Qubes OS DispVM based on Debian 10 - Some Notes

This post is potentially outdated and hasn’t been reviewed for any updates

This post is more considered to be a short writeup for my future self since I tend to forget things and love to be able to quickly look things up. Most of the steps can be found as well via the Qubes OS documentation. Anyway, the core question that I want to get answered is:

What do you need to do in order to use Debian 10 as a DispVM template and make some privacy adjustments to Firefox so that the changes replicate properly to all fresh dispVMs you spawn?

Debian 10 for Qubes OS is available since the 3rd of November 2019 via the Qubes OS 4.0.2-rc2 release. What do you need to do in order to use Debian 10 as a DispVM?

In Dom0:

  • Install Debian 10:
    sudo qubes-dom0-update qubes-template-debian-10
  • Create dispVM template VM:
    qvm-create --template debian-10 --label red debian-10-DISPVM
  • Set as dispVM template:
    qvm-prefs debian-10-DISPVM template_for_dispvms True
  • Add menu entries:
    qvm-features debian-10-DISPVM appmenus-dispvm 1
  • Run terminal in template VM for further configuration:
    qvm-run -a debian-10-DISPVM gnome-terminal

Afterwards, switch over to the VM and install the latest updates:

sudo apt-get update && sudo apt-get upgrade

Then apply your changes to Firefox or even change your browser to something you want (e.g.Chromium, Brave etc.). Firefox is “talky” by default and you might want to follow some of these privacy guidelines below:

Getting rid of Firefox default extensions

Generally, for dispVMs, I recommend to stay away from any kind of extensions and use Firefox-internal configurations only. You should also get rid of the standard extensions that Firefox brings along by default. They can be found in /usr/lib/firefox/browser/features/ in the Debian 10 template. Important, don’t delete them in your debian-10-DISPVM but in your original debian 10 template since the dispVM template is built on this one.

Final steps

Don’t forget to delete all data from your Firefox (Cookies, Site Data etc.) in your dispVM template before closing it so it cannot replicate down to your dispVM.

This post is licensed under CC BY 4.0 by the author.