> The main downside is no GPU acceleration of anything (framebuffer only), but it's somewhat less limiting than I'd assumed, and most of my machines maintain a dual boot of Ubuntu for anything GPU intensive, though I honestly use it a lot less than I'd assumed.
You are effectively making Qubes useless. The presence of any software that has access to the EFI partition outside Qubes renders it a highly vulnerable entry point for any form of malware, as it gives direct access to Xen.
Oh please. Yes its a potential. But if you're just running stuff provided by Ubuntu & not random crap from wherever this so called threat vector will never happen.
You are effectively making Qubes useless. The presence of any software that has access to the EFI partition outside Qubes renders it a highly vulnerable entry point for any form of malware, as it gives direct access to Xen.