Live USB warning
92 views
Skip to first unread message
Marek Marczykowski-Górecki
Sep 3, 2015, 5:30:26 PM9/3/15
to qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
We've just found that recently published alpha release of Qubes Live
edition have major flaw. If you use it on a machine, where some
unencrypted swap partition is present, it will be used by Qubes Live.
This may lead to leaking user data to that not encrypted partition,
which will be there even after shutting down the system, and available
to possibly some other system(s) running later on the same hardware.
We will address this in the next pre-release, but currently as a workaround
(when you have such partition present) it can be disabled by "noswap"
boot option. To add it, at bootloader screen press TAB, then move cursor
to the kernel options, just before "--- initrd0.img", and there add
"noswap".
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJV6LvsAAoJENuP0xzK19cs4qIIAITZIg7z42OwCEW1UUKCJPRz
H120IRHr3lKa5CwiGv4kZOy99QtYYkCfDjYa6ftDz1f48m7P5fjctYpairi3wbty
8UgwNm2zsAeRjt3TWWRAuMsLx6DpqJQXja6Mfnw31GhISLYGYwj226wxXI8GJuNH
++3EK3RSsCVBNxWLPnLltlVBS3TjIGUnDN7S2LA8BldLkfOYaOU14zUrielNBkcC
sVwszqyCQatfu7FvWyJgdIbUU6NAc79AwlY+FK4pvdc0WnJyQwZVqn9PVLkl7409
aYy0V2QQk+VN2Wgr7nucPFRMxIZhnmib2Wr+6b7eXPKmVmtRm1ABLjMvlm45QCU=
=lciq
-----END PGP SIGNATURE-----
Hash: SHA256
Hi,
We've just found that recently published alpha release of Qubes Live
edition have major flaw. If you use it on a machine, where some
unencrypted swap partition is present, it will be used by Qubes Live.
This may lead to leaking user data to that not encrypted partition,
which will be there even after shutting down the system, and available
to possibly some other system(s) running later on the same hardware.
We will address this in the next pre-release, but currently as a workaround
(when you have such partition present) it can be disabled by "noswap"
boot option. To add it, at bootloader screen press TAB, then move cursor
to the kernel options, just before "--- initrd0.img", and there add
"noswap".
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJV6LvsAAoJENuP0xzK19cs4qIIAITZIg7z42OwCEW1UUKCJPRz
H120IRHr3lKa5CwiGv4kZOy99QtYYkCfDjYa6ftDz1f48m7P5fjctYpairi3wbty
8UgwNm2zsAeRjt3TWWRAuMsLx6DpqJQXja6Mfnw31GhISLYGYwj226wxXI8GJuNH
++3EK3RSsCVBNxWLPnLltlVBS3TjIGUnDN7S2LA8BldLkfOYaOU14zUrielNBkcC
sVwszqyCQatfu7FvWyJgdIbUU6NAc79AwlY+FK4pvdc0WnJyQwZVqn9PVLkl7409
aYy0V2QQk+VN2Wgr7nucPFRMxIZhnmib2Wr+6b7eXPKmVmtRm1ABLjMvlm45QCU=
=lciq
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages