On 2/1/20 4:12 PM,
curious...@mailbox.org wrote:
> To remain secure, must one use a different external storage devices per
> VM / security domain? Can one use a single external storage devices to
> store files from multiple VMs securely, and if so, how?
One option is to create a Qubes storage pool on the external drive, then
move some of your VMs to it:
https://www.qubes-os.org/doc/storage-pools/
>
> Is creating multiple encrypted partitions on a USB drive, each only
> mounted and unlocked in it's relevant VM, a good option? (This would
> require multiple passphrases and I believe recognizing the relevant
> partition from it's partition number / size, which seems a lot of effort).
The answer in many of these cases is 'Yes', even without storage pools.
But it can get a little complicated.
Start by reading about 'qvm-block' (or the Devices GUI widget) and how
to attach raw block devices to different VMs. It also helps to know
about Linux storage e.g. how to create and use LUKS volumes.
You can, for example, have a physical disk partition accessible by
sys-usb, then 'qvm-block attach' it to a trusted encryption vm (this
could even be dom0) where 'cryptsetup' is used to format/open/close the
encryption layer. Then create partitions on top of that encryption layer
and use `qvm-block attach' to assign them to various AppVMs where they
are formatted/mounted.
Notice there is a separation of duties where sys-usb isn't trusted and
does the physical access, dom0 insulted from the physical device and
does the encryption, and the AppVMs only see their virtual disk
partitions and the filesystems they use on them.
A simpler approach is to attach partitions directly from sys-usb to your
AppVMs, and let each AppVM handle two layers: encryption and filesystem.
I say this is 'simpler' but this way you'll need to unlock each
partition separately before its mounted.
>
> I'm assuming that moving untrusted files between an untrusted VM and a
> USB drive, and moving trusted files between a trusted VM and the same
> partition on the USB drive is a breach of security through
> compartmentalization. Is that correct?
Yes. But as discussed above, it isn't necessary to do this if all you
want is external storage. You don't have to copy files around.
>
> I understand that "Backup Qubes" is the best way to backup and restore
> multiple VMs, but I just want to move some files between multiple VMs
> and an external device. I have read the documentation and searched the
> list but feel like I'm missing something. Many thanks in advance.
--
Chris Laprise,
tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886