[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Qubes in VM?

hi new to here…help apreciated

is qubes better than whonix?
can i run qubes in vm or is it suppose to be as main OS?
can it be used as desktop solution?

thankss

Qubes is supposed to function as the main OS. People have reported they can get it to run in a VM but I tried both Virtual Box and VM Player some months ago and it would not install and I decided it wasn’t worth my time to mess with it.

Also interested in answers to questions in first post, maybe Patrick you can shed some more information on this?

No, I have no idea. I see why this makes sense. For learning and testing it’s so much better to start playing with in in a VM. I am also interested in this. Last time I researched this, it didn’t seem possible. That kind of questions however are better asked on the qubes users mailing list, since it’s unspecific to Whonix.

I would try the new live image ISO https://www.qubes-os.org/doc/QubesDownloads/ . You aren’t going to be able to use any of the technologies crucial to the Qubes security model inc. VT-x, VT-d, TXT, and TPM, but you can at least get a feel for how it works and somewhat pretend as if things were there (some things just won’t work–e.g., USBVMs depend on VT-d and won’t be created w/o it, AEM won’t work without TPM, and many more issues). Basically, it won’t provide any of the security benefits it would if you ran it as your host OS on a machine that supported the aforementioned features.

sorry for my bad English firstly

Qubes 2.0 & 3.0 & 3.1-rc1 can run in kvm, and VGA can passthrough to Qubes also
pci_strictreset need set to false on Qubes 3.0 & 3.1-rc1
qvm-prefs -s sys-net pci_strictreset false

host os: Fedora 23
sample libvirt config

<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  <name>Qubes-R3.1-rc1</name>
  <uuid>2665201b-8ac2-421c-982f-ba45f553f8c5</uuid>
  <memory unit='KiB'>8388608</memory>
  <currentMemory unit='KiB'>8388608</currentMemory>
  <vcpu placement='static'>6</vcpu>
  <os>
    <type arch='x86_64' machine='pc-q35-2.4'>hvm</type>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <cpu mode='host-model'>
    <model fallback='allow'/>
  </cpu>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='yes'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <pm>
    <suspend-to-mem enabled='no'/>
    <suspend-to-disk enabled='no'/>
  </pm>
  <devices>
    <emulator>/usr/bin/qemu-kvm</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='unsafe'/>
      <source file='/libvirt/Qubes-R3.1-rc1.qcow2'/>
      <target dev='sda' bus='sata'/>
      <boot order='2'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <disk type='block' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <target dev='sdb' bus='scsi'/>
      <readonly/>
      <address type='drive' controller='0' bus='0' target='0' unit='1'/>
    </disk>
    <controller type='sata' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pcie-root'/>
    <controller type='pci' index='1' model='dmi-to-pci-bridge'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1e' function='0x0'/>
    </controller>
    <controller type='pci' index='2' model='pci-bridge'>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x01' function='0x0'/>
    </controller>
    <controller type='usb' index='0'>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/>
    </controller>
    <controller type='scsi' index='0'>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x05' function='0x0'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:0a:2b:65'/>
      <source bridge='br0'/>
      <model type='e1000'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x02' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='52:54:00:a1:85:8c'/>
      <source bridge='br0'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x06' function='0x0'/>
    </interface>
    <serial type='pty'>
      <target port='0'/>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
    <input type='tablet' bus='usb'/>
    <input type='mouse' bus='ps2'/>
    <input type='keyboard' bus='ps2'/>
    <graphics type='spice' port='15976' tlsPort='15977' autoport='no' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
    <sound model='ich6'>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x03' function='0x0'/>
    </sound>
    <video>
      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x04' function='0x0'/>
    </memballoon>
  </devices>
  <qemu:commandline>
    <qemu:arg value='-device'/>
    <qemu:arg value='ioh3420,bus=pcie.0,addr=1c.0,multifunction=on,port=1,chassis=1,id=root.1'/>
    <qemu:arg value='-device'/>
    <qemu:arg value='vfio-pci,host=02:00.0,bus=root.1,addr=00.0,x-vga=on'/>
    <qemu:env name='QEMU_AUDIO_DRV' value='pa'/>
    <qemu:env name='PULSE_SERVER' value='localhost'/>
  </qemu:commandline>
</domain>

Interesting! Please also report this on the Qubers users mailing list. A
few people were interested in this.

I’m from a censored area. google group is not tor-friendly, so I don’t want to use it.
maybe someone can help me report this on Qubes mailing list?

non of these r good to go with ?

i dont like google group either , but i would take one of the remaining inside the link

Google groups can be used by e-mail without requirement of a google account.

See https://www.qubes-os.org/doc/mailing-lists/#tocAnchor-1-1-2

They have an existing thread here.

Does your solution differ from that?

Where is the existing thread? I didn’t find it. Could you show me the link?

my solution isn’t special. just enable nested vmx and disable virtio drivers for Xen.
during Qubes installation, creating vm will be failed because of non-working network device.
ignore this error. when installation finished, the network device will work after setting NetVM pci_strictreset to false.

I forgot to post that link. Here it is:

https://groups.google.com/forum/m/#!topic/qubes-devel/Es14znX-62M

Thank you. I will read that.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]