Hash: SHA256

On Thu, Dec 01, 2016 at 04:55:46AM -0800, bentva...@cloudctrl.nl wrote:
> So, how should I configure my qubes-builder config file? Any chance you could 
> maybe upload the config file that you've set the parameters for so I can have 
> it build R4 build .iso ?

As I said, I'll write an update on this soon :)

If you really want it right now, here my builder.conf:

But I can't guarantee it will work out of the box.

> How long before hvm with pv stubs is implemented? Or is this one already in, 
> and only pvh2 missing? 

HW42 is working on updated stubdomain there, to have not-so-ancient qemu
inside. I think this is the only missing part, at least in theory.

> How long before gui management tools are ready? Are all the terminal 
> management tools working? If so, I dont care, I could use some practice with 
> the management commands in the terminal :). 

Yes, most (all?) qvm-tools are working.

> By the way, I have a pgp-card, (Nitrokey) that I would like to use for 
> security on my build. Any tips for how to best use one for solid full disk 
> encryption? What storage layout should I use on a SSD with full disk crypto, 
> for optimal security, and prefent evil maid attacks? I was wondering about if 
> it would be possible to encrypt the whole disk, including boot? Or save boot 
> on my nitrokey, and encrypt it, (grub encrypt) so thr usb gives the 
> bootloader, the encryption password, the authentication over pgp, and maybe 
> some more security certificates that are required for accessing the O.S.
> The main thing I want to prevent is people tampering with my bootfiles to 
> have a keylogger or something installed,  or prevent people logging in using 
> a password obtained with a hidden camera. I want my (disk encryption) 
> security to be real 2 factor security requiring atleast my nitrokey, personal 
> password, and if possible maybe a third factor to be able yo log in to my 
> system, or even be able to unlock my filesystem. 
> Also, 
> What about the Tresor mod which saves your encryption key in the cpu? I 
> really like the idea of being able to prevent people frm extracting the key 
> from my ram. Any other tips for security ? 
Those questions deserve separate thread(s), but generally the answer is:
nice ideas, but not easy to implement in practice.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Version: GnuPG v2


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to