Hi all,
I have an idea to install multiple OSs on my PC (Qubes + Windows + whatever).
In the past, I used a hardware button panel mounted in my PC case, where each button disabled/enabled one SATA drive.
But I was surprised not to see such an option in my BIOS for NVMe drives, neither for those connected via CPU nor for those connected via chipset.
A physical button here is even more impossible due to connection type of M.2.
As a workaround, I thought I could buy a PCIe NVMe adapter, but I faced the same issue - my BIOS doesn’t have an option to disable any PCIe slot!
It has a bifurcation option to split lanes on the CPU slot, but no option to disable it, can you believe?
I’ve watched about 10 BIOS walkthroughs on YouTube related to modern X870E or similar top boards (I need as many PCIe lanes as possible in this case), but none of them had even one of the options above.
Exposing NVMe (even encrypted ones) to an untrusted OS like Windows causes a lot of risks:
- A Windows virus (ransomware) may re-encrypt your encrypted drive, even partially, and demand a crypto payment
- Windows apps with admin permissions can still use your drive as a raw block device without accessing the FS
- A Windows virus may change your loader
- A Windows virus may decrypt and steal your data if you use the same password elsewhere
I know this issue is not directly related to Qubes OS, but maybe here I can find somebody who has figured out how to solve it.
I’m tired of reading useless Reddit threads where newbies try to persuade those who ask that they are just paranoid and only need to switch the boot order.
Any ideas?