-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-05-18 02:55, Zrubi wrote: > On 05/18/2017 09:48 AM, pandakaas...@gmail.com wrote: >> I recently came across this PDF file stating that dom0 and the >> hypervisor (Xen) are stored unencrypted on the disk, because the >> disk wouldnt be able to boot(According to the PDF). but as far as I >> know, only /boot and GRUB are stored unencrypted. so is this PDF >> file wrong, or was I wrong (or both?). > >> Here you have a link to the file, you can find it on page 7: >> http://www.cs.uu.nl/docs/vakken/b3sec/Proj15/QubesOS.pdf > > > The Xen itself and the dom0 kernel (located in /boot) are both > unencrypted. > > This can be the reason using TPM and AEM: > https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html > https://www.qubes-os.org/doc/anti-evil-maid/ >
And everything except /boot is encrypted with LUKS by default. In particular, the contents of dom0 are also encrypted. See: https://www.qubes-os.org/doc/custom-install/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZIOdoAAoJENtN07w5UDAwoZ8QAJijXJxCcIM2Ze/yTtxMUef/ h3ROYup2mjHCscn2SOTRqmUj4Aa/aIByILaj1OAOEWzsRDb5Y/r6Vizjakg0dibK HOfmIkTFFmbkeA8kHd2w5z7OrBiQCUcDt1rCz11CDgA1YWmLD/4sWigU2OK9J68h 9mj5mvwMbv7w4XE+O11LZww9SICBfV5y1akC3AdOS4Qasb7ujdx15X/rOlHEdcIQ iZUVO9NmpFpQ/DWCzW/6BY1b+2rRV2HEd9KwRgRTexQ3AEfo+RY7i74PWbpHRtnS FVREing5ogQe2R4F/9d1gYepHPw4YAThc0h8ZPjeHC4K67SxdcIHOL3ISbuxtSPL c4pPHGvg8+lXzZ9JX1nYie5qvD8rK4dC+G78wWgba77fuCwTkjtGJR2ZUT5LaA3U bnAAwSRO3IcJnd3ZK//uXqlJKyvxk/mNzT7AlG53FbZ92zghcBRc8wI0bS6tY76A uCFN8P8qi9VuszQoJhxsTxe99yXz97M9VvoLY0CQC8I5HJFJEv73RTHFlchQZG8+ U8X/rq+y02RoRHLCwl3KEc8aYOZCMt9EC4p5VGeljlClo5mBSArujDkGEYTPJfk5 GV5vy2wU3m8s8CBC3J9wx/8c0gBufqXplfjrR3JwyoaEY2a6gFKpEF2U3KwmaLlW Negatcg+YVAMvXotcROJ =8WSK -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2c1c1daa-8090-102d-60ae-b79d136c716a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.