As far as I remember, there was an idea to kill stubdoms after boot, which would both reduce risk (as stubdoms run in PV) and CPU+memory overhead. I cannot try it right now, because I haven't installed Q4.
> If I switch to disposable VMs, I assume the risk would be reduced. You can sort reduce some risk of having your AppVMs permanently pwned. As a result, this could prevent some kinds of gradual pwnage of dom0. OTOH, if attacker pwns some your VM and has a reliable way to escape from the VM to dom0, it does not matter if it is DispVM or not. > Can this be done for the sys-vms? Not sure about 4, but I have done something similar for sys-usb in Q3.2. Strictly speaking, it is not a DVM, but it behaves similarly. The hack is simple in Q3.2: 1. Truncate VM's private.img to zero bytes. 2. Ensure that the VM template has created /home/user in root.img. (You can do something like this: sudo mkdir /tmp/root && sudo mount --bind / /tmp/root && sudo mkdir /tmp/root/home/user && sudo chown user:user /tmp/root/home/user && sudo chmod 700 /tmp/root/home/user) In Q4, you will probably be able to do something similar, but you probably can't truncate LVM volume to zero bytes, so this will require some elaboration. The VM sys-firewall could utilize the same hack unless you have some scripts there. VM sys-net probably cannot utilize this (at least not that straightforwardly) because of network config you have there. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8e6be7ab-6e57-4e44-ade2-c391d24bc4c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.