On Sunday, 21 May 2017 03:03:50 UTC+2, Andrew David Wong wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2017-05-18 02:55, Zrubi wrote: > > On 05/18/2017 09:48 AM, pandakaas...@gmail.com wrote: > >> I recently came across this PDF file stating that dom0 and the > >> hypervisor (Xen) are stored unencrypted on the disk, because the > >> disk wouldnt be able to boot(According to the PDF). but as far as I > >> know, only /boot and GRUB are stored unencrypted. so is this PDF > >> file wrong, or was I wrong (or both?). > > > >> Here you have a link to the file, you can find it on page 7: > >> http://www.cs.uu.nl/docs/vakken/b3sec/Proj15/QubesOS.pdf > > > > > > The Xen itself and the dom0 kernel (located in /boot) are both > > unencrypted. > > > > This can be the reason using TPM and AEM: > > https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html > > https://www.qubes-os.org/doc/anti-evil-maid/ > > > > And everything except /boot is encrypted with LUKS by default. > In particular, the contents of dom0 are also encrypted. See: > > https://www.qubes-os.org/doc/custom-install/ > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJZIOdoAAoJENtN07w5UDAwoZ8QAJijXJxCcIM2Ze/yTtxMUef/ > h3ROYup2mjHCscn2SOTRqmUj4Aa/aIByILaj1OAOEWzsRDb5Y/r6Vizjakg0dibK > HOfmIkTFFmbkeA8kHd2w5z7OrBiQCUcDt1rCz11CDgA1YWmLD/4sWigU2OK9J68h > 9mj5mvwMbv7w4XE+O11LZww9SICBfV5y1akC3AdOS4Qasb7ujdx15X/rOlHEdcIQ > iZUVO9NmpFpQ/DWCzW/6BY1b+2rRV2HEd9KwRgRTexQ3AEfo+RY7i74PWbpHRtnS > FVREing5ogQe2R4F/9d1gYepHPw4YAThc0h8ZPjeHC4K67SxdcIHOL3ISbuxtSPL > c4pPHGvg8+lXzZ9JX1nYie5qvD8rK4dC+G78wWgba77fuCwTkjtGJR2ZUT5LaA3U > bnAAwSRO3IcJnd3ZK//uXqlJKyvxk/mNzT7AlG53FbZ92zghcBRc8wI0bS6tY76A > uCFN8P8qi9VuszQoJhxsTxe99yXz97M9VvoLY0CQC8I5HJFJEv73RTHFlchQZG8+ > U8X/rq+y02RoRHLCwl3KEc8aYOZCMt9EC4p5VGeljlClo5mBSArujDkGEYTPJfk5 > GV5vy2wU3m8s8CBC3J9wx/8c0gBufqXplfjrR3JwyoaEY2a6gFKpEF2U3KwmaLlW > Negatcg+YVAMvXotcROJ > =8WSK > -----END PGP SIGNATURE-----
So the notion in the pdf file stating that dom0 is unecrypted is wrong i understand? also, what about xen, is it located in /boot or is it also encrypted? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0eb162c1-40fc-412b-9339-2478f19c9544%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.