GrapheneOS Users Running QubesOS: Community Poll

p-marg

My Pixel 6a runs GrapheneOS, and I've been using it since May 2023. From the moment I got the phone, I started saving up for my next Pixel, knowing I'll want to upgrade when this one reaches end of life. I'll be ready to switch to a new Pixel and keep using GrapheneOS.

And this year, I'm making a significant move to escape surveillance capitalism by transitioning to QubesOS full-time on my Thinkpad.

My Thinkpad has two drives:

The internal NVMe drive running QubesOS
One additional NVMe drive I installed, running Fedora Silverblue

My question is: How many of you GrapheneOS users run QubesOS as a daily driver on the desktop, alongside GrapheneOS on a Pixel?

yore

p-marg I used to run QubesOS from an external drive to test out the waters. Turned out it wasn't for me for a number of reasons:

Running multiple VMs on my hardware was incredibly slow
It consumed a lot of power even when doing basic things
My threat model didn't require something like QubesOS and the performance hit wasn't worth it for me
In terms of security, I found GrapheneOS suffices for my needs. QubesOS's main security point is around isolating activities with (type 1) VMs but besides that, it suffered from some of the same pitfalls as other desktop Linux operating systems.

All this combined has led me to revert to a standard, Arch distribution with some security improvements such as using the linux-hardened kernel are enough for my threat model so I am pleased with my current setup. While QubesOS is certainly a solid OS for secure browsing, file viewing, etc especially with their well-designed disposable VMs, I find that some of these can be replicated on GrapheneOS, for example viewing unknown PDFs in GrapheneOS's viewer where PDF JavaScript is disabled.

But in the end, I think what matters most is the user's threat model before jumping the gun on something fairly intimidating to new users. It comes with its own learning curve, but if the user is willing to take some time to become familiar with QubesOS and doesn't suffer from the issues I faced, it's an interesting OS with some useful features and is certainly worth trying out.

ryrona

I do. GrapheneOS on my phone, QubesOS on my laptop.

I switched to QubesOS because I was more or less already doing what QubesOS does to support security domains with templates in a safe way. Just, I did it all manually with regular Linux distribution, using an external USB stick for verifying hash of all boot files and boot data between each boot, having packed the whole file system as a squashfs to allow the verification, using overlayfs with a temp filesystem to prevent the file system getting modified in normal operation, and using separate encrypted partitions for each security domain, only ever opening one between each verified boot. It was a pain, but it worked. Now we have QubesOS that actually offers all that out of the box, in a super easy to use way, that is far easier to install software updates to, and that allows running all security domains at the same time.

elih

I've used QubesOS as my daily driver for nearly a decade and added GrapheneOS more recently. I've found that they make good complements.

Use of Xen as the hypervisor definitely makes Qubes a power hog, but this may be a small price to pay if Surveillance Capitalism is a part of your threat model. Since you basically have a network of virtual machines on a laptop, it's possible to filter and sort data flows internally with tools like pi-hole, opensnitch, wireshark, dedicated firewall VMs, multiple VPN gateways, and Whonix. I've found 16GB of RAM on a Thinkpad to be sufficient for everyday use (maybe a dozen VMs open at any given time, none that need GPU passthru) with no significant slowdown relative to other operating systems, but with only 8GB RAM it could be painful at times. Qubes 4.2 saw a lot of UI improvements, so it's much easier to use now than in the past, but there's still a learning curve and customizations to manage your exposure to Surveillance Capitalism will take an investment of time.