So after doing some more research I’m quite certain that the backup tool backs up each VM separately with its own HMAC and I assume
that during the backup verification process the HMACs of each VM backup are verified. This being the case, I assume that if I get no
error when running the backup verification tool that this means every VM had its HMAC successfully verified and therefore the backup has
not been corrupted or modified.
So my questions are now very simply:
- Is the above statement correct?
- What is meant by:
“However, it does not currently detect if it is missing data as long as it is a correctly structured, non-corrupted backup file. See issue #3498 for more details.” [0][1]
Does this mean that the data for an entire VM can be missing (as in the encrypted data for that VM was simply removed from the backup archive), or does this mean that
random portions of a VMs data can be missing? I assume it has to be the former or there would be an HMAC verification issue, but I’d prefer to check.
[0] How to back up, restore, and migrate | Qubes OS
[1] https://github.com/QubesOS/qubes-issues/issues/3498