-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-03-28 03:25, 'Blacklight447' via qubes-devel wrote: > Hello qubes developers! > > I have a question about qubes vm's. Would it make sense to > implement a method for password protecting(and maybe even > encrypting it with that password) individual vm's? > > Correct me if I am wrong, but it seems that by doing so, vm's are > harder to access in case of a compromise. > > For example, if someone were to break out of the xen hypervisor and > gained access to dom 0, although this would be a fatal compromise, > having some specific vm's encrypted when turned off(like the vault > vm for example) should protect the content of those vm's since it's > content is encrypted. > > You could see it as full disk encryption, but only for specific > vms, and needing the encryption password the even boot the vm and > see its content. > > I think this could potentially a nice feature to have in a future > qubes release, what do you all think off this? All suggestions and > comments on this idea is welcome. > > P. S. I wasn't sure were to poste this question, since it seems to > be related to development to me, please point out where I should > ask this if I got this wrong :) > > Best regards, Blacklight447 >
Per-VM encryption is currently being tracked here: https://github.com/QubesOS/qubes-issues/issues/1293 There are also prior discussions about this in the mailing list archives, which you may find interesting. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJY2jrZAAoJENtN07w5UDAwnz0P/iJNqS6XQsJIxKt6FzcqsPDJ e2CkPJaDUIb7pFyNB4wgXIkIvsHsVfV22Kja1DP2MEXX7GyE5UI5ncYSEr80ZN08 +T4Uc9fqEkknracdFZVk/mdKqJLsjOHqBTOIi/5KWpZCXKJLzWcwXUHX0/j/4f/i rOLTQ0CcCba07A82i4iLlJx/+hpiPMBnhixwlYvPnccRaLEGhxRWYr9JnyprmXpZ rRmUYae/UK2sTflqL6hbEiCGuBn7rNCsXFNGsrO9cSneD7kdwRO8eKxsYbTEhCOY Tm/VFvblN6VL5nRCgG0mlEeuQDpKIBlm0eS1AnIcOgoxDz1mqQ/tWm6dDrtOr+NL N5Csfbt4xynAJn+FQ/R8hvjPozeuHGckGAVsUuoik1shitVU5C8TedInqTSbMyA6 EwsreYysY3Y6d401ZXl+1pJaN0NXti0BeB8JYhzqB6CQTbAOpOoM9DE/2sYJGsxT MJZpeyBAU324tXig8C3hsugWxRqXMXKh90YgkeSJ+FbrH2KAmdmXsNR3i6E9m4m/ kjn6uUcc0IgYY2LJWLMckPqYhvv7YvdLxAo1gk/6CoY0PRal+htT28+oVHdC5fvv seR/D1MEJkdabZx1+Lf2fUKm7Z0ZsCqm85HTx4CL3mCUDsy1Bw235olTB1sdufRC /ADWCVRn82lq+/Ht1Yic =QBr5 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/603a835c-113c-f344-2b61-038fc07ea60b%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
