Attach hard disk to qube and its security

Hi all,
I have a question about security. The setup is as follows:

  • a dedicated qube for cryptocurrency clients

  • a dedicated hard disk for storing cryptocurrency blockchains, there is one btrfs partition and it’s currently not encrypted

When I use the cryptocurrency qube I attach the hard disk partition to the qube and mount it so that blockchain data goes to that disk.

My question is: is there security risks in this kind of setup? Let’s say the qube gets compromised with malware and the malware writes malicious data to the attached partition.

When the qube shuts down or computer is rebooted, what are the odds of getting something bad to dom0 from the disk/partition?

Is there difference in security between attaching the whole disk vs attaching the partition? I guess attaching the partition may be a bit safer?

Would encrypting the disk/partition improve security? (In terms of malware/infection I mean. Blockchain data is not confidential so it doesn’t matter if it gets leaked.)

Hello, and welcome to the community.

Yes it is a bit:

This is exactly how I’d do it.

Until the disk is attached to dom0, the odds dom0 to get compromised from above scenario are very low. Xen exploits are needed for this, mostly. So, never attach that disk to anything else in Qubes, at least. Just as you created dedicate bitcoin-qube, decide that disk to be bitcoin-dedicated too.

Whose security? dom0? Not. Nothing else left, since it would be decrypted in bitcoin-qube, and wouldn’t be used anywhere else, but even if you’d want to use it anywhere else AppVMs and dispVM are considered to be already compromised by default in Qubes.

You’d want to encrypt disk attached to dom0 from a physical access, and once an adversary in dom0, it’s already Game Over.

1 Like

@enmus Thank you for your answer.

My ideas of improving security were:

  • attach only the partition, not the disk → the bitcoin-qube will not see the partition table of the disk and can’t compromise it
  • encrypt the partition → dom0 can’t see the data contents of the partition, however it can still see some partition information/metadata so I guess this won’t improve security a lot, and besides, dom0 shouldn’t touch the data anyway even if it’s not encrypted