Hello, I have been using Qubes OS on a Purism Librem Laptop for the last year and a half and I think it is great.
But I think it still has some issues with stability and maybe even security in extreme cases.
One problem is that sometimes a “phantom” process seems to be using up all the CPU when using Qubes OS 4.1. It happens like this:
-the cpu fan suddenly ramps up to maximum.
-the mouse and the whole system becomes sluggish.
-no vm is above 1% cpu ussage and TOP shows just 2-10% CPU ussage in Dom0.
-I tryed restarting qubes os but the problem persists.
-only fix is to power down the laptop completely and restart the os.
1)Could this be an attack?
2)Is there any way to debug the problem? I can’t seem to find anything in the logs.
Is anyone having similar issues or knows how to debug them?
System: Purism Librem 13 Laptop v3 with disabled the Intel Management engine and coreboot BIOS.
OS: Qubes OS 4.1 (R4.1) Xen 4.14.4
Use a live USB with PureOS 10.3 installed for handling low-level tasks like these. Follow the instructions below to update Coreboot.
Well this is a great time to consider external encrypted backups, if you have not done so already. Disconnect from the Internet using the hardware kill switches, and other hardware peripherals before transferring files.
This is very insecure, compared to what Qubes OS offers: you directly connect your BIOS to the Internet, while on Qubes you never go online in the Admin VM and never even run there anything.
Do you also clean and verify the WiFi firmware? Even if you do, you open a huge attack surface, since vulnerabilities in it are found quite frequently. And the security-critical code in Linux is huge, compared with Qubes.
No, I do not install proprietary firmware unless I have no choice. In this case, “all” firmware means:
Boot firmware
Embedded controller
NVME controller(s)
My rule is that if the hardware already requires proprietary firmware to use it, then I can choose whether or not to upgrade it after reading release notes, and accepting or denying trust in the vendor.