-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/18/2017 09:48 AM, [email protected] wrote: > I recently came across this PDF file stating that dom0 and the > hypervisor (Xen) are stored unencrypted on the disk, because the > disk wouldnt be able to boot(According to the PDF). but as far as I > know, only /boot and GRUB are stored unencrypted. so is this PDF > file wrong, or was I wrong (or both?). > > Here you have a link to the file, you can find it on page 7: > http://www.cs.uu.nl/docs/vakken/b3sec/Proj15/QubesOS.pdf >
The Xen itself and the dom0 kernel (located in /boot) are both unencrypted. This can be the reason using TPM and AEM: https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html https://www.qubes-os.org/doc/anti-evil-maid/ - -- Zrubi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZHVNBAAoJEH7adOMCkunmeHYP/R9HZ8OKmJQqVsFguS7ozIfj 1CiwrWuTK/RskzRv0X3RSzk/+9BvF66MuL7KldfmuQQ2l8UKO8FX7BPjKj9ITYz4 QbGPZkt+ysAADU26v4vzxLh0jUE360RGEDLQYc+pB1h/sOWMrLhufRZROXLiNXfU xmXXBowEDfcZ/LbT59SdKX2PSMKjYkIWTenelxeyH6/zxwzruRVl0YXblyXYT5CR G0Fp3RMrWFGYWoMhkg60VXAyHrA56QfzodmPy9zNRULc8Vj3sh+2pTDH58350AQv fznfYLpoVRKJzvO/H/um5ISePFNbQdl27/uLGBKnj7WuEybAoAFoPXL+1Y4VC9Za Gy2e1BO5GKYYgriLi/LVFzvix4Qn0OIinwNr+/7JhFJ99TgK1Xt4aWBH1zm92G8K MyIbXqvkDRPDGSdjVDPAYnnnOWYJh46BRUE+0JzhhonIWO71IfjDNbh6Eg45cEU/ hPC+NbMvqVLcdlD+us8746Sv8cNJZG3tMKzLo0FDERqA/ZDvIdXjwcKMG9l8WHM8 rX+Xrs0k9PD15q7G08gMkgqgsqzTrBdc6Vr1Aa33oAMkrwGqiWfrqUboRJwmHu9h Nlyu2ZW7tm/ipjCGlV/Rw1x6T2D/tpqbZa9V+GjibPOSF0KXSTjcyDSVU+SpEyJH do+i3HNd00VK+um5cX0i =69AL -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc9cd077-2a20-7491-d859-396d43c3b6de%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
