Join us as we inaugurate the Qubes OS Summit 2023 with a hearty welcome, fostering connections and setting the stage for an exchange of ideas over the next few days. Here's a glimpse of what we'll delve into:
- Reminisce the Past: A brief look back at the humble beginnings of the Qubes Summit and the simple idea of trustworthiness that brought us all together.
- Reflect on the Journey: Since we last met, there have been small but significant strides in the Qubes OS community. We'll share the essence of what has changed, the lessons learned, and the paths forged.
- Unfold the Schedule: We’ll unveil our simple yet engaging agenda for the next few days. From enlightening talks through open discussions, design sessions, and hackathon.
- Appreciate the Support: A big shout out to our sponsors who share our common vision for a privacy-centric digital world.
This talk is a summary of projects Qubes team currently works on, a summary what we accomplished for 4.2 release, and what is left to be finished for the next release.
In the collaborative world of technology, progress is forged through partnerships and shared visions. 3mdeb, grounded in this philosophy, has been actively engaging with various stakeholders in its mission to enhance the trustworthiness of computing devices, with a spotlight on client-level solutions. This keynote, to be delivered by the founder of 3mdeb, narrates our collective journey, a path defined by collaborative endeavors, learning from partnerships, and a steadfast commitment to fostering security, privacy, and trust in the Qubes OS ecosystem and beyond. Join us as we share the milestones achieved, the lessons learned, and the road ahead in our collaborative journey towards a more secure and trustworthy computing landscape.
In the 13 years since Qubes OS was released, the broader desktop ecosystem has changed in many ways. Some are good for Qubes OS, such as broader hardware virtualization support and the rise of immutable OS. Others are problematic for Qubes OS, such as increasing dependence on GPU acceleration. Yet others are neutral but not backwards compatible, such as the switch from X11 to Wayland and from PulseAudio to PipeWire. In this talk, I will discuss how Qubes OS can adapt to the changing ecosystem and the new use-cases this will open up.
Lunch break
Qubes OS is good at being secure, but bad at UX - that's the common knowledge. However, I would like to argue that bad UX can actually be bad security, and that bad design decisions are not just annoying, but can be actively detrimental to the security of the system.
Deeplow will be presenting his ongoing work on video tutorials for Qubes OS and how he set up his computer to be able to record and edit fully on Qubes OS.
Qubes OS device use flow leaves much to be desired - from confusing USB storage to eternal woes of connecting camera and microphone at the same time to the correct qube, it's all not quite as smooth as we would like. I am currently working on improving this situation with a more cohesive device UX for Qubes.
Device UX Design Session
Closing notes
Admiralstraße 1-2, 10999 Berlin, Germany
https://maps.app.goo.gl/2rB2KUJWWJH7ENyFA
https://www.openstreetmap.org/way/65425822
https://www.suedblock.org
- Day 2 event schedule and organization announcements
- Shout out to the sponsors
A summary how to contribute to Qubes OS. The talk will focus on code changes, how it works currently and what we would like to change. Some non-code contributions like bug reports or documentation will also be covered.
A short overview of the current effort to get S0ix (suspend to idle) working on Qubes OS.
In this presentation, we will introduce AEM and TrenchBoot, shedding light on how TrenchBoot's DRTM technology aims to improve AEM. We'll discuss our journey, covering the roadmap for integrating TrenchBoot into Qubes OS, sharing the challenges we've encountered, and highlighting recent advancements. Join us to explore the synergy between AEM and TrenchBoot, shaping a more secure future for Qubes OS users.
NovaCustom is a leading supplier of secure laptops with Dasharo coreboot firmware. In this talk, Wessel will introduce some new Dasharo-NovaCustom October 2023 firmware update features. He will also give a demonstration of working Heads firmware, including a USB Security Device in combination with Qubes OS. Wessel will show some new physical privacy options during the installation, especially the new anti-tamper solution.
Creating and maintaining a Qubes OS configuration is no small feat, especially when striving for consistency across multiple devices or during device migrations. This tutorial delves into a developer's experience using the masterless configuration of SaltStack in Qubes OS to craft and manage a personalized set of AppVMs and TemplateVMs, aligning with a reasonably typical workflow, albeit less paranoid than the one suggested in the Qubes OS guide on organizing your qubes.
Lunch break
During the talk, I will introduce the CTAP2 proxy service in the Qubes OS, which replaces the older U2F proxy. Our new service has been designed to ensure compatibility with the new Fido2 standard, thus enabling the full capabilities of newer hardware keys such as device PIN. Throughout the presentation, we will delve into the details of the newly introduced qrexec
policies and consider the issue of backward compatibility. Spoiler alert: you may not even notice the upgrade.
Multi VM application
This talk will present the recent progress of the Qubes OS Documentation Localization project, focusing on weblate and a future Qubes Localization Workflow.
This tool will assess how well different hardware setups support platform security features like D-RTM, S-RTM, Intel Boot Guard, AMD Platform Secure Boot, and UEFI Secure Boot, and how they align with Qubes OS security standards. In the future parts of the tools or results reported by it could be presented directly within the Qubes OS User Interface, so users can easily understand the security readiness of their system. Through this session, we hope to take a step towards making security assessment more accessible and straightforward for all Qubes OS users both at the stage of evaluating potential hardware targets as well as for comparison between various vendors.
Platform Security Design Session
Closing notes