It's my pleasure to announce the first Beta for Qubes Release 2 is now available for download.
This
release introduces generic support for fully virtualized AppVMs
(called HVMs in Xen parlance), and specifically initial support for
Windows-based AppVMs integration. It's been quite a challenge to add
support for secure HVMs to Qubes without breaking its security
architecture, and I already wrote about it in the past.
Generic support for HVMs means you can
now install many different OSes as Qubes VMs, such as various Linux
distros, BSD systems, and, of course, Windows. Essentially all you
need is an installation ISO and the whole process is similar to
creating a VM in a program like Virtual Box or VMWare Workstation
(although we believe the underlying architecture for this is more
secure in Qubes).
Additionally we provide a set of tools for Windows-based AppVMs (Windows 7 specifically) which allow for tight integration with the
rest of the Qubes system. This currently includes support for secure
(and policy controllable) clipboard and file exchanges between the
Windows-based AppVMs and other AppVMs, integration with Qubes
advanced networking infrastructure, and PV drivers for faster
operation. As of now there is still no seamless app integration for
Windows applications, so Windows VMs are presented as
full-desktop-within-a-window, but we're aiming to add support for
this in the next Betas.
Unlike the rest of Qubes, which is
distributed under a GPL v2 license, the Qubes Windows Support Tools are not
open sourced and are distributed as binaries only, under a proprietary
license. They are free to use for any Qubes 2 user. The tools are not part of the Qubes 2 installation ISO (which is
GPL), and are down loadable on demand.
More information about creating and
using HVM domains, including Windows-based AppVMs, can be found in the wiki here.
To summary, here's a quick list of some
of the exciting new features that toady's release brings in:
- Support for generic fully virtualized VMs (without qemu in the TCB!)
- Support for Windows-based AppVMs integration (clipboard, file exchange, qrexec, pv drivers)
- Secure audio input to select AppVMs (Hello Skype users!)
- Clipboard is now also controlled by central policies, unified with other qrexec policies.
- Out of the box TorVM support
- Experimental support for PVUSB
- Updated Xorg packages in Dom0 to support new GPUs
- DisposableVM customization support
- ... and, as usual, various fixes and other improvements :)
Existing users of Qubes R1 can upgrade
without needing to reinstall – the upgrade procedure is described
here.
Standard installation is described here.
Enjoy!
PS. Please send all the technical questions to the qubes-devel mailing list, instead posting them as comments to this blog. Keep the comments here for more generic discussions.
PS2. As usual, I would like to remind that we have little control over the servers that are used for Qubes ISO distributions and that the downloads should be verified according to the procedure described here. We always assume that even our own servers (git, wiki, yum) could be compromised, and yet this should not affect Qubes security in any way, because of the extensive use of digital signatures everywhere in the development and distribution process.