On Sat, May 19, 2018 10:12 pm, Alex wrote: >>You shouldn't mount encrypted drives on sys-usb. Use qvm-block to >>attach >>the partition to a different VM, then mount it there. > > Can you elaborate? > > 1. What's the security benefit?
Sys-usb, like sys-net, exist to protect the rest of your system from potentially compromised hardware devices and low level attacks. Say you plugged in a USB drive you happened to find laying on your front doorstep, and it managed to compromise sys-usb but not your other VMs. If you then passed through a second drive with qvm-block, the bad sys-usb still wouldn't have access to the decrypted contents, but would if it's mounted directly in sys-usb. > 2. What are the steps to correctly restore by Qubes backups from a USB > disk? Mounting it directly in sys-usb is "correct" in that it works, but suggest something like https://www.mail-archive.com/[email protected]/msg17265.html. > 3. Is there anything in the backup tool UI that guides users towards the > workflow you describe? No. Closest might be the introduction to the https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube section, but I can't remember any more exactly where I learned this. Would it help if it were in the FAQ section and/or backup/restore guide? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19ba74141f4be5f14042314e092a38b0%40elude.in. For more options, visit https://groups.google.com/d/optout.
