On 10/24/19 9:17 AM, tetrahedra via qubes-users wrote:
From Ratliff's "The Mastermind":
"...they were told to close the computer immediately. The TrueCrypt
software would be activated as soon as the laptop lid was shut."
While most Qubes users are probably not interested in starting global
criminal empires, this specific idea seems useful enough.
Currently there is no option in Xfce Power Manager to shut down the
laptop entirely, and "hibernate" is not supported by Xen.
Is there another way to ensure FDE gets fully enabled when the laptop
lid is shut?
IIRC past discussion about this hinged on the feasibility of cold boot
attacks. Since the contents of RAM was recoverable, protecting the disk
this way was not seen as important.
If you want to protect valuable secrets from cold boot, you'd have to
shut down sensitive VMs before activating the FDE lock... at that point,
you're not very far from the level of effort required to boot the whole
system.
There is also the possibility of a physical attacker booting their own
OS that pretends to be your FDE lock prompt as a way to steal your
passphrase.
I think a case could be made for an FDE lock + hibernate in some use
cases, however. If we consider computers that have secured boot code
which resists replacement and is tamper-evident, then it might be worth
pursuing.
BTW, I'm not aware of a Linux FDE lock. Are you?
Re: Xfce... You'll find the power options in KDE to be more complete and
functional. For example, the system shutdown option is available and may
also be triggered with a keyboard shortcut. Monitor power save mode also
works correctly with KDE on various systems but in Xfce it usually doesn't.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/51153f1c-b574-6686-fda4-fd7384bbaa13%40posteo.net.
