-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Dec 01, 2016 at 04:55:46AM -0800, bentva...@cloudctrl.nl wrote:
> So, how should I configure my qubes-builder config file? Any chance you could
> maybe upload the config file that you've set the parameters for so I can have
> it build R4 build .iso ?
As I said, I'll write an update on this soon :)
If you really want it right now, here my builder.conf:
But I can't guarantee it will work out of the box.
> How long before hvm with pv stubs is implemented? Or is this one already in,
> and only pvh2 missing?
HW42 is working on updated stubdomain there, to have not-so-ancient qemu
inside. I think this is the only missing part, at least in theory.
> How long before gui management tools are ready? Are all the terminal
> management tools working? If so, I dont care, I could use some practice with
> the management commands in the terminal :).
Yes, most (all?) qvm-tools are working.
> By the way, I have a pgp-card, (Nitrokey) that I would like to use for
> security on my build. Any tips for how to best use one for solid full disk
> encryption? What storage layout should I use on a SSD with full disk crypto,
> for optimal security, and prefent evil maid attacks? I was wondering about if
> it would be possible to encrypt the whole disk, including boot? Or save boot
> on my nitrokey, and encrypt it, (grub encrypt) so thr usb gives the
> bootloader, the encryption password, the authentication over pgp, and maybe
> some more security certificates that are required for accessing the O.S.
> The main thing I want to prevent is people tampering with my bootfiles to
> have a keylogger or something installed, or prevent people logging in using
> a password obtained with a hidden camera. I want my (disk encryption)
> security to be real 2 factor security requiring atleast my nitrokey, personal
> password, and if possible maybe a third factor to be able yo log in to my
> system, or even be able to unlock my filesystem.
> What about the Tresor mod which saves your encryption key in the cpu? I
> really like the idea of being able to prevent people frm extracting the key
> from my ram. Any other tips for security ?
Those questions deserve separate thread(s), but generally the answer is:
nice ideas, but not easy to implement in practice.
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.