This is a good question, I think. Since we distrust sys-usb I agree that
we should not do the cryptsetup operations in sys-usb. But if you
distrust the attached device as well (might be safer, right?), one might
attach the luks-partition (resp. file) first to an intermediate (even
temp !) VM, luksOpen it in there and re-attach the generated /dev/mapper
volumes to the destination VM. That way sys-usb is blind to cryptsetup
and the destination-vm is maximally protected from usb-based attacks.
You shouldn't mount encrypted drives on sys-usb. Use qvm-block to attach
the partition to a different VM, then mount it there.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.