Qubes OS DispVM based on Debian 10 – Some Notes
This post is more considered to be a short writeup for my future self – since I tend to forget things and love to be able to quickly look things up. Most of the steps can be found as well via the Qubes OS documentation. Anyway – the core question that I want to get answered is:
What do you need to do in order to use Debian 10 as a DispVM template and make some privacy changes to Firefox so that the changes replicate properly to all fresh dispVMs you spawn?
Debian 10 for Qubes OS is available since the 3rd of November 2019 via the Qubes OS 4.0.2-rc2 release. What do you need to do in order to use Debian 10 as a DispVM?
- Install Debian 10:
sudo qubes-dom0-update qubes-template-debian-10
- Create dispVM template VM:
qvm-create --template debian-10 --label red debian-10-DISPVM
- Set as dispVM template:
qvm-prefs debian-10-DISPVM template_for_dispvms True
- Add menu entries:
qvm-features debian-10-DISPVM appmenus-dispvm 1
- Run terminal in template VM for further configuration:
qvm-run -a debian-10-DISPVM gnome-terminal
Afterwards, in the VM, I recommend to get and install the latest updates:
sudo apt-get update
sudo apt-get upgrade
Then apply your changes to Firefox or even change your browser to something (e.g.Chromium, Brave etc.)
Firefox is “talky” by default and you might want to follow some of these privacy guidelines below – use at your own risk:
Getting rid of Firefox default extensions
Generally, for dispVMs, I recommend to stay away from any kind of extensions and use Firefox-internal configuration only. You should also get rid of the standard extensions that Firefox brings along by default – they can be found in /usr/lib/firefox/browser/features/ in the Debian 10 template. Important – don’t delete them in your
debian-10-DISPVMbut in your original debian 10 template since the dispVM template is built on this one.
Don’t forget to delete all data from your Firefox (Cookies, Site Data etc.) in your dispVM template before closing it so it cannot replicate down to your dispVM.