On 08/13/2018 04:47 PM, [email protected] wrote:
Related question.
If I installed Qubes and used LUKS encryption (I have to run cryptsetup
openLuks just to see the LVM inside)... then I add physical drives to my Volume
Group, and start adding more AppVMs to the pool, that starts writing to the
PV...
Is the data on the new drive, encrypted?
Can anyone forensically pull data from those new AppVMs since it wasn't
originally a part of the LUKS encrypted drive?
Based on the sparse description I'd say No, the new space is not
encrypted. You have to add separate LUKS/dmcrypt block layers to those
new devices and then treat those dmcrypt block devices as the new pvs.
If you're doing this to qubes_dom0, then it could be a little tricky
getting all of the encrypted "pvs" to unlock at the same time during the
boot process. You'd need to investigate how crypttab and grub
accommodate that multi-volume setup.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6640ddad-eb8f-9caf-5b0e-8284270d80a7%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
