I think its a good idea for e.g like: - Multiple PC users, each user want to use the PC but not each user want to give permissions to view all vms
- If by any how someone knew the passphrase for the Qubes and opened it , at least he cant damage all vms because some (which are the important i suppose) will request a password to delete or to enter it ... So its something beneficial John Smiley: > Is a long, correctly generated (with actual dice using paper and pencil - > no electronic copies ever) Diceware password entered at boot-time not > sufficient? If not, why not? > > On Fri, Oct 18, 2019 at 9:27 PM Josh Skipper <josh770...@gmail.com> wrote: > >> >>> I'd just like to remind people (again) that Qubes has a storage pool >>> feature. So it IS possible to encrypt VMs with different encryption >>> keys. It requires some initiative from the user to set it up, however, >>> to define the pools so they reside in encrypted volumes. >>> >> >> While I was looking for a way to individually encrypt VMs with a unique >> password, I stumbled upon this thread. >> I did some tests with storage pools and there seems to be a major drawback. >> As I understand, you have to create a new encrypted storage pool with >> fixed size for every VM you want to protect individually. >> So basically this defeats the advantage of the thin pool, where each VM >> can dynamically use as much space as needed, while having a maximum much >> larger than when is needed or even available. >> I thought about a ways to actually get this to work, but the problem is, >> if I set the pool size too low, I will run into bigger problems later on >> where an expansion would be needed. Is this even possible if the hdd space >> before and after is already assigned to other pools which can not be >> shrinked? >> So to be sure you'd have to assign more than enough space, eating up the >> hdd space very fast, leading to not enough space for all VMs. >> >> Do I miss something here? If not, is there a better way to encrypt each VM >> individually while still using only the default pool (qubes_dom0/pool00)? >> I tried to replace the VMs private LVs with an encrypted equivalent, but >> this did not work. To be precise, I replaced them with an opened luks >> volume. The volume can be mounted and used but QubesOS did not like it at >> all, the VMs did not start with this setup. >> I guess there are modifications in QubesOS itself needed in order to do so? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "qubes-devel" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to qubes-devel+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/qubes-devel/20583f92-78e6-4e9c-9a85-c6b4656e617f%40googlegroups.com >> <https://groups.google.com/d/msgid/qubes-devel/20583f92-78e6-4e9c-9a85-c6b4656e617f%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/8a82a56a-6821-1958-50c2-e46f80b19d27%40riseup.net.
