Booting from two separate hard drives?
Linus Stridbeck
I would like to run Windows on the SSD and Qubes on the Sata M.2 SSD 2242
From what I have read it is possible all it takes is some modifications in bios.
But is it advisable from a security point of viwe? I know its a bad ider to boot from one singel hardrive but in this case i guese the Windows hard drive is completely disconnected when runing qubes on the Sata drive?
Yuraeitha
It's certainly possible yes, I've done it multiple of times on different hardware, although I don't do it on my main hardware. Just be sure you know your way around UEFI/BIOS EFI/Grub.
- Firmware, while maybe exotic attacks? can be attacked, and thereby having anything unsecure installed on your system, from anytime in the past, to any time in the future, while using Qubes on it, is insecure. Once comprimised, it's not really something you can undo again by erasing disks or putting in new disks. Generally too, it's not certain when or how these kind of attacks are measured, so they may be more common than imagined, maybe years into the future? Especially when A.I.'s come around, but don't wait for A.I.'s to take this threat seriously, it may happen before then.
- Qubes must also always stay encrypted, never access it from another unsecure operation system.
- Password encryption must be at least strong enough so that your own cpu can't brute-force it. I don't think it can be brute-forced remotely though, but you never know.
Whether its advisable? I frankly don't know, I don't have the skills and expertise to tell you. But if you ask me, it can work, but it isn't something you should bet your own life on.
Yuraeitha
Another idea is to use BIOS/Grub, instead of UEFI/EFI, put the parts of Grub that is un-encrypted on an CD/DVD/Bluray, and use your disk to boot up Qubes. This way it cannot be modified.
Your BIOS/firmware is still exploitable though, but at the very least you're less exposed.
Linus Stridbeck
Linus Stridbeck
Yuraeitha
> ok, that's interesting. so whats the difference between between booting like i proposed and simply manually taking out the windows harddrive and putting in a hardrive with qubes on it?
This would protect you from current and future attacks like the ones mentioned, but it will not protect you from existing infected firmware if it has already exploited/attacked, essentially it's like ghosts living in your firmware, it'll keep coming back. The question is if your hardware's firmware got exploited/attacked in the past or not. You're not totally safe, but on the other hand you would be more safe than before.
The question is also if you want to go this far though, Qubes is not fully developed yet to completely isolate the hardware. For example firmware of drives may get exposed in the current Qubes. Qubes OS has gotten far, but as the developers say themselves, it still got some areas to fix, which will be done in the future versions of Qubes OS.
Essentially, you may want to question if you want to take extreme measures, whether it's worth it not, considering currently many firmware attacks may still be exotic (but may not stay that way), and that Qubes isn't fully isolated from the hardware today, so you'll still be exposed to damaging firmware's anyway, at least for some time to come.
Jon R.
That's a serious question I don't get it...
Any way would itbe compleatly safe to actuly changing harddrives manualy?
Linus Stridbeck
So conclusively its less secure to boot from different hard drives compared to switching manualy becous the first option could alow some one to get in to bios not only firmware?
Its amzing to me that its even possible to get in the firmware! Ones in the firmware youre basicly one step from the hardrive right? Is it easier to get in the firmware whern using Windows than when using qubes?
Besides when in the firmware you per se have to IP address right?
Yuraeitha
The BIOS/UEFI is also firmware btw, so in the future you read security articles and firmware is mentioned, it might indirectly include mention of BIOS/UEFI as well. The same goes to any other firmware, drives like HHD's/SSD's/HVMe's/thumb-drive's all have firmware too, and so does USB, and many other pieces of hardware. Qubes OS founder Joanna is advocating for stateless hardware, essentially hardware without firmware, where the software fully controls the hardware. This allows for machines to be wiped clean and install fully secure software on it again, or to reset if you suspect you got infected. Unfortunately right now market forces, politics, society habits, as well as competition and costs, all make it unlikely for anyone to start creating stateless hardware. It'd require a big push, or for a significant producer to start doing it, politics demanding it via law, or something like that.
Also note if you for example link your drives directly into an AppVM for example via qvm-block or qvm-usb, as far as I understand it, you're essentially exposing the firmware of the drives/thumb-drives, and thereby new firmware threats can reach this firmware, even if you're using Qubes. This is something the developers warned us about and are working on solving. But it goes to show that you're not fully safe, not yet, though using Qubes OS gets you far into the right direction at least, and it's a direction that is rapidly improving further.
And as you might suspect now, your question if it's easier to access firmware from windows, is essentially a big yes, your firmware is completely exposed in any operation-system running directly on the hardware. That's the strength of virtual environments, you can keep it out of reach of the hardware's firmware. Unfortunately virtual technology isn't perfect yet, it's still under development and improvements. But the protection Qubes provides, is far superior than the non-existing protection i.e. Windows provides.
Dual booting has two major issues that are solved by not dual booting
- Easier to cause new infection of firmware from a less secure Operation System.
- Attacks carried out on the secure OS from the non-secure OS.
I believe those two can carry all the exploit methods meta-headlines, beneath them it gets much more complicated, but essentially it can be narrowed down to those two headlines in a broad sense.
awokd
> Also note if you for example link your drives directly into an AppVM for
> example via qvm-block or qvm-usb, as far as I understand it, you're
> essentially exposing the firmware of the drives/thumb-drives
restricts access somewhat) true of qvm-usb but not qvm-block. Ideally,
when you use qvm-block you attach a partition to a VM. By attaching the
whole block device instead, you additionally expose the VM to partition
table level attacks, but still not firmware.
Linus Stridbeck
cooloutac
No its not advisable because windows if compromised can undermine the qubes /boot partition which is not encrypted.
And even if you are disconnecting drives, its much easier to flash firmware from windows then in qubes, which would also then undermine qubes when you connect its drive and run it.
john
systems, both with windows on 1 HD , Qubes on the other, 3.2 seems to
be UEFI , 4.0 only seems do-able with Legacy.
It seems a bit far fetched that remotely someone is going to boot up my
windows drive and reflash my Bios , though nothing is impossible these
days, but as some say, if that is your adversary's skill set, than you
may have bigger problems :)
I don't like having to keep windows around, but Qubes being what it is,
there is something to be said for having a backup OS IMO ; and I
don't think I'm going to want to learn gnucash and there being no win
tools (not that I ever got that stable in 3.2) in 4.0 .....
Perhaps I one keeps their windows use to a minimum and offline, one
might less worried about /boot ?
bill...@gmail.com
The fact is that there is, and always will be, an inverse relationship between security and usability, and one has to decide on the balance on an individual use basis. Security isn't a toggle. It's a little like locks. You lock your luggage not to stop someone determined to break in, but mostly just to stop it from spontaneously popping open as it gets thrown around by baggage handlers. You lock your car not to stop someone with a hammer and a crowbar, but to discourage people just pulling on door handles to see what they can get. You lock your doors to your house not to stop a guy with a tank, but to encourage your average thief to go next door. You build a gun safe so that it takes significant machinery to get in, and a home intruder will not be able to get your weapons. You build a safe room so that it takes machinery and lots of time to get in.
The same thing is true here. Qubes is cool, and it provides significantly more security/privacy than "regular" linux, which provides more security/privacy than Windows. Most of us are not being targeted by the NSA. Most of the folk I know are mostly just sick of Google and Facebook et al. stealing our lives, and don't like the idea of trivial routine surveillance of our lives. For that, security isn't an all or nothing thing. It's a continuum, and there's nothing "wrong" with making "reasonable" compromises for the sake of usability -- if one knows and is willing to accept the risks.
IMHO, of course.
billo