On 06/19/2016 05:25 AM, David Hobach wrote:
I wonder whether there's any sensible (= relatively secure) way
of sharing data between 2 Qubes installations via a single USB
pen drive or hard disk?
What are you using or do you have any thoughts?
[...]
Probably I did understand what you are trying to achieve, but
when I had to copy data between two Qubes installations made a
backup of the first installation on a NAS and restored it on the
second installation, changing the name of conflicting VMs before
restore. Everything really easy and fast.
This is the method I personally use. It's essentially a system
"migration" as described here:
https://www.qubes-os.org/doc/backup-restore/#tocAnchor-1-1-4
That's indeed a good solution for rare accesses - especially from a
security point of view (From what I see the USB drive does not need to
be trusted as it can be mounted in some untrusted AppVM and the
encryption is done in dom0.).
I'm just not so sure if it's good for day-to-day use wrt to speed. So
if I want to modify one file on my USB drive, I have to restore the
entire backup (maybe 10GB or so), edit the file and then do a backup
again? So it would take 15min to edit a single file I guess?
Ideally I'd like to plug the USB drive in my machine and see the files
dedicated for VM_A inside that VM immediately (same for the other
VMs). Then I'd edit, maybe umount and then unplug the USB drive again.
Maybe I'm a little picky about speed, but I know that once users have
to use secure solutions that are slow, they'll go for totally insecure
ones that are fast. So I prefer to see people going to pretty secure
ones that are fast.
Thanks for the suggestion though - I hadn't considered it so far as
I'm not using the original Qubes backup solution (once again for speed
reasons - and yes, it adds 1-2 potential attack vectors).
Try this automount solution -
https://groups.google.com/d/msgid/qubes-users/20160607202924.GD1593%40mail-itl
If you are sharing between to similar vms (even if they're on different
systems) you can format the volume in vm with LUKS and specify a keyfile
in each vm using crypttab. No need to have dom0 format or decrypt the
volume.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/57667E11.3060004%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
