> Michael Singer:
>> I am looking for a really secure way to use Qubes for searching not
>> only a hard drive for file names, but for text that is in files.
>> The goal is to avoid an exploit in the searched files leading to a
>> takeover of the hard drive by malware.
>> The total size of all my files is too large for me to put them all
>> in one qube before searching for text in them.
>> Would it perhaps be possible to mount only a single partition of the
>> hard drive into a qube, but not with write permissions, only read
>> permissions?
> Yes, e.g. like this:
> $ qvm-block attach --ro destinationvm sys-usb:sda1
> Then you can decrypt and mount the read-only /dev/xvdi in the
> destination VM.
>> I would do the search on command line, using "grep" for plain text
>> files, "pdfgrep" for PDFs, and something for table files, databases,
>> etc.
>> Is my idea feasible? And how secure would it be?
> Sounds fine to me. But malicious content could still exploit the
> destination VM, so consider attaching to a DisposableVM (after
> switching off its networking).
> If your partition is LUKS1[1] encrypted, Split dm-crypt[2] might be
> convenient. Its default behavior is to attach the decrypted partition
> to an offline DisposableVM:
> $ qvm-block-split attach --ro sys-usb:sda1
> [1] TODO: LUKS2 support
> [2] https://github.com/rustybird/qubes-split-dm-crypt
> Rusty>

Dear Rusty Bird,

thank you very much for your advice. I had to find a way to mount the read-only 
volume in the destination qube. I discovered the page 
https://www.qubes-os.org/doc/block-devices/ But it doesn't say how to mount it 
either. The normal way with "$ sudo mount /dev/xvdi /mnt" does not seem to work 
for read-only. You have to tell the mount tool that it is a read-only device: 
"$ sudo mount -o ro,noload /dev/xvdi /mnt" This way it works. Perhaps this 
should be added to the documentation.

I read the notes about your split-dmcrypt-tool. Good work! Let's assume I would 
not work with LUKS. Suppose I mount sda1 with read-only option set in a DispVM 
(after switching off its network), decrypt it there and search in the files. An 
exploit bug occurs and the VM is taken. Now it could happen that someone leaks 
the partition password to the internet via a covered channel. So would it be 
safer to mount the decrypted volume again in another DispVM before we search 
it? And how would that be done? With the loopdevice method? What commands would 
you use in the terminal?

Many thanks
Michael Singer

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to