I'm looking for some suggestions for running a "maximally-secure" media server that will access an encrypted USB hard drive for it's storage. It can and probably should be read-only to the media-server software.
A few possibilities I can think of listed from assumed lowest security to highest security: 1) run the media server in the sys-usb VM. 2) stop sys-usb VM and run another VM that doesn't start on boot but has access to all the USB devices and is run manually after boot 3) run another VM that only has one "locked down" dedicated USB device and remove that device from sys-usb VM permanently 4) run another VM that accesses the storage through sys-usb (I am unfamiliar with this, but assmue it's possible) The media-server software will by non-proprietary (DLNA compliant) and open. All thoughts are welcome, including those that say "don't do it." If there's something else I should be reading instead, please let me know. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nqcr7n%24d6s%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.