On Sunday, 21 May 2017 03:03:50 UTC+2, Andrew David Wong  wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 2017-05-18 02:55, Zrubi wrote:
> > On 05/18/2017 09:48 AM, pandakaas...@gmail.com wrote:
> >> I recently came across this PDF file stating that dom0 and the
> >> hypervisor (Xen) are stored unencrypted on the disk, because the
> >> disk wouldnt be able to boot(According to the PDF). but as far as I
> >> know, only /boot and GRUB are stored unencrypted.  so is this PDF
> >> file wrong, or was I wrong (or both?).
> > 
> >> Here you have a link to the file, you can find it on page 7: 
> >> http://www.cs.uu.nl/docs/vakken/b3sec/Proj15/QubesOS.pdf
> > 
> > 
> > The Xen itself and the dom0 kernel (located in /boot) are both
> > unencrypted.
> > 
> > This can be the reason using TPM and AEM:
> > https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html
> > https://www.qubes-os.org/doc/anti-evil-maid/
> > 
> 
> And everything except /boot is encrypted with LUKS by default.
> In particular, the contents of dom0 are also encrypted. See:
> 
> https://www.qubes-os.org/doc/custom-install/
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -----BEGIN PGP SIGNATURE-----
> 
> iQIcBAEBCgAGBQJZIOdoAAoJENtN07w5UDAwoZ8QAJijXJxCcIM2Ze/yTtxMUef/
> h3ROYup2mjHCscn2SOTRqmUj4Aa/aIByILaj1OAOEWzsRDb5Y/r6Vizjakg0dibK
> HOfmIkTFFmbkeA8kHd2w5z7OrBiQCUcDt1rCz11CDgA1YWmLD/4sWigU2OK9J68h
> 9mj5mvwMbv7w4XE+O11LZww9SICBfV5y1akC3AdOS4Qasb7ujdx15X/rOlHEdcIQ
> iZUVO9NmpFpQ/DWCzW/6BY1b+2rRV2HEd9KwRgRTexQ3AEfo+RY7i74PWbpHRtnS
> FVREing5ogQe2R4F/9d1gYepHPw4YAThc0h8ZPjeHC4K67SxdcIHOL3ISbuxtSPL
> c4pPHGvg8+lXzZ9JX1nYie5qvD8rK4dC+G78wWgba77fuCwTkjtGJR2ZUT5LaA3U
> bnAAwSRO3IcJnd3ZK//uXqlJKyvxk/mNzT7AlG53FbZ92zghcBRc8wI0bS6tY76A
> uCFN8P8qi9VuszQoJhxsTxe99yXz97M9VvoLY0CQC8I5HJFJEv73RTHFlchQZG8+
> U8X/rq+y02RoRHLCwl3KEc8aYOZCMt9EC4p5VGeljlClo5mBSArujDkGEYTPJfk5
> GV5vy2wU3m8s8CBC3J9wx/8c0gBufqXplfjrR3JwyoaEY2a6gFKpEF2U3KwmaLlW
> Negatcg+YVAMvXotcROJ
> =8WSK
> -----END PGP SIGNATURE-----

So the notion in the pdf file stating that dom0 is unecrypted is wrong i 
understand? also, what about xen, is it located in /boot or is it also 
encrypted?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0eb162c1-40fc-412b-9339-2478f19c9544%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to