27
You started so well but
everything ran over Tor by default
ew
It should be pointed out: deblobbing a kernel does not necessarily harden it. Secure and libre are orthogonal concepts. That being said, I like your idea.
everything ran over Tor
.. everything run over Tor ..
project gets ripped up and thrown in the trash
I fixed it lol
Absolutely in favour, the non-free blobs are a persistent thorn in my side. I myself have always been tempted to replace all the fedora and debian templates with alpine or OpenBSD to get smaller VMs (and without systemd), built as many things as unikernels as possible (e.g. the MirageOS firewall), and I'd love if X11 got replaced with Wayland (that one is hard, the X11 modifications are kind of the core of what Qubes provides).
That would be interesting. Maybe a separate ISO could be created for someone like you. The only issue with using OpenBSD instead of Linux is that OpenBSD’s network stack is much different from Linux’s, which could potentially worsen your anonymity because so few people use OpenBSD. For now, I would at least try to provide optional non‑systemd Debian templates with OpenRC or runit. I do love the minimilist setup though, your other ideas are definitely noted.
Absolutely, this is an admirable project.
But the first thing you should know is that QubeOS is not based on Linux, but is actually a different kernel, Xen. The Xen kernel virtualizes Linux, and all Linux runs under it.
Networking and hardware access is done by certain VM's having devices (like the ethernet card or monitor/keyboard) passed through them, where Linux then handles the hardware access with it's drivers.
This is important to understand that, because QubeOS is not a Linux distro. Really, it's just that they selected Linux (it was either Debian or Fedora IIRC) as their management VMs.
But once you understand that it's absolutely feasible to adjust the VM's. It's probably easier to modify a LInux distro (or create your own) and use that for all the VM's, and then to reuse Qube's management related software. That way you could do something like ship a version of debian that disables non-free software and firmware in the debian repos. Doing that is probably easier than creating your own distro entirely from scratch.
Another interesting thing about Qubes is that you are not limited to Linux. Of course, using Linux will be easiest. But the management VM's can technically be any OS that supports it.
I've never built a full ISO or Libre kernel specifically. But, For debugging few issues in my laptop I've built the kernel for qubes OS and app VMs. But from your description it sounds like you just want to disable certain modules. That can easily be achieved by updating the .config for the kernel and if needed you can add the patches to the kernel from Linus (Qubes is already adding few) check out https://github.com/QubesOS/qubes-linux-kernel
you can also use Qubes builder v2 to create rpm packages in secure way.
this post was submitted on 15 Jun 2026
27 points (93.5% liked)
Linux
65802 readers
934 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 7 years ago
MODERATORS