Creating a qubes hidden system with Veracrypt

812 views
Skip to first unread message

skyn...@gmail.com

unread,
Mar 2, 2017, 12:56:07 AM3/2/17
to qubes-users
Just as the title says. I wish to create a qubes hidden system in Veracrypt, but I'm not entirely sure what the process for that would be. Do I run veracrypt on Dom0, and from there the hidden volume that is created, will be a clone of the whole OS? How would I run Veracrypt on Dom0?

Franz

unread,
Mar 2, 2017, 6:48:43 AM3/2/17
to skyn...@gmail.com, qubes-users
On Thu, Mar 2, 2017 at 2:56 AM, <skyn...@gmail.com> wrote:
Just as the title says. I wish to create a qubes hidden system in Veracrypt, but I'm not entirely sure what the process for that would be. Do I run veracrypt on Dom0, and from there the hidden volume that is created, will be a clone of the whole OS? How would I run Veracrypt on Dom0?


Why you do not consider using  Veracrypt in an applVM?
 
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/78282345-1667-4f91-ba09-193fe1c74a2f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Unman

unread,
Mar 2, 2017, 6:15:04 PM3/2/17
to skyn...@gmail.com, qubes-users
On Wed, Mar 01, 2017 at 09:56:06PM -0800, skyn...@gmail.com wrote:
> Just as the title says. I wish to create a qubes hidden system in Veracrypt, but I'm not entirely sure what the process for that would be. Do I run veracrypt on Dom0, and from there the hidden volume that is created, will be a clone of the whole OS? How would I run Veracrypt on Dom0?
>

I'm pretty sure that Veracrypt documentation says that only Windows
system encryption is supported, and I don't recall seeing anyone creating
a hidden Linux system using Truecrypt.
Probably wrong about that.

On the other hand, you can fairly easily find guides on installing a
hidden Linux system using LUKS. It isn't particularly easy but it is
doable. Then you would want to install Qubes on to the hidden volume.

Remember that Qubes uses disk encryption by default.
An alternative approach might be to install Veracrypt in dom0 and create
hidden volumes in which you store qubes. You could do this by creating
base qubes, copying the files from /var/lib/qubes/appvms to the hidden
volumes. Then you can use the qubes as normal.
When you want the "secret" qube, decrypt the hidden volume and bind
mount the qube folder over the folder in /var/lib/qubes/appvms.
Could be worth a try, and relatively simple to do.

unman

rolling electron

unread,
Jul 7, 2018, 2:05:04 PM7/7/18
to qubes-users

what do you mean by base qubes? templatevms?

Reply all
Reply to author
Forward
0 new messages