The open source, security-oriented Qubes OS team recently announced the release of Qubes OS 3.2,
One major feature that we’ve improved upon in this release is our integrated management infrastructure, which was introduced in Qubes 3.1. Whereas before it was only possible to manage whole VMs, it is now possible to manage theinsides of VMs as well.
The principal challenge we faced was how to allow such a tight integration of the management stack (for which we useSalt) with potentially untrusted VMs without opening a large attack surface on the (complex) management code. We believe we found an elegant solution to this problem, which we’ve implemented in Qubes 3.2.
We now use this management functionality for basic system setup during installation, for preparing our automatic tests, and for applying various custom configurations. In the future, we envision a simple GUI application allowing users to download ready-to-use Salt recipes for setting up various things, for example:
- Pre-configured apps optimized to take advantage of Qubes’ compartmentalization, such as Thunderbird with Qubes Split GPG
- UI and system-wide customizations for specific use cases
- Corporate remote management and integration
These features are planned for the upcoming Qubes 4.x releases.
In Qubes 3.2, we’re also introducing USB passthrough, which allows one to assign individual USB devices, such as cameras, Bitcoin hardware wallets, and various FTDI devices, to AppVMs. This means that it’s now possible to use Skype and other video conferencing software on Qubes!