qubes-issues icon indicating copy to clipboard operation
qubes-issues copied to clipboard

Published 20 hours ago verified publisher icon QubesOS

AArch64 support

Open DemiMarie opened this issue 2 years ago • 7 comments

How to file a helpful issue

The problem you're addressing (if any)

Some AArch64 machines nowadays are actually powerful enough to run Qubes OS, but Qubes OS does not support AArch64.

The solution you'd like

Qubes OS should support AArch64.

The value to a user, and who that user might be

Users with AArch64 machines will be able to install Qubes OS on them.

DemiMarie avatar Apr 30 '22 07:04 DemiMarie

Pinging @andyhhp because this will likely require serious work on the Xen side, mostly in the realm of SMMU support.

DemiMarie avatar Apr 30 '22 07:04 DemiMarie

Well, he is X86 maintainer in Xen, so won't be of any help here...

marmarek avatar Apr 30 '22 11:04 marmarek

Strongly, strongly agree.

aarch64 is the future, whatever comes first with aarch64 is what I'll use, SpectrumOS or Qubes.

There are plenty of development machines available, aarch64 Chromebooks are absolutely wonderful and have everything (Low level Bootloader & EC) open source. Checkout the Cadmium project for supported Linux Mainline aarch64 Chromebooks.

I'm willing to help in anyway I can, though I'm not particularly fond of Xen in 2022.

dylangerdaly avatar May 02 '22 22:05 dylangerdaly

I'm not particularly fond of Xen in 2022.

Why is that?

DemiMarie avatar May 03 '22 06:05 DemiMarie

KVM is receiving a lot more love, anecdotally.

I have an Acer Spin 513 with the MediaTek Kompanio 1380 (Tomato/Cherry), what would the first steps be in getting Xen running with dom0?

I'm currently trying to get vanilla Linux running, this shouldn't be too hard, MediaTek are currently working on mainlining some of the MT8195 patches for display etc.

I'm guessing Fedora would need to support the specific end device, then Qubes can follow?

dylangerdaly avatar Jun 25 '22 01:06 dylangerdaly

Unfortunately, Xen does not provide security support for PCI pass-through on AArch64. I suspect this would be a deal-breaker, but that would be up to @marmarek to decide.

Edit: This is being worked on upstream.

DemiMarie avatar Jun 25 '22 02:06 DemiMarie

I have very little hands-on experience with Xen or virtualization in general, but many newer chips have HW virtualization support, which I expect would improve the feasibility of this considerably. As an example, the rockchip in some Pine64 boards (including the Pinebook Pro and Pinephone Pro) have decent specs, with HW virt.

TheBusyWizard avatar Sep 14 '22 20:09 TheBusyWizard

O suporte AArch64 no Qubes OS representa uma oportunidade significativa para expandir seu alcance e fornecer segurança avançada a um grupo crescente de usuários. Ao superar a limitação atual, o Qubes OS se tornaria uma escolha mais acessível e atraente para aqueles que possuem hardware baseado em AArch64. Dessa forma, o sistema poderia continuar a ser um líder na área de segurança cibernética e manter sua reputação de oferecer um ambiente de computação altamente seguro e isolado.

alexandresantosal91 avatar Sep 22 '23 11:09 alexandresantosal91

https://github.com/QubesOS/qubes-issues/issues/8545#issue-1908918249

DemiMarie avatar Sep 22 '23 14:09 DemiMarie