If you leave your Qubes unattented, on, but locked. That means ofc that the LUKS key are in memory somewhere. What are the potential attack vectors to being able to extract the key from the memory of a locked Qubes computer besides a cold boot attack? Is there bugs in the usb/hdmi bus:es or how safe are you in these cirvumstances?
I don’t mean to hijack, is it true that the LUKS keys are in the RAM?
If so, are there attempts made so Qubes stores it in the cpu memory in the future, like RamCrypt oder TRESOR?
Probably the same potential attack vectors as any other system with FDE, cold boot attacks being one of the main ones.
Well, if they were known bugs, they’d probably be patched by now, or at least tracked with folks working on patches. If they’re unknown bugs, then, by definition, no one can tell you what they are. That’s why zero-day vulnerabilities are significant. However, Qubes is designed under the assumption that such interfaces are vulnerable, which is why
sys-usb are untrusted from the beginning. This is also why Anti Evil Maid exists.
Yes, this is standard behavior for FDE, nothing Qubes-specific.
There have been several proposals for Qubes-specific mitigations. Here are two examples:
You can probably find other discussion threads on this by searching the qubes-users and qubes-devel mailing lists.