Choosing a new distro can be overwhelming. Installing a complex distro can be draining. If wasting wads of cash on the wrong hardware or getting neck-deep in technical jargon sounds daunting, then perhaps Qubes is not for you.
The first hurdle you will face is hardware choice. Qubes depends on specific technologies, namely, VT-x, VT-D, IOMMU, and SLAT. These are common in modern computers but are difficult to match with other requirements, like IOMMU groups (which I'll get to next) and cost.
Speaking of cost, not everyone will spend thousands on a laptop, and the more specialized your requirements, the more expensive things are. That being said, it's easy to find affordable hardware if you're okay with secondhand.
IOMMU Groups Are Difficult and Undocumented
IOMMU is a technology that allows Qubes to assign PCI devices directly to a virtual machine (VM). Simply put, it's virtual boundaries around hardware. For example, you can assign a network card directly to a VM, enabling direct VM-to-device interaction and secure isolation. However, there is one significant limitation: IOMMU groups.
An IOMMU group is a set of PCI devices grouped together. The OS treats an IOMMU group as a single unit. Devices in an IOMMU group must be assigned to the same VM. The important thing is that each motherboard groups them differently.
The annoying issue is that motherboard manufacturers do not document how they configure those groups. You can't know in advance what they look like, and so choosing hardware is especially difficult. One common issue is awkward group assignments; e.g., USB ports and the network card share the same group. Qubes acknowledges this, and they provide an installation option to assign USB and network cards to the same VM if necessary.
Luckily, the Qubes Hardware Compatibility List is extensive and provides some notes on what to expect before you purchase hardware.
5 Reasons to Install a Linux VM (And 5 Reasons Not To)
While they won't serve everyone, they're worth trying out.
Memory Is Always in Short Supply
Normally, you will use 2-4 qubes (VMs) for different tasks: a USB qube, a network qube (NetVM), a firewall qube, and possibly a VPN qube, each one requiring half a gigabyte of RAM as a baseline. Add a few browsers here and there and an app or two, and you will see your RAM usage swell to over 16 GB easily. Most older laptops support less than 16 GB, so you may find yourself stopping and starting VMs to juggle memory.
I would recommend at least 16 GB of RAM, but 32 GB if possible; 64 GB+ if you can afford it. RAM is expensive in large quantities, and 64 GB of RAM will set you back a few hundred dollars, more than some are willing to pay. However, given that computers these days ruthlessly hog memory, it's time for 32 GB of RAM to be the new norm.
Thanks to AI PCs, the Specs for Computers Across the Board Are Poised to Go Up
Thanks for the memory, AI.
Your USB Keyboard Becomes a Security Risk
For security, USB keyboards should connect to the USB qube, which cannot speak to dom0. Dom0 is the administration VM that controls all other VMs. You protect dom0 with your life; nothing should communicate with it, including the USB qube.
So what do you do? Use a PS/2 keyboard, that's what! However, not everyone wants to. In that case, a keyboard assigned to a USB qube will work for most AppVMs (VMs that run everyday applications), but it won't work for dom0—and that's a big problem. The headache that ensues is too much. In frustration, some may connect their USB keyboard directly to dom0, but that is a major no-no because a compromised keyboard can attack it.
To add to the difficulties, some laptop keyboards rely on an internal USB connection, which could leave you with either a dysfunctional machine at best or a security risk at worst. If you're concerned or unsure about whether a laptop functions adequately, refer again to the Hardware Compatibility List for notes.
The Lack of GPU Support Limits Your Choices
As of 2025, VMs on Qubes do not yet have GPU acceleration. The reason? GPUs don't properly isolate video RAM contents (between VMs and dom0). Although unlikely, it's possible for VMs to read sensitive dom0 information.
Additionally, you can only assign a GPU to one machine, so which do you choose? All of your browsers want GPU acceleration, and so do many applications, utilities, and compositors. Today's computers also increasingly process AI workloads, like installing and using chatbots at home with Ollama. A lack of GPU acceleration leaves Qubes in the dust for most.
There is an upside; the Qubes team has put the wheels in motion to implement virtualized GPU acceleration via a technology called VirtIO native contexts, which shares GPU acceleration across all VMs, with near-native performance. I'd expect GPU acceleration to land around 2027 (or 2037; you know how things go).
Nvidia Drivers on Linux: What You Need to Know
Nvidia is known for being somewhat tricky on Linux, but is that reputation earned or exaggerated?
Battery Life Is Non-existent
Due to the lack of GPU acceleration, Qubes renders everything in software. Software rendering is inefficient, and it drains battery power quicker than a more efficient GPU.
Multiple VMs run simultaneously, and each executes a duplicated set of processes, resulting in redundant effort. Each of these processes consumes CPU time and precious battery power.
I don't know if you have ever noticed, but terminals like Alacritty often sit at around 1% to 2% CPU usage when idling. Opening a terminal in multiple VMs means they're all draining power. System monitor utilities make the problem worse by frequently refreshing. Add to that list browsers and terrible, resource-hungry websites. I often find that the CPU spikes to 20% or 50% when doing absolutely nothing. Hunting down resource-hogging processes is like a ritual for me on standard Linux, and you can expect 5x that effort with Qubes.
In short, VMs are power-hungry and terrible for battery life.
A Steep Learning Curve: It Requires Technical Knowledge
Learning Qubes involves understanding its various components, such as AppVMs, TemplateVMs, DispVMs, DispVM templates, dom0, and domUs. It's important to grasp how these components (domains) function and interact with each other. Each domain has a clear use case; for example, you apply updates and configuration changes to templates. Failing to understand how domains interact may leave you confused as to why your configurations have disappeared or why an update didn't take effect.
Additionally, the RPC system governs how domains talk to each other. It's an essential system, but less experienced users won't understand how to configure and use it.
The steep learning curve also includes everything covered earlier. Without learning IOMMU, required hardware, etc., you will make the wrong choice. To learn everything up-front is asking too much for most people. Qubes requires some competent technical knowledge.
I love Qubes; I've used it for nearly a decade, but it's not for everyone. Some people just want a straightforward operating system.
Qubes appeals to two kinds of people:
- Those who have lots to lose.
- Geeks who are concerned about their security.
Not every geek wants to learn such a complex system, but for others, the allure is too strong. If you feel that allure, check out the Qubes installation guide; if not, find another suitable distro.
