@lattera That's one of my big issues with Qubes.

Virtualization somewhat makes sense when it comes to isolating the drivers & hardware, but that specific need would be better served by other techniques like having a microkernel (SeL4, anyone?) and using that to isolate the drivers from one another (and from userspace).

Virtualization as the mechanism for isolating bits of the userspace has high overhead and large attack surface (Xen hypercalls, X11 protocol, ...).