I am also interested in having encrypted vms (preferably having one password for each VM-group). Let's assume I have one or more VMs for each customer which contain sensitive data that must not leak anywhere. While working for customer 1 I want to make sure that only VMs for customer 1 are decrypted and usable (along with my non-customer VMs). VMs from customer 2,3,... should be encrypted and unaccessible at this time. When I move to cusomer 2, only these VMs should be decrypted, etc.
My goals are: - In the rare case I forget to lock my notebook at cusomer 1 I don't want anyone to be able to extract other customers data. (While not perfect in regards to dom0 security at least it makes sure no data can be stolen) - Not sure about this one but by default VM data is written unencrypted to disk (or only encrypted with the standard boot password), correct? So it's theoretically possible that VM1 could potentially get data chunks from VM2 in case of harddrive failure (bad sectors, etc) or similar. Or is this impossible? I've seen this a few times in the past, where data was mixed up in the system and ended up where it didn't belong. Mainly it happend on Windows systems, so I'm not sure if it's also possible on Qubes. One example is a Windows registry where registry keys consisted of book titles along with normal registry keys. Somehow a list of books (I'm guessing a .txt file or similar) ended up being mixed into the registry file and regedit displayed them as registry keys which were not usable (an error message appeared when selecting them, saying the file could not be found if I remember correctly) - And lastly it would make things faster/easier when deleting data. Since the data is encrypted the VMs could just be deleted without any special care!? Is there already a documentation or script collection for doing this? I've found the scripts from Joe but they seem to be for Qubes 3.2 not for 4.0. ============= Possible feature request: Maybe this feature could be implemented into Qubes directly like this: - Possibility to create VM-domains with domain speciefic en-/decryption password (i.e. "customer1", "customer2", ...) - Possibility to create VMs with a VM-domain specified (without a VM-domain it could be "none" and these VMs would work just like it is at the moment) - If a VM is created for a VM-domain, the VM data is encrypted by default with the master key of this domain which is unlocked with the user provided password. - If one would try to start any VMs inside a VM-domain, Qubes would check if the VM-domain is currently unlocked/decrypted/mounted and starts the VMs. If it's not unlocked, a password prompt appears before they can be decrypted/mounted and started. I'm not sure how much work this would be but I imagine it wouldn't be that hard to implement!? Or maybe this could also be a project for Google Summer of Code? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/a0c01a9c-a0a3-4f16-a243-ea62a9ecca18%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
