New Qubes application menu
https://www.qubes-os.org/news/2021/11/12/new-qubes-application-menu/
The new application menu is here!
If you are running a release candidate of Qubes OS 4.1 (https://www.qubes-os.org/news/2021/10/11/qubes-4-1-rc1/) and wish to just dive on in, the new app menu can be found here (https://github.com/QubesOS/qubes-desktop-linux-menu). But first, a couple important caveats:
This new menu requires 4.1 and cannot run on 4.0.
This is experimental software for testing purposes only!
Still want to give it a go? To install, enter this command in a dom0 terminal:
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-desktop-linux-menu
Once installed, add the new menu to the XFCE panel using the provided .desktop file (instructions (https://github.com/QubesOS/qubes-desktop-linux-menu#how-to-run)). For those who want to learn more, read on!
Background
One of the key issues raised by users in last year’s Qubes User Survey (see the write-up (https://www.qubes-os.org/news/2020/11/26/qubes-survey-results/) — and a big thank you to everyone who participated!) was general usability. Qubes OS is great for security, but the experience of using it can be somewhat opaque or even confusing. The UX difficulties are exacerbated by the fact that most of our GUI components are adapted from those designed for single-environment systems, like XFCE on Fedora. This served as a good first pass for an open-source project developed by a small team, but the time has come to begin working on a GUI tailored to Qubes OS’s particular multi-environment setting.
Helpfully, three years ago the SecureDrop team began user research in support of their SecureDrop Workstation project (https://securedrop.org/news/piloting-securedrop-workstation-qubes-os/) (built atop Qubes OS). In the course of their work, they discovered that it was not just SecureDrop users who wanted the Qubes OS GUI to be friendlier — a lot of other folks seemed to want Qubes OS to be more usable, too! From the SecureDrop Workstation project, Nina Alter began contributing to Qubes, and we subsequently joined forces to tackle the app menu project. This project received a generous grant from the Mozilla Foundation!
Goals
The main idea behind the new application menu is simple: to create a way of accessing programs that’s native to Qubes OS, takes into account its quirks and approach, and is both easy to use and accessible. The visual clarity of the current application menu, which uses XFCE’s default menu and adds a folder within the menu for each qube, leaves much to be desired. Research showed us most users prefer GUI system tools. The classic Linux nerd answer of “Just use the terminal. It’s easy!” does not really capture how most people work. Thus, we needed a better approach, one that’s more accessible, easier to use, and represents a mental model consistent with Qubes OS rather than a typical monolithic Linux distribution.
For those interested, we presented our work on the new app menu on the second day of our 2021 Qubes Mini Summit (https://www.youtube.com/watch?v=KdDr6TiqF0k). The presentation begins at the 01h 15min mark of the video.
Application Menu Features
Qubes
The new application menu has three tabs (as seen on the left): qubes, favorites, and system tools. The first tab is the most similar one to the old menu. It contains all qubes, but now sorted into three groups (on top of the middle pane): normal application qubes (the APP section), qube templates (TEMPLATES), and various system qubes (SYSTEM).
https://www.qubes-os.org/news/2021/11/12/new-qubes-application-menu/
The new application menu is here!
If you are running a release candidate of Qubes OS 4.1 (https://www.qubes-os.org/news/2021/10/11/qubes-4-1-rc1/) and wish to just dive on in, the new app menu can be found here (https://github.com/QubesOS/qubes-desktop-linux-menu). But first, a couple important caveats:
This new menu requires 4.1 and cannot run on 4.0.
This is experimental software for testing purposes only!
Still want to give it a go? To install, enter this command in a dom0 terminal:
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-desktop-linux-menu
Once installed, add the new menu to the XFCE panel using the provided .desktop file (instructions (https://github.com/QubesOS/qubes-desktop-linux-menu#how-to-run)). For those who want to learn more, read on!
Background
One of the key issues raised by users in last year’s Qubes User Survey (see the write-up (https://www.qubes-os.org/news/2020/11/26/qubes-survey-results/) — and a big thank you to everyone who participated!) was general usability. Qubes OS is great for security, but the experience of using it can be somewhat opaque or even confusing. The UX difficulties are exacerbated by the fact that most of our GUI components are adapted from those designed for single-environment systems, like XFCE on Fedora. This served as a good first pass for an open-source project developed by a small team, but the time has come to begin working on a GUI tailored to Qubes OS’s particular multi-environment setting.
Helpfully, three years ago the SecureDrop team began user research in support of their SecureDrop Workstation project (https://securedrop.org/news/piloting-securedrop-workstation-qubes-os/) (built atop Qubes OS). In the course of their work, they discovered that it was not just SecureDrop users who wanted the Qubes OS GUI to be friendlier — a lot of other folks seemed to want Qubes OS to be more usable, too! From the SecureDrop Workstation project, Nina Alter began contributing to Qubes, and we subsequently joined forces to tackle the app menu project. This project received a generous grant from the Mozilla Foundation!
Goals
The main idea behind the new application menu is simple: to create a way of accessing programs that’s native to Qubes OS, takes into account its quirks and approach, and is both easy to use and accessible. The visual clarity of the current application menu, which uses XFCE’s default menu and adds a folder within the menu for each qube, leaves much to be desired. Research showed us most users prefer GUI system tools. The classic Linux nerd answer of “Just use the terminal. It’s easy!” does not really capture how most people work. Thus, we needed a better approach, one that’s more accessible, easier to use, and represents a mental model consistent with Qubes OS rather than a typical monolithic Linux distribution.
For those interested, we presented our work on the new app menu on the second day of our 2021 Qubes Mini Summit (https://www.youtube.com/watch?v=KdDr6TiqF0k). The presentation begins at the 01h 15min mark of the video.
Application Menu Features
Qubes
The new application menu has three tabs (as seen on the left): qubes, favorites, and system tools. The first tab is the most similar one to the old menu. It contains all qubes, but now sorted into three groups (on top of the middle pane): normal application qubes (the APP section), qube templates (TEMPLATES), and various system qubes (SYSTEM).
When you select a qube, its applications appear on the right — the same applications that you chose for the old menu, in Qube Settings. Now, however, they are accompanied by a couple of utility features, like quick access to start and shut down commands and an indicator of the networking state of the qube on top.
The menu itself also communicates more information about system state. Names of running qubes are bolded, and those of disposable qubes and their templates are italicized. There’s also a clear visual indicator of the disposable template each disposable is based on.
Further enhancements (coming in the future) will be — as inspired by many users citing frustrations with memory management and information in the menu — more data about RAM usage or qube template on top of the application pane.
The menu itself also communicates more information about system state. Names of running qubes are bolded, and those of disposable qubes and their templates are italicized. There’s also a clear visual indicator of the disposable template each disposable is based on.
Further enhancements (coming in the future) will be — as inspired by many users citing frustrations with memory management and information in the menu — more data about RAM usage or qube template on top of the application pane.
In order to make the use of disposable qubes more conveniently, now programs can be started in a running disposable qube from the menu. It works just like any other qube. There’s only one limitation: If the qube was started for a program (which is usually the case), it will shut down when that first program is closed.
Favorites
You asked, and we have delivered! Second in the primary menu, after qubes, is a completely new tab: Favorites.
Favorites
You asked, and we have delivered! Second in the primary menu, after qubes, is a completely new tab: Favorites.
You can right-click on any application in the qube menu and add it to your favorites. It will then appear in this menu. To remove it, simply right-click on the app within the Favorites tab and select “Remove from Favorites.”
System tools
The last tab is devoted to all sorts of configuration and system tools and, in practice, also “random things installed in dom0.” (It’s a bad idea to install random things in dom0, but if it happens, that’s where you will find them.) System tools can also be added to favorites. Some of us find it useful, for example, to have a dom0 terminal shortcut there.
System tools
The last tab is devoted to all sorts of configuration and system tools and, in practice, also “random things installed in dom0.” (It’s a bad idea to install random things in dom0, but if it happens, that’s where you will find them.) System tools can also be added to favorites. Some of us find it useful, for example, to have a dom0 terminal shortcut there.
Installing and running the application menu
As the menu is not yet part of Qubes by default, you have to install it yourself with:
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-desktop-linux-menu
The menu can then be added to the XFCE panel as a widget, with Panel -> Add New Items -> Launcher, and in the Launcher add the Open Qubes Application Menu option. Normally, the process that provides the menu with data will be running in the background, but it will only start on the next reboot. To avoid the need for a reboot, you can just run the following in a dom0 terminal:
[user@dom0 ~]$ qubes-app-menu &
There are also several helpful options in the command line for users who want more customization, like --keep-visible (if you want the menu to be always visible) or --page [N] to select the page at which the menu should be opened (0 for apps, 1 for favorites, and 2 for system tools). The entire option list is available, as usual, through qubes-app-menu --help.
Feedback and testing
As this is very much a first release, bugs are likely. Please report any issues you discover (https://www.qubes-os.org/doc/issue-tracking/).
We’d also very much welcome anonymous feedback on the new menu through our survey tool (https://survey.qubes-os.org/index.php?r=survey/index&sid=255277&lang=en).
The current plan is to have this menu become the default in Qubes 4.2, but of course compatibility with other menus will be maintained. Our current development status can be seen in the GitHub project for the new application menu (https://github.com/QubesOS/qubes-issues/projects/12).
Enjoy!
As the menu is not yet part of Qubes by default, you have to install it yourself with:
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-desktop-linux-menu
The menu can then be added to the XFCE panel as a widget, with Panel -> Add New Items -> Launcher, and in the Launcher add the Open Qubes Application Menu option. Normally, the process that provides the menu with data will be running in the background, but it will only start on the next reboot. To avoid the need for a reboot, you can just run the following in a dom0 terminal:
[user@dom0 ~]$ qubes-app-menu &
There are also several helpful options in the command line for users who want more customization, like --keep-visible (if you want the menu to be always visible) or --page [N] to select the page at which the menu should be opened (0 for apps, 1 for favorites, and 2 for system tools). The entire option list is available, as usual, through qubes-app-menu --help.
Feedback and testing
As this is very much a first release, bugs are likely. Please report any issues you discover (https://www.qubes-os.org/doc/issue-tracking/).
We’d also very much welcome anonymous feedback on the new menu through our survey tool (https://survey.qubes-os.org/index.php?r=survey/index&sid=255277&lang=en).
The current plan is to have this menu become the default in Qubes 4.2, but of course compatibility with other menus will be maintained. Our current development status can be seen in the GitHub project for the new application menu (https://github.com/QubesOS/qubes-issues/projects/12).
Enjoy!
Whonix 15 has reached EOL
https://www.qubes-os.org/news/2021/11/14/whonix-15-eol/
Whonix 15 has reached EOL (end-of-life). If you have not already done
so, we strongly recommend upgrading your Whonix 15 templates and
standalones to Whonix 16 (https://www.qubes-os.org/news/2021/09/30/whonix-16-template-available/) immediately. The Whonix Project provides
fresh Whonix 16 template packages through the Qubes community template
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.whonix.org/wiki/Qubes/Install). Alternatively, the Whonix Project also
provides step-by-step instructions for performing an in-place upgrade (https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16)
of an existing Whonix 15 template. After upgrading your templates,
please remember to switch all qubes that were using the old template
to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases supported for your specific
Qubes release, please see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
https://www.qubes-os.org/news/2021/11/14/whonix-15-eol/
Whonix 15 has reached EOL (end-of-life). If you have not already done
so, we strongly recommend upgrading your Whonix 15 templates and
standalones to Whonix 16 (https://www.qubes-os.org/news/2021/09/30/whonix-16-template-available/) immediately. The Whonix Project provides
fresh Whonix 16 template packages through the Qubes community template
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.whonix.org/wiki/Qubes/Install). Alternatively, the Whonix Project also
provides step-by-step instructions for performing an in-place upgrade (https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16)
of an existing Whonix 15 template. After upgrading your templates,
please remember to switch all qubes that were using the old template
to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases supported for your specific
Qubes release, please see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
Qubes OS 4.1-rc2 has been released!
https://www.qubes-os.org/news/2021/11/17/qubes-4-1-rc2/
We’re pleased to announce the second release candidate for Qubes 4.1!
Qubes 4.1-rc2 contains fixes for bugs that were discovered in the first
release candidate (4.1-rc1). For existing Qubes 4.1-rc1 users, a regular
update (https://www.qubes-os.org/doc/how-to-update/) is sufficient to upgrade to 4.1-rc2.
In case you haven’t heard, Qubes 4.1 includes several major new
features, each of which is explained in depth in its own article:
Qubes Architecture Next Steps: The GUI Domain (https://www.qubes-os.org/news/2020/03/18/gui-domain/)
Qubes Architecture Next Steps: The New Qrexec Policy System (https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/)
New Gentoo templates and maintenance infrastructure (https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/)
Reproducible builds for Debian: a big step forward (https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/)
There are also numerous other improvements and
bug fixes listed in the release notes (https://www.qubes-os.org/doc/releases/4.1/release-notes/) and in the issue
tracker (https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+).
Finally, Qubes 4.1 features the following updated default components:
Xen 4.14
Fedora 32 in dom0
Fedora 34 template
Debian 11 template
Whonix 16 Gateway and Workstation templates
Linux kernel 5.10
How to test Qubes 4.1-rc2
If you’re willing to test (https://www.qubes-os.org/doc/testing/) this release candidate, you can help to
improve the stable release by reporting any bugs you encounter (https://www.qubes-os.org/doc/issue-tracking/).
Experienced users are strongly encouraged to join the testing team (https://forum.qubes-os.org/t/joining-the-testing-team/5190)!
How to migrate to 4.1-rc2:
If you’re already on 4.1-rc1, simply perform a normal update (https://www.qubes-os.org/doc/how-to-update/).
If you’re not on 4.1-rc1, you have two options:
Back up (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#creating-a-backup) your current installation, download (https://www.qubes-os.org/downloads/) 4.1-rc2, perform a
fresh install (https://www.qubes-os.org/doc/installation-guide/), then restore (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#restoring-from-a-backup) from your backup.
Perform an in-place upgrade (https://www.qubes-os.org/doc/upgrade/4.1/).
Release candidate planning
As with any release candidate, it’s possible that user testing will
reveal important bugs that we’ll want to fix before the stable release.
We plan to release the next release candidate in approximately five
weeks. As explained in our general release schedule (https://www.qubes-os.org/doc/version-scheme/#release-schedule), this cycle will
continue until no major bugs are discovered, at which point the latest
release candidate will be declared the stable 4.1 release.
https://www.qubes-os.org/news/2021/11/17/qubes-4-1-rc2/
We’re pleased to announce the second release candidate for Qubes 4.1!
Qubes 4.1-rc2 contains fixes for bugs that were discovered in the first
release candidate (4.1-rc1). For existing Qubes 4.1-rc1 users, a regular
update (https://www.qubes-os.org/doc/how-to-update/) is sufficient to upgrade to 4.1-rc2.
In case you haven’t heard, Qubes 4.1 includes several major new
features, each of which is explained in depth in its own article:
Qubes Architecture Next Steps: The GUI Domain (https://www.qubes-os.org/news/2020/03/18/gui-domain/)
Qubes Architecture Next Steps: The New Qrexec Policy System (https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/)
New Gentoo templates and maintenance infrastructure (https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/)
Reproducible builds for Debian: a big step forward (https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/)
There are also numerous other improvements and
bug fixes listed in the release notes (https://www.qubes-os.org/doc/releases/4.1/release-notes/) and in the issue
tracker (https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+).
Finally, Qubes 4.1 features the following updated default components:
Xen 4.14
Fedora 32 in dom0
Fedora 34 template
Debian 11 template
Whonix 16 Gateway and Workstation templates
Linux kernel 5.10
How to test Qubes 4.1-rc2
If you’re willing to test (https://www.qubes-os.org/doc/testing/) this release candidate, you can help to
improve the stable release by reporting any bugs you encounter (https://www.qubes-os.org/doc/issue-tracking/).
Experienced users are strongly encouraged to join the testing team (https://forum.qubes-os.org/t/joining-the-testing-team/5190)!
How to migrate to 4.1-rc2:
If you’re already on 4.1-rc1, simply perform a normal update (https://www.qubes-os.org/doc/how-to-update/).
If you’re not on 4.1-rc1, you have two options:
Back up (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#creating-a-backup) your current installation, download (https://www.qubes-os.org/downloads/) 4.1-rc2, perform a
fresh install (https://www.qubes-os.org/doc/installation-guide/), then restore (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#restoring-from-a-backup) from your backup.
Perform an in-place upgrade (https://www.qubes-os.org/doc/upgrade/4.1/).
Release candidate planning
As with any release candidate, it’s possible that user testing will
reveal important bugs that we’ll want to fix before the stable release.
We plan to release the next release candidate in approximately five
weeks. As explained in our general release schedule (https://www.qubes-os.org/doc/version-scheme/#release-schedule), this cycle will
continue until no major bugs are discovered, at which point the latest
release candidate will be declared the stable 4.1 release.
XSAs released on 2021-11-19
https://www.qubes-os.org/news/2021/11/19/xsas-released-on-2021-11-19/
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS is not affected.
Therefore, no user action is required.
XSAs that affect the security of Qubes OS (user action required)
The following XSAs do affect the security of Qubes OS:
(None)
XSAs that do not affect the security of Qubes OS (no user action required)
The following XSAs do not affect the security of Qubes OS, and no user action is necessary:
XSA-390 (affects only Xen versions >=4.15; Qubes currently uses 4.14 and 4.8)
Related links
Xen XSA list: https://xenbits.xen.org/xsa/
Qubes XSA tracker: https://www.qubes-os.org/security/xsa/
Qubes security pack (qubes-secpack): https://www.qubes-os.org/security/pack/
Qubes security bulletins (QSBs): https://www.qubes-os.org/security/qsb/
https://www.qubes-os.org/news/2021/11/19/xsas-released-on-2021-11-19/
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS is not affected.
Therefore, no user action is required.
XSAs that affect the security of Qubes OS (user action required)
The following XSAs do affect the security of Qubes OS:
(None)
XSAs that do not affect the security of Qubes OS (no user action required)
The following XSAs do not affect the security of Qubes OS, and no user action is necessary:
XSA-390 (affects only Xen versions >=4.15; Qubes currently uses 4.14 and 4.8)
Related links
Xen XSA list: https://xenbits.xen.org/xsa/
Qubes XSA tracker: https://www.qubes-os.org/security/xsa/
Qubes security pack (qubes-secpack): https://www.qubes-os.org/security/pack/
Qubes security bulletins (QSBs): https://www.qubes-os.org/security/qsb/
XSAs released on 2021-11-23
https://www.qubes-os.org/news/2021/11/24/xsas-released-on-2021-11-23/
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS is affected.
Therefore, user action is required.
XSAs that affect the security of Qubes OS (user action required)
The following XSAs do affect the security of Qubes OS:
XSA-388
XSA-389
Please see QSB-074 for the actions users must take in order to
protect themselves, as well as further details about these XSAs:
https://www.qubes-os.org/news/2021/11/24/qsb-074/
XSAs that do not affect the security of Qubes OS (no user action required)
The following XSAs do not affect the security of Qubes OS, and no
user action is necessary:
XSA-385 (DoS only; Qubes has BIGMEM disabled)
XSA-387 (Qubes has grant tables v2 disabled)
Related links
Xen XSA list: https://xenbits.xen.org/xsa/
Qubes XSA tracker: https://www.qubes-os.org/security/xsa/
Qubes security pack (qubes-secpack): https://www.qubes-os.org/security/pack/
Qubes security bulletins (QSBs): https://www.qubes-os.org/security/qsb/
https://www.qubes-os.org/news/2021/11/24/xsas-released-on-2021-11-23/
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS is affected.
Therefore, user action is required.
XSAs that affect the security of Qubes OS (user action required)
The following XSAs do affect the security of Qubes OS:
XSA-388
XSA-389
Please see QSB-074 for the actions users must take in order to
protect themselves, as well as further details about these XSAs:
https://www.qubes-os.org/news/2021/11/24/qsb-074/
XSAs that do not affect the security of Qubes OS (no user action required)
The following XSAs do not affect the security of Qubes OS, and no
user action is necessary:
XSA-385 (DoS only; Qubes has BIGMEM disabled)
XSA-387 (Qubes has grant tables v2 disabled)
Related links
Xen XSA list: https://xenbits.xen.org/xsa/
Qubes XSA tracker: https://www.qubes-os.org/security/xsa/
Qubes security pack (qubes-secpack): https://www.qubes-os.org/security/pack/
Qubes security bulletins (QSBs): https://www.qubes-os.org/security/qsb/
QSB-074: Xen issues related to populate-on-demand (XSA-388, XSA-389)
https://www.qubes-os.org/news/2021/11/24/qsb-074/
We have just published Qubes Security Bulletin (QSB) 074:
Xen issues related to populate-on-demand (XSA-388, XSA-389).
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB-074 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-074-2021.txt
In addition, you may wish to:
Get the qubes-secpack: https://www.qubes-os.org/security/pack/
View all past QSBs: https://www.qubes-os.org/security/qsb/
View the XSA Tracker: https://www.qubes-os.org/security/xsa/
---===[ Qubes Security Bulletin 074 ]===---
2021-11-23
Xen issues related to populate-on-demand (XSA-388, XSA-389)
User action required
---------------------
Users must install the following specific packages in order to address
the issues discussed in this bulletin:
For Qubes 4.0, in dom0:
- Xen packages, version 4.8.5-36
For Qubes 4.1, in dom0:
- Xen packages, version 4.14.3-4
These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [1] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [2]
Dom0 must be restarted afterward in order for the updates to take
effect.
If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new
Xen binaries.
Summary
--------
The following security advisories were published on 2021-11-23:
XSA-388 [3] "PoD operations on misaligned GFNs":
| x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode,
| to provide a way for them to later easily have more memory assigned.
|
| Guests are permitted to control certain P2M aspects of individual
| pages via hypercalls. These hypercalls may act on ranges of pages
| specified via page orders (resulting in a power-of-2 number of pages).
| The implementation of some of these hypercalls for PoD does not
| enforce the base page frame number to be suitably aligned for the
| specified order, yet some code involved in PoD handling actually makes
| such an assumption.
|
| These operations are XENMEM_decrease_reservation (CVE-2021-28704) and
| XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by
| domains controlling the guest, i.e. a de-privileged qemu or a stub
| domain. (Patch 1, combining the fix to both these two issues.)
|
| In addition handling of XENMEM_decrease_reservation can also trigger a
| host crash when the specified page order is neither 4k nor 2M nor 1G
| (CVE-2021-28708, patch 2).
XSA-389 [4] "issues with partially successful P2M updates on x86":
| x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode,
| to provide a way for them to later easily have more memory assigned.
|
| Guests are permitted to control certain P2M aspects of individual
| pages via hypercalls. These hypercalls may act on ranges of pages
| specified via page orders (resulting in a power-of-2 number of pages).
| In some cases the hypervisor carries out the requests by splitting
| them into smaller chunks. Error handling in certain PoD cases has
| been insufficient in that in particular partial success of some
| operations was not properly accounted for.
|
| There are two code paths affected - page removal (CVE-2021-28705) and
| insertion of new pages (CVE-2021-28709). (We provide one patch which
| combines the fix to both issues.)
Impact
-------
Malicious or buggy guest kernels may be able to mount Denial of Service
(DoS) attacks affecting the entire system. Privilege escalation and
information leaks cannot be ruled out.
These issues affect only qubes that have dynamic memory balancing
https://www.qubes-os.org/news/2021/11/24/qsb-074/
We have just published Qubes Security Bulletin (QSB) 074:
Xen issues related to populate-on-demand (XSA-388, XSA-389).
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB-074 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-074-2021.txt
In addition, you may wish to:
Get the qubes-secpack: https://www.qubes-os.org/security/pack/
View all past QSBs: https://www.qubes-os.org/security/qsb/
View the XSA Tracker: https://www.qubes-os.org/security/xsa/
---===[ Qubes Security Bulletin 074 ]===---
2021-11-23
Xen issues related to populate-on-demand (XSA-388, XSA-389)
User action required
---------------------
Users must install the following specific packages in order to address
the issues discussed in this bulletin:
For Qubes 4.0, in dom0:
- Xen packages, version 4.8.5-36
For Qubes 4.1, in dom0:
- Xen packages, version 4.14.3-4
These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [1] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [2]
Dom0 must be restarted afterward in order for the updates to take
effect.
If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new
Xen binaries.
Summary
--------
The following security advisories were published on 2021-11-23:
XSA-388 [3] "PoD operations on misaligned GFNs":
| x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode,
| to provide a way for them to later easily have more memory assigned.
|
| Guests are permitted to control certain P2M aspects of individual
| pages via hypercalls. These hypercalls may act on ranges of pages
| specified via page orders (resulting in a power-of-2 number of pages).
| The implementation of some of these hypercalls for PoD does not
| enforce the base page frame number to be suitably aligned for the
| specified order, yet some code involved in PoD handling actually makes
| such an assumption.
|
| These operations are XENMEM_decrease_reservation (CVE-2021-28704) and
| XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by
| domains controlling the guest, i.e. a de-privileged qemu or a stub
| domain. (Patch 1, combining the fix to both these two issues.)
|
| In addition handling of XENMEM_decrease_reservation can also trigger a
| host crash when the specified page order is neither 4k nor 2M nor 1G
| (CVE-2021-28708, patch 2).
XSA-389 [4] "issues with partially successful P2M updates on x86":
| x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode,
| to provide a way for them to later easily have more memory assigned.
|
| Guests are permitted to control certain P2M aspects of individual
| pages via hypercalls. These hypercalls may act on ranges of pages
| specified via page orders (resulting in a power-of-2 number of pages).
| In some cases the hypervisor carries out the requests by splitting
| them into smaller chunks. Error handling in certain PoD cases has
| been insufficient in that in particular partial success of some
| operations was not properly accounted for.
|
| There are two code paths affected - page removal (CVE-2021-28705) and
| insertion of new pages (CVE-2021-28709). (We provide one patch which
| combines the fix to both issues.)
Impact
-------
Malicious or buggy guest kernels may be able to mount Denial of Service
(DoS) attacks affecting the entire system. Privilege escalation and
information leaks cannot be ruled out.
These issues affect only qubes that have dynamic memory balancing
enabled. In the default Qubes OS configuration, this excludes sys-net
and sys-usb, which have memory assigned statically. All other
Linux-based qubes are affected.
Credits
--------
See the original Xen Security Advisories.
References
-----------
[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/how-to-update/
[3] https://xenbits.xen.org/xsa/advisory-388.html
[4] https://xenbits.xen.org/xsa/advisory-389.html
--
The Qubes Security Team
https://www.qubes-os.org/security/
and sys-usb, which have memory assigned statically. All other
Linux-based qubes are affected.
Credits
--------
See the original Xen Security Advisories.
References
-----------
[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/how-to-update/
[3] https://xenbits.xen.org/xsa/advisory-388.html
[4] https://xenbits.xen.org/xsa/advisory-389.html
--
The Qubes Security Team
https://www.qubes-os.org/security/
Fedora 33 has reached EOL
https://www.qubes-os.org/news/2021/11/30/fedora-33-eol/
As previously announced (https://www.qubes-os.org/news/2021/11/11/fedora-33-approaching-eol-fedora-34-templates-available/), Fedora 33 has reached EOL (end-of-life (https://fedoraproject.org/wiki/End_of_life)).
If you have not already done so, we strongly recommend upgrading (https://www.qubes-os.org/doc/templates/fedora/#upgrading) your
Fedora 33 templates and standalones to Fedora 34 immediately.
We provide fresh Fedora 34 template packages through the official Qubes
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.qubes-os.org/doc/templates/fedora/#installing). Alternatively, we also provide step-by-step
instructions for performing an in-place upgrade (https://www.qubes-os.org/doc/template/fedora/upgrade/) of an existing Fedora
template. After upgrading your templates, please remember to switch all
qubes that were using the old template to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases that are supported for your
specific Qubes release, see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
Please note that no user action is required regarding the OS version in
dom0. For details, please see our note on dom0 and EOL (https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol).
Note for 4.1 release candidate testers: Qubes R4.1-rc1 already
includes the Fedora 34 template by default, so no action is required.
https://www.qubes-os.org/news/2021/11/30/fedora-33-eol/
As previously announced (https://www.qubes-os.org/news/2021/11/11/fedora-33-approaching-eol-fedora-34-templates-available/), Fedora 33 has reached EOL (end-of-life (https://fedoraproject.org/wiki/End_of_life)).
If you have not already done so, we strongly recommend upgrading (https://www.qubes-os.org/doc/templates/fedora/#upgrading) your
Fedora 33 templates and standalones to Fedora 34 immediately.
We provide fresh Fedora 34 template packages through the official Qubes
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.qubes-os.org/doc/templates/fedora/#installing). Alternatively, we also provide step-by-step
instructions for performing an in-place upgrade (https://www.qubes-os.org/doc/template/fedora/upgrade/) of an existing Fedora
template. After upgrading your templates, please remember to switch all
qubes that were using the old template to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases that are supported for your
specific Qubes release, see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
Please note that no user action is required regarding the OS version in
dom0. For details, please see our note on dom0 and EOL (https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol).
Note for 4.1 release candidate testers: Qubes R4.1-rc1 already
includes the Fedora 34 template by default, so no action is required.
XEN PROJECT SHIPS VERSION 4.16 WITH FOCUS ON IMPROVED PERFORMANCE SECURITY AND HARDWARE SUPPORT
https://xenproject.org/2021/12/02/xen-project-ships-version-4-16-with-focus-on-improved-performance-security-and-hardware-support/
NEW VERSION INTRODUCES ARM VIRTUAL PERFORMANCE MONITOR COUNTERS AND BROADER X86 HARDWARE SUPPORT. COMMUNITY INITIATIVES, INCLUDING FUNCTIONAL SAFETY AND VIRTIO, CONTINUE TO PROGRESS. The Xen Project, an open source hypervisor...
https://xenproject.org/2021/12/02/xen-project-ships-version-4-16-with-focus-on-improved-performance-security-and-hardware-support/
NEW VERSION INTRODUCES ARM VIRTUAL PERFORMANCE MONITOR COUNTERS AND BROADER X86 HARDWARE SUPPORT. COMMUNITY INITIATIVES, INCLUDING FUNCTIONAL SAFETY AND VIRTIO, CONTINUE TO PROGRESS. The Xen Project, an open source hypervisor...
Debian 11 templates available
https://www.qubes-os.org/news/2021/12/07/debian-11-templates-available/
New Debian 11 templates are available for both Qubes 4.0 and 4.1.
We provide fresh Debian 11 template packages through the official Qubes
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.qubes-os.org/doc/templates/debian/#installing). Alternatively, we also provide step-by-step
instructions for performing an in-place upgrade (https://www.qubes-os.org/doc/template/debian/upgrade/) of an existing Fedora
template. After upgrading your templates, please remember to switch all
qubes that were using the old template to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases that are supported for your
specific Qubes release, see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
Please note that no user action is required regarding the OS version in
dom0. For details, please see our note on dom0 and EOL (https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol).
https://www.qubes-os.org/news/2021/12/07/debian-11-templates-available/
New Debian 11 templates are available for both Qubes 4.0 and 4.1.
We provide fresh Debian 11 template packages through the official Qubes
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.qubes-os.org/doc/templates/debian/#installing). Alternatively, we also provide step-by-step
instructions for performing an in-place upgrade (https://www.qubes-os.org/doc/template/debian/upgrade/) of an existing Fedora
template. After upgrading your templates, please remember to switch all
qubes that were using the old template to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases that are supported for your
specific Qubes release, see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
Please note that no user action is required regarding the OS version in
dom0. For details, please see our note on dom0 and EOL (https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol).