On 01/20/2019 07:24 AM, David Hobach wrote:
On 1/20/19 12:33 AM, Andrew David Wong wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 18/01/2019 11.43 PM, thorsten.schie...@gmail.com wrote:
I am also interested in having encrypted vms (preferably having one
password for each VM-group).
Let's assume I have one or more VMs for each customer which contain
sensitive data that must not leak anywhere. While working for
customer 1 I want to make sure that only VMs for customer 1 are
decrypted and usable (along with my non-customer VMs). VMs from
customer 2,3,... should be encrypted and unaccessible at this time.
When I move to cusomer 2, only these VMs should be decrypted, etc.
My goals are:
- In the rare case I forget to lock my notebook at cusomer 1 I don't
want anyone to be able to extract other customers data. (While not
perfect in regards to dom0 security at least it makes sure no data
can be stolen)
[...]
We actually have an open issue for this:
https://github.com/QubesOS/qubes-issues/issues/1293
(I didn't see this mentioned in your message, so you may not be aware of
it.)
Or just encrypt all your customer A data inside a container or partition
in dom0 and attach that to the right VM on demand whilst memorizing the
respective password.
That would be ~20 lines of code or 5 min work per customer.
Anyway if your dom0 is compromised and you don't fully give up the
machine, your data is compromised as well.
I'd just like to remind people (again) that Qubes has a storage pool
feature. So it IS possible to encrypt VMs with different encryption
keys. It requires some initiative from the user to set it up, however,
to define the pools so they reside in encrypted volumes.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/69b27253-d74c-f17d-1c08-c9023cd2e447%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
