Simplify install prep: doing updates all at once, with images. #301
Description
I think the security benefits of updating dom0 first, then reboot and only then update templates (as is currently the case).
My suggestion would be to do all of this in one go and reboot afterwards and instead just suggest users make use of the graphical Qubes updater tool, checking all the boxes. And of course, including an image:
Threat Model Implications
If there is an unpatched virtualization vulnerability in the ISO (whose patch will come with a dom0 update), then theoretically dom0 needs to be restarted to be protected from malicious (default) templates.
However, we are not consistent in this practice. The updater runs both dom0 and template updates and only forces a restart at the end (source).