-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, Dec 01, 2016 at 04:55:46AM -0800, bentva...@cloudctrl.nl wrote:
> So, how should I configure my qubes-builder config file? Any chance you could 
> maybe upload the config file that you've set the parameters for so I can have 
> it build R4 build .iso ?

As I said, I'll write an update on this soon :)

If you really want it right now, here my builder.conf:
https://gist.github.com/marmarek/2e42558c3ad2c53b1e4bb49beb18c1a9

But I can't guarantee it will work out of the box.

> How long before hvm with pv stubs is implemented? Or is this one already in, 
> and only pvh2 missing? 

HW42 is working on updated stubdomain there, to have not-so-ancient qemu
inside. I think this is the only missing part, at least in theory.

> How long before gui management tools are ready? Are all the terminal 
> management tools working? If so, I dont care, I could use some practice with 
> the management commands in the terminal :). 

Yes, most (all?) qvm-tools are working.

> By the way, I have a pgp-card, (Nitrokey) that I would like to use for 
> security on my build. Any tips for how to best use one for solid full disk 
> encryption? What storage layout should I use on a SSD with full disk crypto, 
> for optimal security, and prefent evil maid attacks? I was wondering about if 
> it would be possible to encrypt the whole disk, including boot? Or save boot 
> on my nitrokey, and encrypt it, (grub encrypt) so thr usb gives the 
> bootloader, the encryption password, the authentication over pgp, and maybe 
> some more security certificates that are required for accessing the O.S.
> 
> The main thing I want to prevent is people tampering with my bootfiles to 
> have a keylogger or something installed,  or prevent people logging in using 
> a password obtained with a hidden camera. I want my (disk encryption) 
> security to be real 2 factor security requiring atleast my nitrokey, personal 
> password, and if possible maybe a third factor to be able yo log in to my 
> system, or even be able to unlock my filesystem. 
> 
> Also, 
> What about the Tresor mod which saves your encryption key in the cpu? I 
> really like the idea of being able to prevent people frm extracting the key 
> from my ram. Any other tips for security ? 
Those questions deserve separate thread(s), but generally the answer is:
nice ideas, but not easy to implement in practice.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYQCmrAAoJENuP0xzK19cs/1AIAJrqs+uOvAaJkxZnefMMvpCS
cptkkN9xZmQ23w26hGgwfmcCjpyYzWeZSMRbAtuLRd8lZZ11WojmCgMHKY/9iQgO
X9SqEPgD/OjAZswQK4PdeYw4K19mk72XV7KSbvdi1lONbTaFclu8ydcdjGvCz4gR
7WDUW1nnCkCwx/FeFWZGz6rKl6K7W6HjSSc4mAfpa/KWuIbIcjhZwMK6XMq24Vef
5WL66yg+W14Yzedc8PomnoW/ElIhvlJsWnOvFQjW8BnErfoGkBbuV46QedJ5f8JC
43Uh04DiUx1MsWIDHRpuyT6hbxEuxiTUeEBahxSceg7BSJ3/XqO3lCsDVI+nf9Y=
=tAlB
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161201134618.GV2130%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Reply via email to