Completed the Qubes OS introduction and installation draft

opsec/qubesos/index.html

@@ -0,0 +1,223 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>Qubes OS guide</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 00 / 00 / 00</ba></p>
+<h1>Qubes OS guide </h1>
+<p>Official site of Qubes OS <a href="https://www.qubes-os.org">https://www.qubes-os.org</a></p>
+<p>When you land into this tutorial, I assume you already have some Linux experience, if not this might not be suitable for you, since Qubes OS is not very user friendly. I recommend you to try some normal Linux distribution first <a href="https://blog.nowhere.moe/opsec/linux/index.html">https://blog.nowhere.moe/opsec/linux/index.html</a></p> 
+<p>Qubes OS is a very cutting edge OS that uses virtualization everywhere to compartmentalize your digital life. It is technically not a Linux distribution, it is built on Xen which is a type 1 hypervisor that runs bare metal, <a href="https://en.wikipedia.org/wiki/Xen">https://en.wikipedia.org/wiki/Xen</a></p>
+<p>First you have Xen hypervisor booted at startup, then you get separate VM for all of your activities. Because all of your activities are separated by VM, one of them get hacked will not compromise the security of your entire system. It is like manage your personal pc like a server, that is why Qubes OS is a highly secure OS if used correctly</p>          
+<p>If you want to dive into the tech details and concepts about Qubes, official document is the best place <a href="https://www.qubes-os.org/intro/">https://www.qubes-os.org/intro/</a></p>
+</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Comparison </b></h2>
+<p>Why you should use Qubes OS instead of xyz config I use?</p>
+<p>1.Easier network configuration</p>
+<p>Qubes OS is designed to have a basket of differnt VMs with different <b>trust level</b>, and has a very easy menu in GUI method to manage the network of these VMs. Qubes OS also has built-in firewall function to stop unexpected leaks. In short, it is less likely for you to make mistakes in Qubes</p>
+<p>For example if you want to have many different network configs like below link to satisfy your different online identities, Qubes OS is the right tool.</p>
+<p><a href="https://blog.nowhere.moe/opsec/internetsegmentation/index.html">https://blog.nowhere.moe/opsec/internetsegmentation/index.html</a>. Check this theory about online identities, with Qubes OS you can easily build up chains of vm for doing whatever you want, for example different combination of vpn/proxy/tor</p>
+<img src="qubes-trust-level-architecture.png" class="imgRz" style="width: 600px">
+<p>A image that shows Qubes OS with different vm for different functions and identities</p>
+
+<p>2.Integrated Whonix</p>
+<p>Qubes OS integrate whonix gateway and workstation by default, tor browser works out of the box. You can also use whonix gateway to torrify applications that do not support tor and it is leak proof. You can achieve all of these with some clicks of buttons, and no complicated iptables needed</p>
+<p>For learning what is whonix <a href="https://www.whonix.org/wiki/FAQ">https://www.whonix.org/wiki/FAQ</a></p>
+<p>3.Superior safety</p>
+<p>Xen is a hypervisor that has a much smaller code than vmware/virtual box/kvm, it is possible to read and audit the entire code base. Besides qubes OS also put networking and usb service stack into VM, this feature greatly increases your host OS security from malicious network and usb. The days when you just plugin a bad usb into your computer and it booms are gone!</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Installation preparation</b></h2> </br> </br>
+<p>If you decided to install and try Qubes OS, then you must pick the correct hardware, since Qubes OS is a very cutting edge OS you should expect some compatibility issues.</p>
+<p>For desktop PC actually you should not worry too much, I have installed Qubes OS on many intel/amd platforms, with all kinds of peculiar combination of cpu and gpu, it all works. As long as you are on a quite modern platform with common consumer gpu, you should be fine</p>
+<p>This is the official hardware compatibility list, but be aware it is definitely incomplete, since people runs Qubes OS without problem mostly do not bother to report their config <a href="https://www.qubes-os.org/hcl/">https://www.qubes-os.org/hcl/</a></p>
+<p>For laptops you should be careful, you better get a mainstream business laptop. I tried many installation on lenovo or hp business laptops from recent years, they all worked fine. However you should especially try to avoid laptops from non-traditional vendors like Xiaomi or whatever Chinese brand, and any gaming laptop with very peculiar gpu setup.</p>
+<p>Next thing is to download the installation ISO, go to their website and download</p>
+<img src="Screenshot From 2024-12-05 11-20-03.png" class="imgRz" style="width: 800px">
+<p>Download the ISO and hash digest</p>
+<p>Next thing is to verify your ISO file is authentic, Qubes OS has a very detailed guide on how to do that so there is no need for me to build the wheel again <a href="https://www.qubes-os.org/security/verifying-signatures/">https://www.qubes-os.org/security/verifying-signatures/</a></p>
+<p>I will paste the master key fingerprint here for comparison:427F11FD0FAA4B080123F01CDDFA1A3E36879494</p>
+
+<p>Next step is to find a usb, make sure it is at least 16GB, then find its path</p>
+	
+<pre><code class="nim">
+$ sudo blkid	
+</code></pre>
+
+<p>For example my usb is located at /dev/sda, then we use dd to burn the image into usb</p>
+<pre><code class="nim">
+$ sudo dd if=<Qubes OS install ISO name> of=/dev/sda status=progress
+</code></pre>
+<p>Warning: dd is a low level too aka data destroyer, check the input parameters carefully and make sure "of" points towards your usb, otherwise it might nuke your computer !!!</p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <!-- +++++ Second Post +++++ -->
+	<div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Install</b></h2> </br> </br>
+<p>Next thing is to reboot into your computer and BIOS(EFI), this is different for every platform so you should find it out on google.</p>
+<p>You need to make two changes in BIOS basically, first you need to turn off secure boot(I know this is sad), but unfortunately secure boot and Xen did not work together on most consumer grade machines. I personally recommends only use qubes at home pc, or those so called "Qubes certified" laptops equipped with heads(What is header -> <a href="https://trmm.net/Heads/">https://trmm.net/Heads/</a>) that can protect your boot partition and has anti evil maid features <a href="https://www.qubes-os.org/doc/certified-hardware/">https://www.qubes-os.org/doc/certified-hardware/</a>. </p>
+<p>Next if you are on UEFI mode you need to enable "CSM". <a href="https://superuser.com/questions/1284392/what-exactly-is-uefi-with-csm-boot-mode">https://superuser.com/questions/1284392/what-exactly-is-uefi-with-csm-boot-mode</a>. You also need to find that in your bios menu, it should usually appear below boot options. This can fix a lot of potential troubles later</p>
+<p>Final thing is remember to turn on vt-x or cpu virtualization support, since this is needed for Qubes. Check your bios, if there is a setting called IOMMU, you also need to enable that</p>
+<p>Finally, reboot and choose your usb as a boot device</p>	
+<img src="Screenshot From 2024-12-05 16-26-38.png" class="imgRz" style="width: 900px">
+<p>If things worked correctly, you should see a menu like this, just click enter and wait</p>
+<img src="Screenshot From 2024-12-05 16-28-18.png" class="imgRz" style="width: 900px">
+<p>At this step, click "continue", if your computer is fully compatible and all bios settings are correct, you should see no warning message, otherwise go back to check bios again. If your computer is not some ancient stuff if should be compatible</p>
+<img src="Screenshot From 2024-12-05 16-28-40.png" class="imgRz" style="width: 900px">
+<p>At this step you need to config the disk, click the installation destination</p>
+<img src="Screenshot From 2024-12-05 16-29-00.png" class="imgRz" style="width: 900px">
+<p>If you are installing on a fresh drive just check the three areas on the pictures</p>
+<img src="Screenshot From 2024-12-05 16-28-40.png" class="imgRz" style="width: 900px">
+<p>Next is to choose a disk encryption password, notice this is the password used to encrypt your disk and is the only thing protects you when FBI kicks your door, so make sure it is strong enough</p>
+<img src="Screenshot From 2024-12-05 16-29-12.png" class="imgRz" style="width: 900px">
+<p>Select "delete all" and "reclaim space", make sure you backed up everything!</p>
+<img src="Screenshot From 2024-12-05 16-29-23.png" class="imgRz" style="width: 900px">
+<p>Next create a user with password, this is the password you will use to unlock the screen</p>
+<img src="Screenshot From 2024-12-05 16-29-33.png" class="imgRz" style="width: 900px">
+<p>Next choose "Begin Installation", and just wait until it is completed.</p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+	<div id="anon2">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+		  <h2><b>Post Install Setup</b></h2> </br> </br>
+	<p>You still cannot use your qubes at this step, since you need to run post install setup.</p>
+	<img src="Screenshot From 2024-12-05 16-40-34.png" class="imgRz" style="width: 900px">
+	<p>These configs in most situation do not need to be changed, however if you are using wired connection you can make sys-net disposable, this increases your security a little bit.</p>
+	<p>If you are using wireless network through a usb dongle you might need to choose "Use sys-net qube for both networking and USB devices"</p>
+    <p>You can also enable system and template update over tor, but this will become significantly slower for big updates. And there is no need to touch the advanced configuration.</p>
+	<p>Click done and let the scripts run, do not interrupt it by closing your computer</p>
+	<img src="Screenshot From 2024-12-05 17-40-39.png" class="imgRz" style="width: 900px">
+    <p>And finally we get our Qubes</p>
+</div>
+			</div><!-- /row -->
+		</div> <!-- /container -->
+	</div><!-- /white -->
+	
+	<!-- +++++ Footer Section +++++ -->
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>PrismBreaker</h4>
+          <p>
+						Shatter the big brother.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 87iB34vdFvNULrAjyfVAZ7jMXc8vbq9tLGMLjo6WC8N9Xo2JFaa8Vkp6dwXBt8rK12Xpz5z1rTa9jSfgyRbNNjswHKTzFVh</p></br><p><u>Contact:</u> prismbreaker@waifu.club (<a href="https://keys.openpgp.org/vks/v1/by-fingerprint/735816B2B9E6F4660ECE44D983E602C4B6EA6AEE">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>