kloak (Anti Keystroke Deanonymization)
- Already installed by default in Non-Qubes-Whonix for a long time.
- Not on the horizon for Qubes-Whonix. Qubes VM kernel non-default issue.
- Qubes issue: provide Linux kernel input device so kloak (anti keystroke deanonymization tool) can be used in Qubes-Whonix · Issue #2558 · QubesOS/qubes-issues · GitHub
Linux Kernel Runtime Guard (LKRG)
- Soon to be installed by default in Non-Qubes-Whonix.
- Not soon to be installed in Qubes-Whonix by default because Qubes is not using Qubes VM kernel by default yet.
- Qubes issues:
- make Linux Kernel Runtime Guard (LKRG) easily available in Qubes · Issue #5461 · QubesOS/qubes-issues · GitHub
- Feature Request: Anti-Keystroke Fingerprinting Tool · Issue #1850 · QubesOS/qubes-issues · GitHub
- Simplify and promote using in-vm kernel · Issue #5212 · QubesOS/qubes-issues · GitHub
- network internet connectivity issues with Qubes VM kernel · Issue #5667 · QubesOS/qubes-issues · GitHub
tirdad (TCP ISN CPU Information Leak Protection.)
- Soon to be installed by default in Non-Qubes-Whonix.
- Not soon to be installed in Qubes-Whonix by default because Qubes is not using Qubes VM kernel by default yet.
- Qubes issue: Simplify and promote using in-vm kernel · Issue #5212 · QubesOS/qubes-issues · GitHub
Kernel Hardening through Kernel Boot Parameters
- Already installed by default in Non-Qubes-Whonix for a long time.
- Not on the horizon for Qubes-Whonix. Qubes VM kernel non-default issue.
- Qubes issues:
Strong Linux User Account Separation / Protection against Bruteforcing Linux User Account Passwords
- Already default in Non-Qubes-Whonix.
- Might be fixeable in Qubes-Whonix
- Qubes issues:
apparmor-profile-everything (AppArmor for everything. APT, systemd, init, all systemd units, all applications)
- In development.
- Proof of concept functional in Non-Qubes-Whonix.
- Using apparmor-profile-everything on Debian Buster
- Broken in Qubes-Whonix.
- Only developed for Non-Qubes-Whonix by @madaidan.
- Nobody working on Qubes-Whonix support.
- github / forum discussion
hardened-kernel patch and config
- In development.
- Proof of concept functional in Non-Qubes-Whonix.
- Broken in Qubes-Whonix.
- Only developed for Non-Qubes-Whonix by @madaidan.
- Nobody working on Qubes-Whonix support.
- github / forum discussion
Please help fixing these issues!