We’re pleased to announce the second release candidate for Qubes 4.0! As usual, this release candidate includes numerous bug fixes over the previous one. Two of the most important changes are:
Improved PCI passthrough with
sys-usbrunning in HVM mode by default. With this change, we’ve officially achieved our Qubes 4.0 goal of having all qubes running in HVM mode by default for enhanced security.
There were two primary reasons for the substantial delay of this release. The first was our discovery of the security issue that would come to be known as XSA-237. As part of our coordination with the Xen Project Security Team, we had to wait through the embargo period until XSA-237 was publicly released before integrating various PCI passthrough fixes.
The second reason for the delay was the last-minute discovery of a bug related to resizing the root filesystem of a qube. We faced a choice between (1) keeping the partition layout the same at the cost of increasing maintenance complexity in the future or (2) changing the partition layout to simplify the code at the cost of rebuilding all the templates and delaying the release. We chose the second option, which resulted in an additional one week delay, but we’re confident that this is the most prudent move in the long run.
As a consequence of the partition layout change, it will be necessary for current 4.0-rc1 testers to perform a clean reinstall of 4.0-rc2 rather than attempting to upgrade in-place. We sincerely apologize for this inconvenience. Our growing community has been putting in a lot of hard work testing the first 4.0 release candidate and submitting bug reports, and we greatly appreciate your effort. From the whole Qubes team, thank you! Your feedback helps us make the final release as stable as possible. Please keep up the great work!