How to install Qubes OS as a virtual machine on your PC
If you’re interested in running Qubes OS, it’s likely because you want more control over your security than a typical operating system allows. If this is the case, you’ll need to download and install Qubes OS from its website before you can use it on your PC. The good news, though, is that installing Qubes OS isn’t too difficult to do — here’s how to install Qubes OS as a virtual machine on your PC.
What is Qubes OS?
Qubes is an open-source operating system that you can use for daily computing. It was built with security in mind, and has various features to make it easy for beginners and experts alike.
One of the great things about Qubes is that users are granted much more control over how their data is stored and where it goes, with multiple layers of protection. The idea is that there are different domains or zones that can be assigned tasks, like browsing the web, downloading files, editing images, storing sensitive information (passwords, encryption keys), social media applications like Facebook or Twitter. This way only the necessary information stays in one place where it’s difficult for malware or viruses to attack everything at once.
What do you need?
A PC running Windows, Mac, or Linux – any operating system will work. It also requires at least 8 GB of RAM, though you should have much more than that if possible. In order to run this tutorial, we recommend you have about 20 GB of free space on your hard drive before installing anything. That’s the amount that was used for this tutorial and it is the same amount of space needed for installing Qubes itself.
You’ll also need plenty of time: installing everything can take around 3 hours depending on the speed of your internet connection and hardware setup. It may be necessary to do some troubleshooting during installation, but don’t worry! We’re here to help 🙂 First, head over to our Downloads page and download the latest stable release of Qubes (3.2). Next, right-click on the ISO file and select burn or mount (depending on what you are using) from the pop-up menu. Then follow these steps below to get started with setting up your virtual machine:
In VirtualBox Manager, click New in the top left corner then select either Debian 64-bit (AMD64) or Other 64-bit for architecture depending on which version of Windows you are using then choose Standard VM from above menu choices.
Creating an encrypted partition
We will now create an encrypted partition. From the command line, type in sudo cryptsetup luksFormat /dev/sda3. This will take some time and require inputting the passphrase for this partition. We recommend using a long random string of letters, numbers, and symbols here. When prompted for it again, just press enter to have both questions not actually answer it. Now type in sudo cryptsetup Luks Open /dev/sda3 qvm-data-volume-partition. Now we need to tell our computer that we want to use the new qvm-data-volume-partition instead of sda3. Type in blkid grep sda3 followed by sudo fdisk -l grep sda1 (to make sure you’re typing blkid correctly).
Installing Fedora as the first domain
When you first boot into the installation, you will be asked what type of installation you want. You can choose ‘Basic Storage Devices’ or ‘UEFI Installation’. If the computer has an older BIOS instead of UEFI firmware, then you should use Basic Storage Devices. In this example we are going to choose UEFI Installation and click Next.
If the computer does not support UEFIs, there is no benefit in using that option other than having more advanced partitioning options.
Next, we select our language and click Next. When prompted for which type of media containing the software, either DVDs or USB drive, select Download Software Updates Manually Later and proceed with your installation.
Installing Whonix for Tor over VPN with qvm-prefs
Some high-level steps you need to take before starting with this tutorial. First of all, you will need two USB sticks, which we will refer to as one dummy and one live. The dummy stick needs its first partition formatted as FAT32, the second partition needs NTFS, and its third partition can be any filesystem. The live stick needs its first partition formatted with FAT32 or NTFS, the second partition must be a Linux filesystem (ext4 is recommended), and the third should be empty and not formatted. Once both sticks are ready, plug them into different USB ports on your computer.
Installing Debian in another secure domain
The first step is to create two partitions with the following commands:
sudo parted /dev/sda (enter mkpart primary ext2 500MiB 2048MiB) sudo parted /dev/sda (enter mkpart primary linux-swap 2047MiB 8190MiB)
Now we need to format the partitions by typing: sudo mkfs.ext4 /dev/sda1, then sdb1. Finally, mount and format the partition where Debian will be installed: sudo mkdir -p /mnt/qwertylinux, then sudo mount -o loop qwertylinux.iso /mnt/qwertylinux.
Adding domains (VM templates) from the command line
- Open the dom0 terminal by clicking the little green Q icon in the bottom left corner of your screen.
- Type dom0# without quotes and hit enter. This will open up a command line prompt within dom0
- Type sudo qubes-dom0-admin qvm-create Downloads/Enterprise/ Windows2012R2_Domain_ID3 VMsetup without quotes and hit enter.
- Enter a password for your new VM
- You should now see VMsetup! in the list of VM templates
- Right click it and choose Close 7. Now, create a new VM template with the following command: sudo qubes-dom0-admin qvm-create Downloads/Developer/VMsetup
- Choose any ID you want from this menu:
- Now type in any name you want:
- The last step is to set your VM’s CPU priority and RAM size (in MB). For example, if you wanted to make sure that this would be available for everyday tasks, then you would enter 1000. If you wanted to prioritize it less than that, say 500, then you would type 500.
- After typing these values into their respective fields, go ahead and press Done 12. Repeat steps 3 through 11 until all of your VMs are created
Setting up a USB boot device to start dom0 (instructions only, not tested yet!)
Next, we are going to need to set up our USB boot device. This can be done in different ways, such as using Rufus or another tool. Below is the command I used in order to create the USB boot device:
sudo dd if=/path/to/qubes-xen-4.0-rc1.iso of=/dev/sdc bs=4M && sync; this process may take a while depending on the size of your iso file. The commands above will not delete any existing data on the disk (like previously saved files). However, you should always use caution when deleting existing data by accident.