Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps.
Key architecture features:
- Based on a secure bare-metal hypervisor (Xen)
- Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d)
- No networking code in the privileged domain (dom0)
- All user applications run in “AppVMs”, lightweight VMs based on Linux
- Centralized updates of all AppVMs based on the same template
- Qubes GUI virtualization presents applications like if they were running locally
- Qubes GUI provides isolation between apps sharing the same desktop
- Storage drivers and backends sand-boxed in an unprivileged virtual machine(*)
- Secure system boot based on Intel TXT(*)
Source==> THN