Joe, I'm interesting too :)
Regards Le jeudi 8 juin 2017 16:28:52 UTC+2, Joe a écrit : > > On 03/29/2017 02:04 AM, Ángel wrote: > > On 2017-03-28 at 08:33 -0400, 'Blacklight447' via qubes-devel wrote: > >> The basic idea was that you have to provide a password to decrypt the > >> vms data, so you can boot and use it, allowing you to be sure only you > >> can access its data. This could even be potentially combined with an > >> option to export the encrypted vm, to later boot it in a clean version > >> of qubes os. > >> > >> Im not looking for just a password prompt, since those do not provide > >> any real security, unless your threat model is preventing someone to > >> access your vm"s when you forgot to shutdown or lock your machine. > >> > > You can use a HVM with LUKS disk. The password will be asked on boot, > > just as when booting a physical OS with an encrypted disk. > > > > However, being a HVM there will be less integration with other qubes > > (maybe the support tools can be installed -and work- on HVM, too?). > > > > I posted some scripts to this list on 15th of December 2015 with the > subject "Individually encrypting domains" that implements groups of > encrypted VMs (you can have groups of one if you so wish, of course). > > I still maintain these scripts privately, and have been using them for > ~two years now without problems. > > I also have a Python ctypes oneline to call posix_fallocate() on > root.img to get rid of the thin provisioning stuff using sparse files > that upstream Qubes applies to make sure your data gets fucked up when > you run out of disk space in dom0. > > (Works for the other .img, too, where a similar problem presents itself, > of course, but I have disabled volatile.img in my setup because I > consider the feature insane.) > > If someone wants a copy I'd be happy to share. > -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/5481c7d1-9c91-4bd9-9444-fb21a7eac9b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
