After looking at qubes-db; the keyboard-layout is also available as a data point for non-US keyboards.
Added another comment to that ticket just now.
No, because it requires locally running malware to specifically targeting this but if that happens it could easily circumvent the mitigation.
That might make sense in the far future (if that ever happens) when hardening such as the following is implemented:
- Strong Linux User Account Isolation
- Automate vm sudo authorization setup · Issue #2695 · QubesOS/qubes-issues · GitHub
- Multiple Boot Modes for Better Security: an Implementation of Untrusted Root
- GitHub - tasket/Qubes-VM-hardening: Fend off malware at Qubes VM startup
I doubt it but I also don’t know. This you need need to ask Qubes. Qubes-Whonix is an integration of Whonix into Qubes. Qubes-Whonix however will inherit all the advantages and disadvantages (such as this specific use case of qubesdb) from Qubes.
These issues can easily remain unresolved for years. See also: