Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
13b0123
commit 1b12c16
Showing
2 changed files
with
63 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
--- | ||
layout: post | ||
title: Qubes OS 3.1 has been released | ||
author: Joanna Rutkowska | ||
--- | ||
|
||
I'm happy to announce that today we're releasing Qubes OS 3.1! | ||
|
||
The major new architectural feature of this release has been the introduction of | ||
[Qubes Management | ||
infrastructure](https://www.qubes-os.org/news/2015/12/14/mgmt-stack/), which is | ||
based on popular Salt management software. | ||
|
||
In Qubes 3.1 this management stack makes it possible to conveniently control | ||
system-wide Qubes configuration using centralized, declarative statements. | ||
_Declarative_ is a key world here: it makes creating advanced configurations | ||
significantly simpler (the user or administrator needs only to specify _what_ | ||
they want to get, rather than _how_ they want to get it). | ||
|
||
This already allowed us to improve our installation wizard (firstboot) so that | ||
it now offers the user ability to easily select various options to pre-create | ||
some useful configurations, such as e.g. Whonix or USB-hosting VMs. | ||
|
||
![Qubes OS 3.1 Firstboot Screenshot]({{ site.url }}/resources/qubes-31-firstboot-mgmt.png) | ||
|
||
Currently the management stack is limited to Dom0 and system-wide Qubes | ||
configuration (i.e. what VMs should be present, with what properties, how | ||
connected), and notably missing is the ability to configure/manage states | ||
_inside_ the VMs or templates (e.g. what packages to be installed, or what | ||
additional services to be enabled in the VMs). | ||
|
||
I think most readers should understand very well that marrying a powerful and | ||
flexible, yet very complex, management software such as Salt, with a | ||
security-focused system like Qubes OS is an extremely sensitive task. This is | ||
because we really would not like to negate all the isolation we have previously | ||
worked hard to build, obviously. | ||
|
||
Yet, we have recently found what we believe to be an elegant way to also extend | ||
our management stack to cover the VMs internal states. In fact we already have a | ||
working code for this and plan on introducing this feature officially in the | ||
upcoming Qubes 4.0 release candidate. We might also decide to bring it to the | ||
3.1 release (as an optional update), in case we couldn't release 4.0-rc1 soon | ||
enough. | ||
|
||
Once we introduce this missing piece of the Qubes management infrastructure, we | ||
will gain almost limitless possibilities to shape Qubes configurations to fit | ||
particular user groups' needs and deliver them easily. | ||
|
||
Besides the management stack there have been a number of other improvements and | ||
bugfixes introduced in 3.1 compared to Qubes 3.0, and most of these have already | ||
been mentioned in the [original 3.1-rc1 announcement | ||
post](https://www.qubes-os.org/news/2015/12/08/qubes-OS-3-1-rc1-has-been-released/). | ||
To name here just the two which might be of critical importance to some users | ||
(as they significantly improve hardware compatibility): Qubes 3.1 now supports | ||
UEFI-based boot, as well as many new GPUs, thanks to the updated drivers and | ||
kernel in Dom0. | ||
|
||
The ISO can be downloaded [here](https://www.qubes-os.org/downloads/). As usual | ||
we encourage people to verify integrity of the downloaded images as explained | ||
[here](https://www.qubes-os.org/doc/verifying-signatures/). | ||
|
||
Existing users of Qubes 3.0 and Qubes 3.1-rcX releases should be able to easily | ||
upgrade without re-installing. Enjoy! |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.