.
- Auto Minimal Debian Template Creation - This page summarizes how to automate debian-minimal based template creation.
- Fedora templates - The Fedora template is the default template in Qubes OS.
- NetBSD templates - Createa NetBSD template
- Linux HVMs - Fixing Linux distro HVMs
- Minimal templates - The minimal templates are lightweight versions of their standard template counterparts.
- Multimedia template - Configuring a “Multimedia” TemplateVM
- Prestium OS - Prestium OS is a Tails OS-like live linux distro.
- Fedora template in-place upgrade - How to upgrade a Fedora template in-place.
- Building a TemplateVM for a new OS - If you don’t like using one of the existing templates because of specific administration, package management or other building needs, you can build a TemplateVM for your distribution of choice.
- Manually Verifying Hashes of Installed Files - This guide explains how to manually verifying hashes of installed files.
- Ubuntu 2024.4 minimal - Ubuntu 24.04.1 (Noble Numbat) ReleasesUbuntu is an open-source software platform that runs everywhere from the PC to the server and the cloud.
- Android VM options - There are multiple “android on PC” type distributions that one could try in a VM. Here are the 3!
- Waydroid template - This guide is for setting up minimal Waydroid template.
- GuixOS HVM - Install Guix OS in a standalone HVM
- Zoom Disp VM - Running Zoom in a DispVM.
- PrestiumOS HVM - Prestium OS is a Tails OS-like live linux distro.
- PiHole Cloudflared - PiHole Cloudflared in QubesOS with NextDNS (DNS over Https).
VM-Hardening
- Anonymizing your MAC Address - Although the MAC address is not the only metadata broadcast by network hardware, changing your hardware's default MAC Address could be an important step in protecting privacy.
- Qcrypt - qcrypt is a multilayer encryption tool for Qubes OS.
- Qubes-VM-hardening - Leverage Qubes template non-persistence to fend off malware at VM startup: Lock-down, quarantine and check contents of /rw private storage that affect the execution environment.
- Split dm-crypt - Instead of directly attaching an encrypted LUKS1 partition from a source VM such as sys-usb to a destination VM and decrypting it there.
- Anti Evil Maid (AEM) - A user who frequently travels with a Qubes laptop holding sensitive data may be at a much higher risk of Evil Maid attacks than a home user with a stationary Qubes desktop.
- Data leaks - Firewalling in Qubes is not intended to be a leak-prevention mechanism.
- Device handling security - Any additional ability a VM gains is additional attack surface.
- Dom0 secure updates - Updating dom0
- Firewall - Every Qube in Qubes is connected to the network via a FirewallVM, which is used to enforce network-level policies.
- nft Firewall - This is an example for a TCP redirection, for UDP you would have to replace tcp by udp.
- Passwordless root access in Qubes - In Qubes VMs there is no point in isolating the root account from the user account.
- Reducing the fingerprint of the text-based web browser w3m - You can reduce the amount of information w3m gives about itself and the environment it is running in (and, by extension, you).
- Running Tails in Qubes - Tails stands for The Amnesic Incognito Live System.
- Signal - It uses end-to-end encryption to secure all communications.
- Split SSH - Split SSH implements a concept similar to having a smart card with your private SSH keys, except that the role of the “smart card” is played by another Qubes AppVM.
- U2F proxy - The Qubes U2F Proxy is a secure proxy intended to make use of U2F two-factor authentication devices with web browsers without exposing the browser to the full USB stack, not unlike the USB keyboard and mouse proxies implemented in Qubes.
- Using Multi-Factor Authentication with Qubes - This page concerns multi-factor authentication for logging into external services, not for logging into Qubes itself.
- Using OnlyKey with Qubes OS - The following setup instructions walk through the process of configuring dom0 and a USB qube so that OnlyKey will function as a keyboard and be able to communicate with the OnlyKey app (required for TOTP).
- Qrexec: secure communication across domains - The qrexec framework is used by core Qubes components to implement communication between domains.
- Qrexec: Qubes RPC internals - The qrexec framework consists of a number of processes communicating with each other using a common IPC protocol, described in detail below.
- Qrexec: socket-based services - The qrexec allows implementing services not only as executable files, but also as Unix sockets.
- Qubes memory manager (qmemman) - Provides automatic balancing of memory across participating PV and HVM domains, based on their memory demand
- YubiKey - Most use cases for the YubiKey can be achieved exactly as described by the manufacturer or other instructions found online.
- Qubes Shutdown Idle Script - This is a simple script that watches the current qube for idleness and, if it's idle for more than 15 minutes (timeout time is defined in qubesidle.idleness_monitor), shuts it down.
- qubes-ssh-agent - This is an alternative approach to the existing qubes split-ssh.
- SaltStack (management software)
- Split SSH - Split SSH implements a concept similar to having a smart card with your private SSH keys, except that the role of the “smart card” is played by another Qubes AppVM.
- Kicksecure - The following list of actionable items can help to improve security on the Qubes platform, and by extension Kicksecure ™ for Qubes users.
- Split GPG - Split GPG implements a concept similar to having a smart card with your private GPG keys, except that the role of the “smart card” is played by another Qubes app Qube.
- TUFF - We can think of a software update system as “secure” if:
- Easily NAT qubes port to external network - A script to ease the work of doing a NAT to expose a qube port to the physical network interface.
- Kicksecure for DISP-sys* - How to create disposable sys-usb, sys-net, sys-firewall off a debian-11 minimal template with Kicksecure and other hardening features for DISP-sys*.
- Install Qubes OS with boot partition and a detached LUKS header on USB - The encrypted disk will look like an unused/empty unpartitioned disk.
- Custom preferences for Brave browser in disposable qube - The initial_preferences json file can be used to configure the preferences that will be used by default in newly created profiles.
- Hardening sys-net - This guide works no matter whether or not you chose disposable sys-net or not. no nonsense guide, Lets get in!
- Nix in a Qubes OS AppVM - How to install Nix in an AppVm.
- No file indexing - Disable file indexing in disposable qubes
Qubes OS Websites
- Qubes OS GitHub Documentation - Qubes OS GitHub latest documentation.
- Qubes OS Development Documentation - Qubes OS development documentation.
- Qubes OS Documentation - Qubes OS main documentation.
- Qubes OS News - Latest Qubes OS News.
- Qubes OS Developer Books - A list of various books that might be useful in learning some basics needed for Qubes development.
Downloading, Installing, Upgrading, and Building
- Building - This is the second generation of the Qubes OS builder.
- Installing - Qubes OS installation guide!
- Upgrading - These guides are for upgrading from one version of Qubes to another.
- Qubes OS 4.2.3 - Qubes OS 4.2.3 download.
- Qubes OS 4.3 Weekly Alpha Builds - Qubes OS 4.3 Weekly Alpha Build download.
How-to guides
- How to persist Tailscale tunnel in QubesOS - Tailscale is a mesh private network that lets you easily manage access to private resources or quickly SSH into devices on your network.
- How to use Qubes for journalists and Humans Rights Defenders - A suite of tools for improving and streamlining the use of Qubes OS for reporters, edtiors, lawyers and aid workers. Work in progress.
- How to Implement TPM Boot Verification - Verify and validate boot process using PCR without Heads or AEM on systems using TPM 2.0
- How to resize dom0 - Just in case anyone needs help with this to resize dom0 from 20G to 50G.
- How to copy and move files - This page is about copying and moving files.
- How to copy and paste text - This page is about copying and pasting plain text.
- How to copy from dom0 - This page covers copying files and clipboard text between dom0 and domUs.
- How to install software - When you wish to install software in Qubes OS, you should generally install it in a template.
- How to update - This page is about updating your system while staying on the same supported version of Qubes OS.
- How to use USB devices - Attaching USB devices to VMs requires a USB Qube.
- How to use block storage devices - This page is part of device handling in Qubes.
- How to use devices - This is an overview of device handling in Qubes OS.
- How to use disposables - A disposable is a lightweight Qube that can be created quickly and will self-destruct when closed.
- Automated Arkenfox Qubes browser install - Arkenfox config install for journalists
- How to open Urls in other qube - This page is about opening URLs and files from one qube in a different qube.
- PAM distress login for xscreensaver - A simple setup for sending a distress email if forced to login to desktop beyond LUKS passwords.
- How to use optical discs - Passthrough reading and recording (a.k.a., “burning”) are not supported by Qubes OS.
- How to back up, restore, and migrate - With Qubes, it’s easy and secure to back up and restore your whole system, as well as to migrate between two physical machines.
- How to enter fullscreen mode - Normally, the Qubes GUI virtualization daemon restricts the VM from “owning” the full screen.
- Inter-qube file copying (qfilecopy) - File copying with qfilecopy.
- Qubes Salt Beginner’s Guide - How to guide for beginners who enjoy an hands-on introduction with examples.
- Reverse Tethering & Screen Mirroring Qube for Android Device - Control your Android Device from Qubes OS while providing Network to the Android Device.
- How to migrate qubes to a new computer - How to efficiently migrate qubes to a new computer with a direct network connection
- USB MFP printer/scanner - How to get a USB MFP printer/scanner working in R4.2
- How to use Qubes for journalists and Humans Rights Defenders - A suite of tools for improving and streamlining the use of Qubes OS for reporters, edtiors, lawyers and aid workers. Work in progress.
Customization
- Qubes-GUI-Rust - Rust libraries for the Qubes OS GUI Protocol
- Suckless dwm - How to install dwm in Qubes OS.
- QubesOS Autostart Menu - Speed up system boot process with a custom launch script
- Qubes-Scripts - Collection of custom scripts for Qubes OS.
- sys-VPN notification setup - Get VPN stats as a desktop notification
- Wayland agent - This is a GUI agent for Qubes OS that supports the [Wayland] display server protocol. Compared to X11, Wayland is vastly simpler and aims to ensure every frame is perfect.
- AwesomeWM (window manager) - This is an rpm package for awesomewm with the patches for Qubes.
- Brightness-Ajustment - Easy brightness adjustment
- Bash completion - How to install bash completion for Qubes OS commands.
- Custom icons - Place the custom folder icons ~/.local/share/icons is a persistent place to place the custom folder icons and so is /usr/share/icons.
- i3 (window manager) - i3 is part of the stable repository (as of Qubes R3.1) and can be installed by using the dom0 update mechanism.
- KDE (desktop environment) - KDE was the default desktop environment in Qubes
- PLayback performance - This guide will show you how to install the mpv player and use it with maximum performance.
- Custom App entries for the Q Menu - App menu shortcut troubleshooting.
- xfce dark mode - Xfce global dark mode in Qubes
- DPI scaling - Qubes OS passes on dom0’s screen resolution to VMs (this can be seen in the output of xrandr) but doesn’t pass on dom0’s dpi value.
- Rxvt Terminal - rxvt-unicode is an advanced and efficient vt102 emulator.
- CPU monitor per VMs - Individual VM monitoring.
- Sys-gui Customization - Minimal Fedora and Alternate Desktop Environments / Window Managers (DE/WMs)
- Tiling XFCE - Titled windows in XFCE with shortcut keys.
- Dark Theme - The following text describes how to change the default light theme to a dark theme.
- QubesOS Autostart Menu - Speed up system boot process with a custom launch script
Troubleshooting
- Analyze Qubes OS VM - Analyze Qubes OS VM startup performance.
- Url redirector - This is a browser extension, aimed to improve surfing security.
- Traffic Analysis in Qubes OS - You can place a ProxyVM between your AppVMs and Your NetVM. This way we can create an ideal topology for traffic analysis.
- Changing your Time Zone - Change the system’s time zone in terminal you can issue the timedatectl command with the option set-timezone.
- Mounting a qube’s private storage in another qube - Useful for data recovery.
- Url redirector - This is a browser extension, aimed to improve surfing security.
Clearnet & Anonymous Networking
- OpenVPN
  - Qubes-Tunnel - Manage, run, protect VPN connections in Proxy VMs.
  - How To make a VPN Gateway in Qubes - Qubes includes a number of tools that can make the client-side setup of your VPN more versatile and secure.
  - Mullvad VPN (Dedian 12 + OVPN) - Privacy-first VPN provider's guide for Qubes OS.
  - Fedora 40 Minimal(OpenVPN) - Qubes 4.2 - Six Easy Steps!
  - How To make a VPN Gateway in Qubes - Qubes includes a number of tools that can make the client-side setup of your VPN more versatile and secure.
- Anonymity
  - ipfs - A peer-to-peer hypermedia protocol to make the web faster, safer, and more open.
  - i2p-Whonix - Temporary way to run i2p on Qubes-Whonix.
  - Whonix - Qubes-Whonix ™ is the seamless combination of Qubes OS and Whonix™ for advanced security and anonymity.
  - How to bypass the GFW on Qubes OS when you’re in China - The purpose of this article is to provide several feasible ways to bypass the GFW for you to choose.
  - Really disposable ram based qubes - You can use your QubesOS 𝚜𝚝𝚊𝚝𝚎𝚕𝚎𝚜𝚜 just like TailsOS, with persistent storage for VMs. That is pretty simple! It takes 6Gb of extra 𝚁𝙰𝙼 (for store root filesystem files).
  - LocalSend - Free, open-source app that allows you to securely share files and messages with nearby devices over your local network without needing an internet connection. Basically, a platform neutral “airdrop”.
  - Tailscale Setup - How to create template and install Tailscale.
  - Lokinet - Lokinet is the reference implementation of LLARP (low latency anonymous routing protocol), a layer 3 onion routing protocol.
- Crypto
  - Awesome-DeSci - A curated list of awesome Decentralized Science (DeSci) resources, projects, articles and more.
  - Split Bitcoin Wallet - A "split" bitcoin wallet is a strategy of protecting your bitcoin by having your wallet split into an offline "cold storage" wallet and an online "watching only" wallet.
  - Split Monero Wallet - With Qubes + Whonix you can have a Monero wallet that is without networking and running on a virtually isolated system from the Monero daemon which has all of its traffic forced over Tor.
  - Ultimate Guide on Using Trezor on Qubes - his guide explains how to use Trezor cryptocurrency hardware wallets on Qubes OS.
- Tor
  - Qubes OS Onion - Qubes OS onion address on the Tor network.
  - QubesOS to be remotely manageable thru tor - QubesOS to be remotely manageable from on-demand, ephemeral, hidden onion service to dom0/AdminVM.
  - Qubes-Whonix development notes - Whonix development notes.
  - Tips on Remaining Anonymous - The wiki page provides guidelines and good habits for online privacy and security, with a focus on distinguishing between anonymity and pseudonymity.
  - Snowflake Proxy in QubesOS - A Qubes-Whonix-17 Tor Control Panel snowflake proxy fix/installation guide.
  - Qubes Tor onion services - Qubes OS Tor .onion links
  - Onionizing Repositories - The guide explains how to configure experimental Tor onion services for APT repositories.
- DNS
  - dnscrypt-proxy - Run dnscrypt-proxy inside of sys-net to encrypt and secure dns-requests.
- Wireguard
  - Mullvad VPN (Fedora38 + WG) - Privacy-first VPN provider's guide for Qubes OS. This guide bears an optimal method for setting up a WG ProxyVM (i.e `sys-vpn`); you may substitute out Mullvad's WG configuration files in place of your own.
  - Wireguard setup - This guide assumes you are using a VPN service that has wireguard support.
- VLESS
  - VLESS obfuscation VPN - The protocol mimics a long-running https session of Chrome and is hard to detect by DPI systems.
Kernels
- Microkernels
  - Qubes-linux-kernel - Qubes package for Linux kernel.
  - OpenXT - OpenXT is an open-source development toolkit for hardware-assisted security research and appliance integration.
  - seL4 - seL4 is a high-assurance, high-performance operating system microkernel.
  - makatea - Qubes OS like operating system but with seL4.
  - makatea - Qubes OS like operating system but with seL4.
- Unikernels
  - Awesome-Unikernels - Secure, lightweight and high performance approach to application delivery.
  - Qubes-Mirage-Firewall - A unikernel that can run as a Qubes OS ProxyVM, replacing sys-firewall.
  - ClickOS - Efficient network function virtualization platform, optimized for Xen and developed by NEC.
  - Mini-OS - Reference kernel distributed with Xen.
  - HaLVM - Port of Glasgow Haskell compiler producing Xen optimized unikernels.
  - Clive - Research project from Rey Juan Carlos University (Madrid), developed in Go.
  - Unikraft - Unikraft powers the next-generation of cloud native applications by enabling you to radically customize and build custom OS/kernels, unlocking best-in-class performance, security primitives and efficiency savings.
  - Unik - A platform for automating unikernel & MicroVM compilation and deployment.
- Unikernel-like
  - Graphene - Library OS optimized for Intel SGX.
  - Drawbridge - Research prototype platform from Microsoft.
- Crypto
  - Rump - Rump kernels enable you to build the software stack you need without forcing you to reinvent the wheels.
Exploitation Tools
- Unikernel-like
  - AFL++ - AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.
  - Bonzai - It's like a modular, multicall BusyBox builder for Go with built in completion and embedded documentation support.
  - Joern - Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis.
  - Hyperdbg - HyperDbg Debugger is an open-source, community-driven, hypervisor-assisted, user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing, and reversing.
  - LeechCore - The LeechCore Memory Acquisition Library focuses on Physical Memory Acquisition using various hardware and software based methods.
  - LeechCore-Plugins - This repository contains various plugins for LeechCore - Physical Memory Acquisition Library.
  - Memflow - memflow is a library that enables introspection of various machines (hardware, virtual machines, memory dumps) in a generic fashion.
  - Coredump - Access Microsoft Windows Coredump files.
  - Kvm - KVM memflow connector.
  - Pcileech - Access pcileech interface.
  - Qemu_procfs - Access QEMU Physical memory.
  - MemProcFS - MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.
  - MemProcFS-Plugins - This repository contains various non-core plugins for MemProcFS - The Memory Process File System.
  - Microlibvmi - A cross-platform unified Virtual Machine Introspection API library.
  - Radare2 - Libre Reversing Framework for Unix Geeks.
  - Volatility3 - Volatility is the world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples.
  - Awesome-Fuzzing - A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.
  - CodeQL - Discover vulnerabilities across a codebase with CodeQL.
  - Libvmi - LibVMI is a C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.
  - Lldb - LLDB is a next generation, high-performance debugger.
  - Capstone - Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
  - Unicorn - Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework.
  - sys-mitm - A man-in-the-middle Qube for your traffic analysis needs.
- Web articles
  - Xen exploitation part 1: XSA-105 - From nobody to root
  - Xen exploitation part 2: XSA-148 - From guest to host
  - Glitches in the Matrix - Escape via NMI
- Xen Exploitation
  - Advanced Exploitation - Xen Hypervisor VM Escape
  - Blackhat 2010 - Hacking the Hypervisor
  - Blackhat 2014 - [[Website Slides]](https://www.blackhat.com/docs/eu-14/materials/eu-14-Wojtczuk-Lessons-Learned-From-Eight-Years-Of-Breaking-Hypervisors.pdf) - Lessons Learned from Eight Years of Breaking Hypervisors
  - Blackhat 2015 - [[PDF Slides]](http://c7zero.info/stuff/AttackingHypervisorsViaFirmware_bhusa15_dc23.pdf) - Attacking Hypervisors Using Firmware And Hardware
  - Ouroboros - Tearing Xen Hypervisor With the Snake
  - Software Attacks on Hypervisor Emulation of Hardware - [[PDF Slides]](https://www.troopers.de/downloads/troopers17/TR17_Attacking_hypervisor_through_hardwear_emulation.pdf)
  - The Arms Race Over Virtualization - [[PDF Slides]](https://www.blackhat.com/docs/us-16/materials/us-16-Luan-Ouroboros-Tearing-Xen-Hypervisor-With-The-Snake.pdf)
  - XenPwn - [[PDF Slide]](https://www.blackhat.com/docs/us-16/materials/us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices-wp.pdf) - Breaking Paravirtualized Devices
  - Hypervisor Vulnerability Research [PDF - State of the Art
Optics and Extra Info
- Extra Info
  - Hipervisor From Scratch - Source code of a multiple series of tutorials about the hypervisor.
  - GPU Virtual Machine (GVM) - An OpenMdev Project (Qubes OS Summit 2022)
  - Backups in Qubes - Learn how and why to back up your data on Qubes OS.
  - 3mdeb - We’re hands-on firmware experts with years of experience writing elegant, scalable and custom code for clients.
  - Micah Lee presents - “Qubes OS: The Operating System That Can Protect You Even If You Get Hacked”
  - Explaining Computers presents - “Qubes OS: Security Oriented Operating System”
- Qubes OS Summit - 3mdeb Summit videos
  - Qubes OS Summit 2023 - Day 2
  - Qubes OS summit 2022 - Day 1
  - Qubes OS-3mdeb mini-summit 2021 - Day 1
  - Qubes OS-3mdeb mini-summit 2021 - Day 2
  - Qubes OS Summit 2024 - Day 1
  - Qubes OS Summit 2024 - Day 2
  - Qubes OS Summit 2023 - Day 1
  - Qubes OS summit 2022 - Day 2
- UX - User Experience
  - UX Bessie - Qubes OS AppMenu Design Direction. Part of 2020/21 MOSS funded UX work.
  - UX Jackie - Qubes OS AppMenu Design Direction. Part of 2020/21 MOSS funded UX work.
- Xen project summit 2024
Qubes OS Server
- Unikernel-like
  - Qubes-network-server - Turn your Qubes OS into a networking server.
  - VNC - SystemD services for creating VNC server session in dom0 or any qube.
  - Admin API - The goals of the Admin API system is to provide a way for the user to manage the domains without direct access to dom0.
  - Qubes core admin - Qubes core-admin’s documentation!
  - Qubes core stack - Introducing the Next Generation Qubes Core Stack.
  - Port forwarding - Qubes-os port forwarding to allow external connections
  - Offcial Salt Documentation - Salt is an event-driven automation tool and framework to deploy, configure, and manage complex IT systems.
  - Official Salt User Guide - Salt user guide
  - Ansible - Automation with Ansible.
  - Qubes Admin Policies/API - The qubes admin policies are core to modern qubes.
  - Qubes core admin client - Qubes core admin client’s documentation!
  - qubes-mgmt-salt-dom0-qvm - Salt can manage many Qubes settings via the qvm state module.
  - Configuration Management - A collection of guides about creating Salt formulas in Qubes OS and distributing them as RPM packages to take advantage of the secure updates mechanism for dom0.
  - qusal - Salt Formulas for Qubes OS.
  - SSH or VNC into Qubes dom0 - tutorial on how to SSH or VNC in to dom0
  - qubes-remote-support-receiver dom0 scripts - Scripts to configure dom0 to allow remote connections.
  - Web VNC - Running Qubes in the Browser
  - borg-offsite-backup - help back up Qubes VMs and ZFS file systems.
  - Software RAID (mdadm) Qubes Installation Procedure - CLI & Software Raid installation procedure.
  - Colored! network information - Colorful network information with iptables & ip.
  - Visualize Qubes Configuration Without Trust - Visualize Qubes Configuration with the Qubes Admin API.
  - Multi-user Qubes: Using sys-gui to make non-adminstrative user logins - Here we try to create restricted sys-guis, where they only need to see the parts that pertain to them. Basically a administrative gui login (dom0), and a restricted user sys-gui login.
  - Opensnitch Nodes - A node is a daemon running on a machine. You can install the daemon on multiple machines, and manage them from the server
  - Qubes sync git repositories with dom0 - This solution is intended have git repos easily in sync with dom0.
  - qvm-firewall - Manage VM outbound firewall.
  - Qubes Admin python modules - Python Module Index
  - Qubes network dom0 display - a simple script to run in dom0 (easy to audit) that will output a hierarchy tree of netvm and their qubes.
Qubes OS Legends
- Web articles
  - ClaraCrazy - Qubes OS Discord server owner & Just amazing!.
  - Unman Install Scripts - Unman install scripts
  - Subverting the Xen Hypervisor [PDF - Xen 0wning Trilogy
  - Blog - Personal Blog.
  - Joanna Rutkowska - Founder of Qubes OS.
  - Preventing and Detecting Xen Hypervisor Subversions [PDF - Xen 0wning Trilogy
  - Bluepilling the Xen Hypervisor [PDF - Xen 0wning Trilogy Part Three
  - Marek Marczykowski-Górecki - Lead developer at Qubes OS.
  - Ninavizz - Qubes OS UX Designer.
  - Unman - Qubes OS contributor.
  - Templates - Unman custom templates.
  - Core Team - Qubes OS core team.
Training and Materials
- Web articles
  - Training-materials - A Collection of training materials for Qubes OS.
- Extra Info
  - Qubes-diagrams - Qubes OS architecture diagrams.
  - Qubes-artwork - This repository contains various artworks for Qubes OS.
  - The Book of Secret Knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools, and more.
  - Anonymous Planet Onion - For those who wish to read over the anonymous Tor network.
  - Privacy-Security-Anonymity Matrix Space - The place to be for all topics regarding privacy, anonymity and other subjects. Rooms are click-to-join.
  - The Guardian's Deep Dive into Qubes OS: a Secure Solution for Whistleblowing and Journalism - The Guardian's engineering team recently shared their experience with Qubes OS, a security-focused desktop operating system.
  - pwn.college - pwn.college is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion.
  - Free e-book Foundation - Free ebooks to help your journey!
  - Qubes for Journalists - Existing guides and infrastructure for journalists insufficiently prepares them for digitally interacting with sources, working on sensitive stories while protecting sensitive materials offline and online, and traveling cross borders with personal and professional data.
  - Qubes OS for Anarchists - Qubes OS for Anarchists | Guide & Best Practices
Adventure Further
- Web articles
  - Adventure Here! - All the awesome lists.
  - ![
System Information & Requirements
- How to make any file persistent (bind-dirs) - With bind-dirs any arbitrary files or folders can be made persistent in app qubes.
- How to mount a Qubes partition from another OS - When a Qubes OS install is unbootable or booting it is otherwise undesirable, this process allows for the recovery of files stored within the system.
- Installing contributed packages - This page is for users who wish to install contributed packages.
- Managing qube kernels - By default, VMs kernels are provided by dom0.
- Qubes service - Usage documentation is in the qvm-service man page.
- RPC policies - This document explains the basics of RPC policies in Qubes.
- Resize disk image - By default Qubes uses thin volumes for the disk images.
- Standalones and HVMs - A standalone is a type of qube that is created by cloning a template. Unlike templates, however, standalones do not supply their root filesystems to other qubes.
- Architecture - Qubes implements a security-by-compartmentalization approach.
- Audio virtualization - VMs on Qubes OS have access to virtualized audio through the PulseAudio module.
- Certified Hardware - We aim for these vendors to be as diverse as possible in terms of geography, cost, and availability.
- Community-recommended hardware - Community-recommended computers.
- Security-critical code - A list of security-critical (i.e., trusted) code components in Qubes OS.
- Storage pools - Qubes OS implements a security-by-isolation (or security-by-compartmentalization) approach by providing the ability to easily create many security domains.
- Secondary storage - hese steps assume you have already created a separate volume group and thin pool (not thin volume) for your HDD.
- Networking - In Qubes, the standard Xen networking is used, based on backend driver in the driver domain and frontend drivers in VMs.
- Config files - These files are placed in /rw, which survives a VM restart. That way, they can be used to customize a single VM instead of all VMs based on the same template. The scripts here all run as root.
- Disposable customization - A disposable can be based on any app qube.
- How to install software in dom0 - How to install a specific package
- Hardware compatibility list (HCL) - The HCL is a compilation of reports generated and submitted by users across various Qubes versions about their hardware’s compatibility with Qubes.
- Volume backup and revert - With Qubes, it is possible to revert one of a VM’s storage volumes to a previous state using the automatic snapshot that is normally saved every time a VM is shutdown.
- System Requirements - User documentation / Choyhe attacker doesn’t have access to all the software running in the other domains.
GPU
- GUI-troubleshooting - Learn to troubleshoot your GUI configuration.
- GUI-virtualization - All AppVM X applications connect to local (running in AppVM) Xorg servers.
- Install-nvidia-driver - Nvidia proprietary driver installation.
- Nvidia-troubleshooting - Nvidia Troubleshooting Guide
- Gaming-HVM - HVM for gaming!
- GUI-configuration - Adjust your GUI configuration to meet your display needs.
- GUI-domain - On this page, we describe how to set up a GUI domain.
- How-to-use-pci-devices - This page is part of device handling in qubes.
- Gaming HVM - HVM for gaming!
- Salt: automating NVIDIA GPU passthrough - This “guide” aims to explore and give a practical example of leveraging SaltStack to achieve the same goal as NVIDIA GPU passthrough into Linux HVMs for CUDA applications.
- Qubes SaltStack configuration of Videos Playback VM - An mpv salt start step-by-step easy guide.
- Improve video playback performance including YouTube (ytfzf) - This guide will show you how to install the mpv player and use it with maximum performance.
- GPU passthrough with lots of RAM - GPU passthru with max RAM
Streamers
- Web articles
  - Infosecstreams - An actively maintained activity-based-autosorted list of InfoSec Streamers
  - xn0px90 - First Full Time Info-Sec Qubes-OS Streamer!
Companies using Qubes OS
- Extra Info
  - Qubes Partners - The Qubes Project relies greatly on the generous support of the organizations, companies, and individuals who have become Qubes Partners.
Social media
- Extra Info
  - ClubHouse - Qubes OS Clubhouse Room
- Web articles
  - Discord - Qubes OS discord invite link
  - Facebook - Qubes OS facebook page
  - Forum - Qubes OS Discorse Forum
  - LinkedIn - Qubes OS linkedin account
  - Mastodon - Qubes OS Mastodon channel
  - Reddit Qubes OS - General Qubes OS Reddit room.
  - Reddit hacking_qubes_os - Reddit room dedicated to hacking Qubes OS
  - Reddit hack_with_qubes_os - Reddit room dedicated to hacking with Qubes OS
  - Twitter - Qubes OS Twitter account
  - Matrix:Qubes OS - General Qubes OS matrix room
  - Dread - Dark Net QubesOS .onion forum
Releases
- Web articles
  - Release notes - Developer documentation Notes
  - Release schedules - Developer Release Schedules
  - Supported releases - This page details the level and period of support for releases of operating systems in the Qubes ecosystem.
  - Testing new releases and updates - Testing new Qubes OS releases and updates is one of the most helpful ways in which you can contribute to the Qubes OS Project.
Contributing
- Web articles
  - here
ML, LLM & AI
- Running local LLMs with or without GPU acceleration - This guide explains how to install text-generation-webui (oobabooga) on Qubes OS.
A curated list of Awesome Qubes OS links
- Awesome Manifesto

Programming Languages

Shell 13 C 11 Python 8 Rust 6 Makefile 3 Go 2 Scala 1 OCaml 1 JavaScript 1

awesome-qubes-os

Templates

VM-Hardening

Qubes OS Websites

Downloading, Installing, Upgrading, and Building

How-to guides

Customization

Troubleshooting

Clearnet & Anonymous Networking

OpenVPN

Anonymity

Crypto

Tor

DNS

Wireguard

VLESS

Kernels

Microkernels

Unikernels

Unikernel-like

Crypto

Exploitation Tools

Unikernel-like

Web articles

Xen Exploitation

Optics and Extra Info

Extra Info

Qubes OS Summit - 3mdeb Summit videos

UX - User Experience

Xen project summit 2024

Qubes OS Server

Unikernel-like

Qubes OS Legends

Web articles

Training and Materials

Web articles

Extra Info

Adventure Further

Web articles

System Information & Requirements

GPU

Streamers

Web articles

Companies using Qubes OS

Extra Info

Social media

Extra Info

Web articles

Releases

Web articles

Contributing

Web articles

ML, LLM & AI

A curated list of Awesome Qubes OS links