On Thursday, June 29, 2017 at 9:49:24 PM UTC-4, alexey@gmail.com wrote:
> ... bump ...
To anybody with AEM & USBVM.
$ sudo qubes-dom0-update
Works perfectly after you seize USB controller from USBVM (or sys-net in my
case) back to dom0, reboot and mount your AEM USB drive to /boot. It even
updated the AEM package...
First reboot didn't show secret as expected and resealed it after LUKS password
was entered. Subsequent reboots show secret after AEM USB is disconnected.
I am not sure if it is OK in terms of the threat model though. You move
potentially compromised USB controller from untrusted domain to your dom0 and
back after an upgrade... At least disconnect all USB devices from it (or, if
you are on laptop with one USB controller like me, just stun your paranoia).
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5e245069-1d37-4d5b-906c-4c0b7d4588ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.