On Saturday, January 19, 2019 at 4:06:31 PM UTC-5, thorsten...@gmail.com wrote: > And that's exactly what I want to make sure can not happen in Qubes. Even in > the worst case scenarios with HDD, filesystem, etc. it must not be possible > that data from VM1 ends up in VM2, even if it's just small junks. So I > thought if the VMs data were encrypted individually in the first place, it > wouldn't be a problem at all if any data blocks would end up in another VMs > hdd region since it wouldn't be able to read it (encrypted with different > key).
Agreed. The counter argument really boils down to "well then you should have two air-gapped systems" and basically refutes the entire point of Qubes to begin with, which is hardware-enforced compartmentalization. Inserting a separation layer of group-encrypted VMs/domains makes sense to me: it allows for better run-time compartmentalization for both system security and possibly physical security as well (depending on OPSEC). brendan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/f769e45f-d792-4a89-87d2-9da91df5866a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
