-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Aug 09, 2016 at 08:32:39AM -0600, Trammell Hudson wrote: > I'd like to configure my Qubes installation to have a read-only and > dm-verity protected / and /boot partitions for the hypervisor, dom0, > qubes configurations and templates, with a separate read-write partition > for the user data and volatile portions protected by a sealed TPM key.
This is very interesting setup! Please tell us if you manage to do it. > In the "VM Settings" - "Advanced" tab the "Paths" do not seem to > be editable. I could edit the file by hand after setting up Qubes, > although if there is an official way to do it during installation or > after-the-fact that would be nicer. There is no supported way for changing those path. But you may try to using `mount --bind` to redirect some of those directories or even single files (like /var/lib/qubes/appvms). Also search the list archive for relocating volatile.img files - AFAIR there was some script for that. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXqiOOAAoJENuP0xzK19cses8H/3t525+mYoV7EE5EzZdTxRbX OHWzmNNzrd+AKJZ4rMNFBHeP1rGLSuetl+bWgxG4yk3SNptWv/eJk/70KeGU/ZtW iyTjKqmf7eVO+LwBRBn8mCUKxs/JxbYp+ErKNd5OzDMRzeMPZqFvW6YUL2nXx8RV 7JSKQEd8Fr0w/V32En8BDhTCxDOLP2HJAiJTmq/Scn6YI9Am2J624MK2gPNkWy5j 92Y2FsRey6MxEDnbalkbxiCCleMFPr+txL8Q8E8qpwGU3J1zUv49Rzvis3NAW4XM 6K7Sn/kTzQejgPfdJ0cGr3zxE/kPfgZ8v2L6WU/47LArrwsDYLzqzviev0eQxE4= =Ngm3 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160809184015.GA27446%40mail-itl. For more options, visit https://groups.google.com/d/optout.
