Installed Qubes on "reasonably" secure, portable and fast USB drive

63 views
Skip to first unread message

Toni S

unread,
Oct 13, 2016, 7:36:36 PM10/13/16
to qubes-users
Just thought to share my experiences on installing Qubes on this nice little 240gig USB 3.0 thumb drive equipped with SSD controller:

http://istorage-uk.com/product/datashur-ssd/

The stick has XTS-AES 256bit hardware encryption and bruteforce self-destruction features boosted with pretty fast read/write speeds and rugged design.

The original idea was to have small portable and care free persistent installation media for Qubes, and mitigate big bunch of evil maid type of attacks at the same time. Nowdays when you can already find a good selection of fast USB drives with big capacity, I think this type of installation on external drive would obviously become quite feasible compared to physical hard disk installations which are quite difficult to protect from physicl access.

So far after one month use, the speed has been more than enough for running 10-15 virtual machines at the same time and all the AppVM's are launching from scratch in few seconds. Some read/write tests are close to what's promised (195M/s read and 162M/s write) Im even using the LUKS software crypto on the OS installation in addition to HW crypto, so there is two layers of encryption. Might be handy if you want to backup the whole stick to some place media without underlying crypto.

Only annoyance with the stick so far has been that it locks itself automatically right after it loses power, and for some reason there is a short power break in booting the Qubes, just before the graphical loading screen and crypto unlock. Then you just need to unlock the stick again and you are good to go.

Machine I'm running this is i7-6700k with 32G memory.

Happy to hear what experiences you have on running Qubes on other fast portable thumb drives...

-Toni

Manuel Amador (Rudd-O)

unread,
Oct 13, 2016, 9:34:35 PM10/13/16
to qubes...@googlegroups.com
On 10/13/2016 11:36 PM, Toni S wrote:
> Only annoyance with the stick so far has been that it locks itself automatically right after it loses power, and for some reason there is a short power break in booting the Qubes, just before the graphical loading screen and crypto unlock. Then you just need to unlock the stick again and you are good to go.

I don't think that's a power drop. I think that's the BIOS handing over
the device to the Linux kernel, which then needs to reboot and
reinitialize the device to continue reading from it.

I like the self-destruct capability, but what's the benefit of the
encryption on the drive? How do you type the password on the device, if
it isn't LUKS?

--
Rudd-O
http://rudd-o.com/

Franz

unread,
Oct 14, 2016, 12:11:30 AM10/14/16
to Manuel Amador (Rudd-O), qubes...@googlegroups.com
It seems there is a hardware numeric keyboard on the device. Could be really interesting for travelling.
best
Fran
--
    Rudd-O
    http://rudd-o.com/

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ebd5bee-dcf6-614a-6f29-88e1a6f06cc4%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages