Join us as we inaugurate the Qubes OS Summit 2024 with a hearty welcome, fostering connections and setting the stage for exchanging ideas over the next few days. Here's a glimpse of what we'll delve into:

• Reminisce the Past: A brief look back at the humble beginnings of the Qubes Summit and the simple idea of trustworthiness that brought us all together.
• Reflect on the Journey: Since we last met, there have been small but significant strides in the Qubes OS community. We'll share the essence of what has changed, the lessons learned, and the paths forged.
• Unfold the Schedule: We'll unveil our simple yet engaging agenda for the next few days, which includes enlightening talks, open discussions, design sessions, and a hackathon.
  Appreciate the Support: We thank our sponsors, who share our vision for a privacy-centric digital world.

The security posture of an operating system heavily relies on its ability to assess and utilize hardware security features. However, a significant gap exists in the awareness of these capabilities, limiting the potential for comprehensive security evaluation. This session will explore the landscape of hardware security assessments across various ecosystems, including GNOME’s Device Security Settings, KDE Plasma’s Firmware Security page, and Qubes OS Security Report. We will discuss the importance of exposing hardware security interfaces to operating systems and drawing insights from tools like lscpu and /proc/cpuinfo. This session aims to answer the question of how to make Qubes OS Security Report implementation a leading role model in the OSS ecosystem by building robust frameworks for security feature detection and ensuring protection against misconfigurations and vulnerabilities.

Closing notes

• Day 2 event schedule and organization announcements
• Shout out to the sponsors

The ever-evolving landscape of cybersecurity demands robust mechanisms to ensure the integrity and trustworthiness of computing environments. UEFI Secure Boot has emerged as a critical feature to protect systems against persistent firmware attacks and unauthorized code execution. While Qubes OS is renowned for its security-centric approach, the official support for UEFI Secure Boot remains a significant milestone yet to be fully realized.

This talk will explore the challenges and potential solutions for implementing UEFI Secure Boot in Qubes OS. Leveraging insights from ongoing discussions and issues like QubesOS Issue #4371, we will explore the necessary system changes, from signing boot images to configuring the system to accommodate Secure Boot's complexities.

Key aspects to be covered include:

1. Current Limitations and User Impact: Understanding why Secure Boot is not currently supported and the implications for users, particularly those needing dual-boot environments.
2. Technical Roadblocks: This section highlights technical challenges such as signing GRUB and Xen binaries, managing key enrollments, and ensuring compatibility across different hardware setups.
3. Proposed Solutions: This section discusses the steps proposed in issue #4371 to sign boot images with dedicated keys, build unified Xen boot images, and make necessary GRUB configuration changes.
4. Security Enhancements and Benefits: Evaluate how Secure Boot can enhance Qubes OS's overall security posture and protect against specific attack vectors.
5. Roadmap and Community Involvement: Outlining the future steps towards full Secure Boot support and how the community can participate in the ongoing testing, feedback, and development efforts.

This talk addresses both the technical and procedural aspects and aims to provide a comprehensive roadmap for achieving UEFI Secure Boot support in Qubes OS, ultimately paving the way for a more secure and resilient operating system.

Closing notes