On Fri, Nov 10, 2017 at 5:43 AM, blacklight <[email protected]> wrote: > I have a question about how the images for the vms in qubes are stored. > > As one can read in > https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf > at page 33, Qubes OS was supposed to get a secure storage domain which would > be none security critical, but as far as I can see, Qubes VMs still have > their root.img's stored in Dom0. why is this? Was there too little time or > manpower to implement this in time? Or maybe a better storage solution was > found? I would really like some information about choices made on this > subject and any possible future plans about this subject :) . > > greetings, > blacklight
Relevant: - https://github.com/QubesOS/qubes-issues/issues/904 - https://github.com/QubesOS/qubes-issues/issues/1293 and some relevant discussion in the list archives that I can't find right now. Historically the blocking issue has been no way to securely bootstrap dom0 without depending on the same storage we seek to un-trust. The "untrusted" storage domain is not really so un-trusted if it ultimately has full control over the disk and can subvert dom0 integrity for future boots. The actually-worthy-of-trust trusted boot landscape has changed somewhat recently with e.g. Heads [1][2] and NERF [3] but since this is still not widely supported (and is not expected to be any time soon AFAIK) there is still little real benefit. As long as that is the case, it's not worth the complexity IMO. Note however that the storage subsystem API for R4 has still been designed to be compatible with moving storage out of dom0 in the future. Regards, Jean-Philippe [1]: http://osresearch.net/ [2]: https://github.com/osresearch/heads [3]: https://www.youtube.com/watch?v=iffTJ1vPCSo -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CABQWM_CFmN%3DGneZOaP1_p%2BwEd6sSWn4qgO_6cMmXnakRF-KfmQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
