> > > I'd just like to remind people (again) that Qubes has a storage pool > feature. So it IS possible to encrypt VMs with different encryption > keys. It requires some initiative from the user to set it up, however, > to define the pools so they reside in encrypted volumes. >
While I was looking for a way to individually encrypt VMs with a unique password, I stumbled upon this thread. I did some tests with storage pools and there seems to be a major drawback. As I understand, you have to create a new encrypted storage pool with fixed size for every VM you want to protect individually. So basically this defeats the advantage of the thin pool, where each VM can dynamically use as much space as needed, while having a maximum much larger than when is needed or even available. I thought about a ways to actually get this to work, but the problem is, if I set the pool size too low, I will run into bigger problems later on where an expansion would be needed. Is this even possible if the hdd space before and after is already assigned to other pools which can not be shrinked? So to be sure you'd have to assign more than enough space, eating up the hdd space very fast, leading to not enough space for all VMs. Do I miss something here? If not, is there a better way to encrypt each VM individually while still using only the default pool (qubes_dom0/pool00)? I tried to replace the VMs private LVs with an encrypted equivalent, but this did not work. To be precise, I replaced them with an opened luks volume. The volume can be mounted and used but QubesOS did not like it at all, the VMs did not start with this setup. I guess there are modifications in QubesOS itself needed in order to do so? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20583f92-78e6-4e9c-9a85-c6b4656e617f%40googlegroups.com.
