After I have created a sys-usb qube in dom0 on my Librem 14 by executing ‘sudo qubesctl state.sls qvm.sys-usb’, I have these three options:
Which one should I set as my default boot? The first two options work fine, whereas the last one initiates a shell recovery mode. So far, I know that Linux 5.10.90 is a linux kernel release but what are the advantages and disadvantages of xen hypervisor and xen 4.14.3… Which one is more security-optimized? Should I reset everything to factory settings where I’ll choose sys-usb during initial setup, so this issue does not persist anymore? What do you all think?
I still consider myself a non-expert QubesOS user, so I could be wrong, but I think that the first option is the one you want to use. The second and third options seem to be there in case you want to use an older linux kernel.
On my Librem 14 running QubesOS 4.1.1 (R4.1), I started the Qube Manager and selected About -> Qubes OS, and then I selected Version Information on the resulting pop-up:
xen_version : 4.14.5 Linux 5.15.78-1.fc32.qubes.x86_64
Thank you so much ; )! So, I hope it’ll work smoothly because Linux 5.15 is more recent than those two last options; however, how can we be 100% certain that xen_hypervisor corresponds to the most recent linux kernel? If there doesn’t exist any better method to decipher this ‘mystery’, then I just consider to factory reset my Librem 14 in order to avoid unnecessary issues or potential security weaknesses.
You can do what I described in my earlier comment, using the Qube Manager to check the Version Information, which includes the linux kernel version currently being used.
I think that this is probably unnecessary, and I will explain below:
The screenshots you posted show the boot options in PureBoot, and creating a sys-usb qube is not what caused these new options to appear. There must have been a dom0 update that included the newer kernel. The older kernel is saved as an available option in PureBoot in case the newer kernel breaks something important. The third option seems to be for people with special configuration needs for specific use-cases.
There is no harm in reinstalling QubesOS for any reason, but in this case, everything seems normal to me.
There are no silly questions, especially about QubesOS. You might want to check out the QubesOS forum to see helpful posts and questions that you might not have even considered yet.
Thanks very much! There I tried to find a solution for the boot option issue initially, but due to PureBoot software I considered to submit this topic here. Nevertheless, I am glad I met you here!
Actually, if I had not been too exasperated and mentally exhausted, I would have found this explanation of hypervisor earlier; however, I guess I would have not been able to explain those other qubes version without your assistance.
Even though I love apple devices and windows gaming laptops, it’s so sad that privacy-conscious individuals like us and others have to order, for instance, purism or nitrokey products and secure Linux distros in order to reclaim digital privacy rights from megalomaniac tech companies and insecure OSs.
