How to install Qubes OS as a virtual machine


Qubes OS defines itself modestly as “a reasonably secure operating system.” It might actually be one of the safest operating systems, often used by pros who are most concerned with computer security.

Image: Qubes

Qubes OS is a free open-source operating system that’s fully security-oriented. It leverages Xen-based virtualization, which allows the user to create, use and delete easily isolated compartments called qubes.

To make it simple to understand, every qube is implemented as a virtual machine that is fully configurable by having specific purpose, nature and level of trust.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

As an example, it is possible to quickly open a lightweight qube for Internet browsing, which will self-destruct when closed. This way, if the user visits fraudulent websites spreading malware, he or she is still safe. Qubes OS also allows the user to simultaneously run multiple operating systems: Windows, Debian and Fedora.

Qubes requirements

To get the best of Qubes OS, it is, of course, better to make a full installation of it on a computer.

Qubes OS has very specific hardware requirements, in particular the need for IOMMU-based virtualization in the BIOS or UEFI. It also needs 64-bit Intel or AMD processor, 6GB of RAM and 32GB of hard disk free space. It is recommended to have 16GB of RAM and 128GB of SSD free space.

Users without experience with Qubes OS should first go for a virtual machine installation to get the feel and really test it before installing.

Here is a guide to install Qubes OS in VirtualBox, the host being a Windows operating system.

We also need to download the Qubes OS ISO file–stable release (Figure A).

Figure A

The download options from Qubes OS website.

  The download options from the Qubes OS website.

Choose your favorite way of downloading (direct download or via torrent), check the file hash when done, and you’re ready to install.

How to install the virtual machine

Open VirtualBox and choose Machine/New then choose a name for the virtual machine. For our installation, we will call it QubesOS-vm. Change the folder according to your needs, and select Linux / Fedora (64-bit) (Figure B).

Figure B

Creating the new virtual machine in VirtualBox.

  Creating the new virtual machine in VirtualBox.

Click Next then select the size of the memory (RAM) you wish to be allocated to the virtual machine (Figure C).

Figure C

Setting RAM capacity for the virtual machine.

  Setting RAM capacity for the virtual machine.

Click Next, select Create a Virtual Hard Disk Now, then click Create. Select VDI as the hard disk file type, then click Next.

It’s now up to you to choose between a dynamically allocated virtual hard drive or a fixed-size one. The fixed size option allows you to set a maximum size that will never change on the physical hard drive. The dynamically allocated option will only consume disk storage as it fills up. Eighty gigabytes is generally a good size for this kind of virtual machine, but of course it all depends on your hardware and the space left on it.

SEE: Linux turns 30: Celebrating the open source operating system (free PDF) (TechRepublic)  

The next step is setting the size of the virtual hard drive (Figure D). 

Figure D

Set the virtual hard drive size.

  Set the virtual hard drive size.

Click Create, and wait for the VirtualBox to finish setting up. The virtual machine environment is now ready.

Right-click on the new virtual machine, and select Settings (Figure E).

Figure E

Access the settings for the virtual machine.

  Access the settings for the virtual machine.

Change all the settings according to your needs and hardware. In the System tab tick Enable EFI (special OSes only) (Figure F).

Figure F

Enable EFI.

Go to the Storage tab, click the CD ROM image that says Empty in the middle pane, and click on the second CD ROM image on the right pane. Choose Disk File (Figure G).

Figure G

Choose the ISO file for installation.

  Choose the ISO file for installation.

Select the ISO file, click Open, then click OK.

Configuration is now OK in VirtualBox, except for one parameter we need to activate via the command line of our Windows system. It is called Enable Nested VT-x/AMD-V in the system/processor tab of VirtualBox, but is grayed out and cannot be activated with the GUI.

Quit VirtualBox, and launch a command line by hitting the Windows key of your keyboard and type cmd.exe, then hit the Return key.

In the command prompt, go to your VirtualBox installation folder and type the following (Figure H):

VBoxManage.exe modifyvm  --nested-hw-virt on

Figure H

Activate the Nested VT-x/AMD-V parameter in the command line.

  Activate the Nested VT-x/AMD-V parameter in the command line.

If you are unsure about the name of your virtual machine, the following command will list all your virtual machines by name:

VBoxManage.exe list vms

Relaunch VirtualBox, go once again to your settings to check that the option has indeed been activated (Figure I).

Figure I

Qubes OS ISO is now ready for booting. Right click on the virtual machine, select Start/Normal Start.

  Qubes OS ISO is now ready for booting. Right click on the virtual machine, select Start/Normal Start.

Installation starts and asks for the language for the operating system (Figure J).

Figure J

QubeOS is ready to be installed: Choose a language.

  QubeOS is ready to be installed: Choose a language.

Select your language and click Continue.

A new page opens. Feel free to change keyboard layout or language if needed, in addition to the time zone, then click on Installation Destination (Figure K).

Figure K

The menu page where installation destination needs to be set.

  The menu page where installation destination needs to be set.

Choose the way you want partitioning to be done: automatic or manual. Generally, for a virtual machine, it is best to select automatic partitioning, since we do not have any particular need regarding the virtual hard drive. Also, here is the place to determine if you want the data to be encrypted (Figure L).

Figure L

Choosing automatic partitioning and encryption.

  Choosing automatic partitioning and encryption.

Click done, then type your encryption passphrase twice (Figure M).

Figure M

Entering the passphrase twice, for data encryption.

  Entering the passphrase twice, for data encryption.

Click Save Passphrase. The installation brings you back to the menu.

Click Begin Installation.

Click User Creation, then select a username and password (Figure N).

Figure N

Choose a username and password.

  Choose a username and password.

Click Done, and wait for the installation to finish, which can take a few minutes.

You might also want to create a root user account, which you can do by clicking on Root Password aside of User Creation.

Once the installation is done, click Reboot and wait.

After reboot, a new window appears to finish the configuration (Figure O).

Figure O

Finishing the configuration.

  Finishing the configuration.

Click QUBES OS, then keep the options as ticked in the next menu (Figure P):

Figure P

Set the options for default qubes.

  Set the options for default qubes.

Click on Done, then click Finish Configuration.

Qubes OS will now install and configure the default qubes, which will take several minutes depending on your choices.

The login screen appears. Choose your username and type your password (Figure Q).

Figure Q

The login screen from Qubes OS.

  The login screen from Qubes OS.

Once logged in, you can start enjoying Qubes OS (Figure R).

Figure R

The Qubes OS environment once logged in.

  The Qubes OS environment once logged in.

Qubes OS is certainly not the easiest operating system to install. It needs some technical knowledge not only during installation but also for using it. On the other hand, it has been created for people who really care about security, with at least medium computer and internet knowledge.

For those who need more privacy, Qubes OS offers the ability to run the Whonix distribution as qubes and use it for anonymity.

Disclosure: I work for Trend Micro, but the views expressed in this article are mine.

Also see



Source link