We’re pleased to announce the fourth release candidate for Qubes 4.0! This release contains important safeguards against the Spectre and Meltdown attacks, as well as bug fixes for many of the issues discovered in the previous release candidate. A full list of the Qubes 4.0 issues closed so far is available here. Further details about this release, including full installation instructions, are available in the Qubes 4.0 release notes. The new installation image is available on the Downloads page.
As always, we’re immensely grateful to our community of testers for taking the time to discover and report bugs. Thanks to your efforts, we’re able to fix these bugs before the final release of Qubes 4.0. We encourage you to continue diligently testing this fourth release candidate so that we can work together to improve Qubes 4.0 before the stable release.
Major changes in Qubes 4.0-rc4
The Qubes VM Manager is back by popular demand! The returning Qubes Manager will be slightly different from the 3.2 version. Specifically, it will not duplicate functionality that is already provided by the new 4.0 widgets. Specific examples include attaching and detaching block devices, attaching and detaching the microphone, and VM CPU usage.
In addition, the default TemplateVMs have been upgraded to Fedora 26 and Debian 9.
The Qubes 4.0 stable release
If the testing of 4.0-rc4 does not reveal any major problems, we hope to declare it the stable 4.0 release without any further significant changes. In this scenario, any bugs discovered during the testing process would be fixed in subsequent updates.
If, on the other hand, a major issue is discovered, we will continue with the standard release schedule, and Qubes 4.0 stable will be a separate, later release.
Current Qubes 4.0 Users
Current users of Qubes 4.0-rc3 can upgrade in-place by downloading the latest updates from the testing repositories in both dom0 and TemplateVMs. As explained in QSB #37, Qubes 4.0-rc4 uses PVH instead of HVM for almost all VMs without PCI devices by default as a security measure against Meltdown, and this change will also be released as a patch for existing Qubes 4.0 installations in the coming days. Therefore, current Qubes 4.0 users will benefit from this change whether they upgrade in-place from a previous release candidate or perform a clean installation of 4.0-rc4.
If you wish to upgrade in-place and have manually changed your VM settings, please note the following:
By default, Qubes 4.0-rc3 used kernel 4.9.x. However, PVH mode will require kernel >= 4.11. This is fine, because we will include kernel 4.14 in the PVH update. However, if you have manually changed the kernel setting for any of your VMs, the update will not automatically override that setting. Those VMs will still be using an old kernel, so they will not work in PVH mode. Therefore, you must must either change their settings to use the new kernel or change the VM mode back to HVM.
If you have created a Windows VM, and you rely on it running in HVM mode, you must explicitly set its mode to HVM (since the default mode after applying the PVH update will be PVH rather than HVM). You can do this either through the VM Settings GUI or by using the
qvm-prefscommand-line tool to change the