Today we're releasing Qubes R2 Beta 3,
one of the latest milestones on our roadmap for Qubes R2. Even though it is still called a
“beta”, most users should install it, because, we believe, it is
the most polished and stable Qubes edition. Looking back, I think it
was a mistake to use this alpha/beta/rc nomenclature to mark Qubes
releases, and so, starting with Qubes R3 we will be just using
version numbers: 3.0, 3.1, etc.
Anyway, back to the R2 Beta 3 – below
I discuss some of the highlights of the today's release:
- The seamless GUI virtualization for Windows 7-based AppVMs, and support for HVM-based templates (e.g. Windows-based templates) is one of the most spectacular feature of this release, I think. It has already been discussed in an earlier blog post, and now instructions have also been added to the wiki for how to install and use such Windows AppVMs.
- We've also introduced a much more advanced infrastructure for system backups, so it is now possible to make and restore backups to/from untrusted VMs, which allows e.g. to backup easily the whole system to a NAS, or just to an USB device, not worrying that somebody might exploit the NAS client over the network, or that plugging of the USB disk with malformed partition table or filesystem might compromise the system. The whole point here is that the VM that handles the backup storage (and which might be directing it to a NAS, or somewhere) might be compromised, and it still cannot do anything that could compromise (or even DoS) the system, neither can it sniff the data in the backup. I will write more about the challenges we had to solve and how we did it in a separate blog post. I'm very proud to note that majority of the implementation for this has been contributed by the community, specifically Oliver Medoc. Thanks!
- A very simple feature, trivial almost, yet very important from the security point of view – it is now possible to set 'autostart' property on select VMs. Why is this so important for security? Because I can create e.g. UsbVM, assign all my USB controllers to it, and then once I set it as autostarting, I can have assurance that all my USB controllers will be delegated to such AppVM immediately upon each system boot. Having such a UsbVM is a very good idea, if one is afraid of physical attacks coming though USB devices. And it now could double as a BackupVM with this new backup system mentioned above!
- To improve hardware compatibility we now ship the installer with multiple kernel versions (3.7, 3.9, and 3.11) allowing to run the installation using any of those, e.g. if it turned out that one kernel doesn't support the graphics card correctly -- a typical problem many users faced in the past. All the kernels are also installed in the final system, allowing the user to easily boot with a select Dom0 kernel later, choosing the one which supports their hardware best.
- Another popular problem of the past now was the lack of support for dynamically changing resolution/screen layout in the AppVMs when a seccond monitor or a projector was hot-plugged in (which changed only the resolution layout in Dom0). Now this problem has been solved and the new monitor layout is dynamically propagated to the AppVMs, allowing to use all the screen real estate by the apps running there.
- There has also been a significant amount of cleanups and fixes. This includes the unification of paths and command names (“The Underscore Revolution” as we call it), as well as refactoring of all the source code components (which now closely matches what we have on Qubes Odyssey/R3), and lots of various bugfixes.
We're planning one more release (Qubes
R2 RC1) before the final R2, which will bring improvements mostly in
the area of more polished UI, such as allowing some of the tasks that
currently require commandline to be done from the Qubes Manager. So,
this would mostly be a minor cosmetic upgrade, plus bugfixes. And
probably we will also upgrade the default Linux template to Fedora 20.
Installation and upgrade instructions
can be found here.
Thank you all for your work on this release.
ReplyDeleteCan't wait for Qubes R2 to be released!
ReplyDeleteYou are simple amazing!
ReplyDeleteAbsolutely amazing and thank very very much.
ReplyDeleteBitcoins are a bit hard to get but definitly on the way!
Amazing job. Please keep it up, this is so important work, you cannot be praised enoguh.
ReplyDeleteBR Johan
any progress with passing gpu to qubes?
ReplyDeleteThis is some amazing work! I have been trying this out on one of my machines at work as a proof of concept desktop. That said I do have a different question for more casual use...is it possible with the latest release to actually passthrough a GPU like with normal Xen?
ReplyDelete(for a reference this is a Linux Mint article that details how to do it for ubuntu/debian distros)
http://forums.linuxmint.com/viewtopic.php?t=112013&f=42
My goal here would be to create a gaming AppVM. This is impressive stuff and I see alot of potential for this beyond just a simple security desktop. I have a 2 GPU setup (nvidia for the host, AMD for the guest) from what I have seen this seems to be a viable setup. Thanks for all your hard work on this.
I will try on my own what I can find but if you have any insight on how this could be done I am sure that would be hugely appreciated by many in the community.
Thanks for your outstanding work. I was wondering whether you might try to add seamless GUI virtualization for 'Mac OS X'-based AppVMs in a future release.
ReplyDeleteSince one can get Mavericks for free these days the only problem might be that Apple allows it's OS to be virtualized on Apple hardware only.
What do you think?