RAM is perfectly sufficient for full simultaneous functionality of all qubes on this X230 Thinkpad which also satisfies all the green check marks for HSI (hardware security). Latest Libreboot BIOS and no Intel ME.
- encrypted messaging apps (Pidgin, signal-cli, Hexchat)
- dvm veilid-server.service qube (network support)
-
sys qubes for networking like VPN, Yggdrasil, and DNS (TLS resolv and odoh.cloudflare)
-
lock LUKS with a Nitro USB A security key
- dvm of Brave and Librewolf (in firejail) when tor is not an option
-
fully ephemeral Whonix WS dvm qube
-
Debian template upgrade to Kicksecure and enable apparmor service on all Debian
- Vault (no networking) has LibreOffice and Keepass with a keyfile inside a FIPS security key
Pretty sweet.
Attacker found a way to disrupt updates over for via Qubes Update and Standalone qubes. Also seems to be a way of selectively disconnecting onion services.
Now believe Dom0 should not be updated (even if it is supposedly done so securely) and Vanguards needs to be added to Whonix GW or onionized repositories for system tor inside a Standalone. Downloading templates may also be advisably discouraged.