[qubes-users] Suggestions for running media server?

2016-09-02 Thread Connor Page
No. 4 makes sense. sys-usb shouldn't know the encryption keys. encrypted block device can be attached to a server vm where it would be appropriately decrypted and mounted, possibly from dom0 via qvm-run (you can start a vm, attach storage, decrypt and mount it by a short script using qvm-*

[qubes-users] Suggestions for running media server?

2016-09-02 Thread Anon
I'm looking for some suggestions for running a "maximally-secure" media server that will access an encrypted USB hard drive for it's storage. It can and probably should be read-only to the media-server software. A few possibilities I can think of listed from assumed lowest security to highest