Can a compromised AppVM be made trustworthy by truncating its private volume?
20 views
Skip to first unread message
Demi M. Obenour
Jan 24, 2020, 5:07:43 PM1/24/20
to qubes...@googlegroups.com
If an AppVM is compromised, is truncating its private volume (which is
documented) enough to restore it to a trustworthy state? Obviously,
this loses all data on that volume, but the cases I have in mind are
where a DispVM template was accidentally started itself, rather than
a DispVM based on it.
Sincerely,
Demi
documented) enough to restore it to a trustworthy state? Obviously,
this loses all data on that volume, but the cases I have in mind are
where a DispVM template was accidentally started itself, rather than
a DispVM based on it.
Sincerely,
Demi
Chris Laprise
Jan 25, 2020, 8:58:57 AM1/25/20
to Demi M. Obenour, qubes...@googlegroups.com
For regular AppVMs check out my Qubes-VM-hardening project at my github
url below. It aims to make the initial startup state trustworthy by
removing and controlling any hooks malware could use to persist on startup.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Reply all
Reply to author
Forward
0 new messages