Can I set an unencrypted external HD as /home folder for a VM

68 views
Skip to first unread message

Guy Frank

unread,
Aug 31, 2018, 12:14:04 PM8/31/18
to qubes-users
I tried Qubes once before but gave up because the hardware I had wasn't compatible. I'm now giving Qubes another try w/ a new machine and had a couple questions. Keep in mind I'm a newbie.

One question I had is whether there is any way to set an unencrypted (or encrypted?) external HD as the /home folder for a VM?

This would make it much more convenient for me to move my work between Qubes and a non-Qubes desktop. I realize this is a security hole, but the alternative of simply sticking with Ubuntu is even less secure.

Guy

js...@bitmessage.ch

unread,
Aug 31, 2018, 1:17:54 PM8/31/18
to qubes...@googlegroups.com
Guy Frank:
Hi Guy,

I'm not sure about setting it as /home but i think it's possible. But
it's easy to attach an external HD to a vm and save your files to it.

https://www.qubes-os.org/doc/usb/

Also it's pretty easy to encrypt it with luks for security, it just
takes a little longer each time.

--
Jackie

Guy Frank

unread,
Aug 31, 2018, 1:40:29 PM8/31/18
to qubes-users
On Friday, August 31, 2018 at 12:17:54 PM UTC-5, js...@bitmessage.ch wrote:
> Guy Frank:

> > One question I had is whether there is any way to set an unencrypted (or encrypted?) external HD as the /home folder for a VM?
> >
> > Guy
>
> Hi Guy,
>
> I'm not sure about setting it as /home but i think it's possible. But
> it's easy to attach an external HD to a vm and save your files to it.
>
> https://www.qubes-os.org/doc/usb/
>
> Also it's pretty easy to encrypt it with luks for security, it just
> takes a little longer each time.
>
> --
> Jackie

Thanks Jackie for your reply!

I remember it being fairly easy to attach USB devices w/ the right clicks here & there. So, yes, I'd have access to the files on my external HD.

But it would be more convenient if I could get Qubes to mount the home folder on the HD as the Home folder for the given virtual machine. I imagine that's trickier and was wondering if there's a way to do it?

Maybe use a script to mount the attached USB drive home (/home/guyuser) over the Qubes home directory? But then, if that's possible, some of the setup in the Qubes home directory might get missed.

Chris Laprise

unread,
Aug 31, 2018, 6:31:58 PM8/31/18
to Guy Frank, qubes-users
The key to using it as /home would be to setup a new storage pool to
hold that VM. Unfortunately the docs could use a rewrite:

https://www.qubes-os.org/doc/storage-pools/

The relevant commands are 'qvm-pool --add' and 'qvm-create --pool'.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

Guy Frank

unread,
Sep 3, 2018, 6:03:25 PM9/3/18
to qubes-users

Hi Chris: Thanks! This looks like a step in the right direction, but I have some questions. I'm guessing the commands will tell Qubes to treat my external HD as a potential place to store a VM. But that seems like it wouldn't take the existing home directory on the external HD as the VM home directory but instead store a VM file containing the VM's home directory structure on the disk. That file would, I imagine, be difficult to access on the Kubuntu I have running on my home desktop and wouldn't contain the files currently on my external hard disk, which mirror my Kubuntu files.

Is that the case and is there any fix? Am beginning to think the only way to work this is to simply attach my external HD as a USB device and give up on trying to make the files my home directory.

Guy

Chris Laprise

unread,
Sep 3, 2018, 7:01:05 PM9/3/18
to Guy Frank, qubes-users
You're right that it wouldn't readily treat a bare home directory as the
VM's own, but create a Linux disk image instead.

But if the other systems are Ubuntu or similar Linux, you have options.
First is encryption: Ubuntu should recognize a LUKS-formatted drive when
its inserted and prompt the user for a passphrase automatically to
unlock and mount it. This could make your work flows more secure.

Also, I recall Ubuntu having some way to mount disk image files from the
file explorer. But you can setup the drive with LVM on top of LUKS (use
the LVM Qubes driver), and I think in this case Ubuntu may try to make
the LVM volumes available to the user as soon as its unlocked (if not,
you could use gnome-disks as a GUI to do this, although a script with an
icon would work too).

unman

unread,
Sep 4, 2018, 8:36:12 AM9/4/18
to qubes-users
If it were not USB it would be straightforward.

It occurs to me that you may be able to change the configuration, (see
previous thread on assigning SATA devices) to attach the USB device on
boot, and have fstab configured to mount the newly exposed device in
the qube as /home or a directory in /home.

I haven't tried this but I'm assuming it would be possible, and would fit
your needs.
I'll have a quick poke at this in the morning, and see if there's any
mileage in the thought.

Guy Frank

unread,
Sep 6, 2018, 2:45:36 PM9/6/18
to qubes-users

Thanks Chris & Unman! I'll have to give your suggestions a try, if I can get Qubes working on this new computer of mine. The question was meant to see how practical Qubes would be, under the assumption that I could install it. Will have to circle back to actually doing this.

Guy

Reply all
Reply to author
Forward
0 new messages