In Qubes OS, you run all your programs in lightweight virtual machines (VMs) called qubes. Not every app runs in its own qube. (That would be a big waste of resources!) Instead, each qube represents a security domain (e.g., “work,” “personal,” and “banking”). By default, all qubes are based on a single, common template, although you can create more templates if you wish. When you create a new qube, you don’t copy the whole system needed for this qube to work (which would include copying all the programs). Instead, each qube shares the system with its respective template. A qube has read-only access to the system of the template on which it’s based, so a qube cannot modify a template in any way. This is important, as it means that if a qube is ever compromised, the template on which it’s based (and any other qubes based on that template) will still be safe. So, creating a large number of qubes is cheap: each one needs only as much disk space as is necessary to store its private files (e.g., the “home” folder).
If you’ve installed Qubes OS using the default options, a few qubes have already been created for you:
Each qube, apart from having a distinct name, is also assigned a label, which is one of several predefined colors. The trusted window manager uses these colors in order to draw colored borders around the windows of applications running in each qube. This is designed to allow you to quickly and easily identify the trust level of a given window at a glance. Most Qubes OS users associate red with what’s untrusted and dangerous (like a red light – stop! danger!), green with what’s safe and trusted, and yellow and orange with things in the middle. This color scheme also extends to include blue and black, which are usually interpreted as indicating progressively more trusted domains than green, with black being ultimately trusted. However, it’s totally up to you how you’d like to interpret these colors. Qubes OS doesn’t assume anything about these colors. When you make a new qube, the system doesn’t do anything special to it depending on whether it’s black or red, for example. The only difference is which color you see and the meaning you assign to that color in your mind. For example, you could use the colors to show that qubes belong to the same domain. You might use three or four qubes for work activities and give them all the same distinct color label, for instance. It’s entirely up to you.
In addition to qubes and templates, there’s one special domain called dom0, where many system tools and the desktop manager run. This is where you log in to the system. Dom0 is more trusted than any other domain (including templates and black-labeled qubes). If dom0 were ever compromised, it would be “game over.” (The entire system would effectively be compromised.) Due to its overarching importance, dom0 has no network connectivity and is used only for running the window and desktop managers. Dom0 shouldn’t be used for anything else. In particular, you should never run user applications in dom0. (That’s what your qubes are for!)
GUI and command-line tools
All aspects of Qubes OS can be controlled using command-line tools run in a dom0 terminal. Opening a terminal in dom0 can be done in several ways:
- Go to the Application Launcher and click Terminal Emulator.
xfce terminaland press Enter twice.
- Right-click on the desktop and select Open Terminal Here.
Various command-line tools are described as part of this guide, and the whole reference can be found here.
Alternatively, you can use a suite of GUI tools, most of which are available through desktop widgets:
- The Domains Widget allows you to manage running qubes, turn them on and off, and monitor memory usage.
- The Devices Widget allows you to attach and detach devices – such as USB drives and cameras – to qubes.
- The Disk Space Widget will notify you if you’re ever running out of disk space.
- The Updates Widget will inform you when template updates are available.
For an overview of the entire system, you can use the Qube Manager (go to the Application Launcher → System Tools → Qube Manager), which displays the states of all the qubes in your system.
Apps can be started either by using the shortcuts in the Application Launcher menu or by using the command line (i.e., a terminal running in dom0).
You can start apps directly from the Application Launcher or the Application Finder (
Each qube has its own menu directory under the scheme
After navigating into one of these directories, simply click on the application you’d like to start:
By default, each qube’s menu contains only a few shortcuts. If you’d like to add more, enter the qube’s Qube Settings and add them on the Applications tab.
To start apps from the terminal in dom0, type:
$ qvm-run <qube_name> <app_command> [arguments]
$ qvm-run untrusted firefox
This command will start the qube if it is not already running.
Adding, removing, and listing qubes
You can easily create a new qube with the Create Qubes VM option in the Application Launcher. If you need to add or remove qubes, simply use the Qube Manager’s Add and Remove buttons.
You can also add, remove, and list qubes from the command line using the following tools:
How many qubes do I need?
That’s a great question, but there’s no one-size-fits-all answer. It depends on the structure of your digital life, and this is at least a little different for everyone. If you plan on using your system for work, then it also depends on what kind of job you do.
It’s a good idea to start out with the three qubes created automatically by the installer: work, personal, and untrusted. If and when you start to feel that some activity just doesn’t fit into any of your existing qubes, or you want to partition some part of your life, you can easily create a new qube for it. You’ll also be able to easily copy any files you need to the newly created qube.
Still not sure? You might find it helpful to read this article, which describes how one of the Qubes OS architects partitions her digital life into security domains.
It’s very important to keep Qubes updated to ensure you have the latest security updates. Frequently updating is one of the best ways to remain secure against new threats.
It’s also very important to make regular backups so that you don’t lose your data unexpectedly. The Qubes backup system allows you to do this securely and easily.
Here are some other tasks you’re likely to want to perform. (A full list is available in the Common Tasks section of the documentation.)
- Copying and Pasting Text Between Domains
- Copying and Moving Files Between Domains
- Copying from (and to) dom0
- Fullscreen Mode
- Device Handling (block, USB, and PCI devices)
If you encounter any problems, please visit the Help, Support, and Mailing Lists page.