Security benefit of using Proxmox on desktop pc?

lynx

Hi,
I was wondering if it would beneficial to install Proxmox on my desktop pc, and use my daily driver OS inside a vm. I would have the advantage of having a virtualized environment, but would loose access to the hardware tpm for example. Is it worth it, or counterproductive security wise?
Thanks

GrouchyGrape

lynx forget the hypervisor of choice for a minute, what's your objective? If your windows session is in a VM, what are you trying to isolate it from and why? If your primary objective is security against physical theft, then I wouldn't trust most setups. GrapheneOS in "desktop mode" would arguably be the best, with MacOS on modern Apple hardware coming in second.

I do use Proxmox (both personally and professionally), but I understand it's limitations and act accordingly.

lynx

I would also be curious which setup (windows 11 bare metal installation with tpm 2.0 and secure boot vs running windows 11 in a proxmox vm) leaves my data more exposed when the pc is physically stolen?

Also, could a proxmox host + future grapheneos ind esktop mode guest be a secure setup?

Safir_drill

Man, what are you talking about? Proxmox VE isn’t meant for that use. PVE is designed to run servers or clusters, not desktop PCs. If you want the best security (and probably also privacy), you should try something like Qubes OS, which lets you organize your apps in separate containers or VMs. Also, Proxmox doesn’t have a “real” GUI—yes, it has a browser‑based GUI, but it isn’t the same thing.

Safir_drill

Also, if you want my personal opinion, QubesOS is too much for common people. Just install a good linux distro, use open software and most important install it from reputable sources. If you want another layer of security you culd always run a vm or a containe in your linux enviroment

lynx

GrouchyGrape

Hi, actually it was more sort of a thought experiment, I don't have a real objective with it. I use a recent Mac as daily driver as I understand they are one of the better choices for desktop usage. I still have this gamer PC I like to tinker with, and was wondering if the use of a hypervisor in a way I haven't thought about can create a secure setup.
You have a point, from what do I want to isolate it? I don't know, does it make any sense to run the desktop OS on a hypervisor just for the sake of doing it? I don't see how, but I am also missing things.

teux

GrouchyGrape with MacOS on modern Apple hardware coming in second.

I strongly disagree, but mostly for their cloud focused backend, historical attempts to auto-scan local files without consent, and political ties to current authoritarian administrations.

But could I ask you about your reasons for suggesting this? Perhaps I'm missing something. And I realize it does depend on threat model, and personal risk tolerance.

GrouchyGrape

teux the question from OP was about security from physical theft, not privacy. I don't have time to link everything here, but basically they do a better job than almost everyone of building an OS that properly utilizes the hardware for increased security. It's almost like they have control of both..