I trust LUks2 encryption. But like we all know there is a risk that an adversary jumps on you while your laptop is decrypted and access everything. I know Tails OS has the option to unplug the USB drive so the system shuts down and wipes the memory in case of emergency. In Qubes it’s a bit complicated.
But i’m wondering if i use Qubes on an external drive and i unplug the external drive while my Qubes was running decrypted. Will the adversary still have excess to sensitive information, like keys, stuff etc? I mean would unplugging an external hard drive while Qubes is running help to protect your data or is it useless?
Will the adversary still have excess to sensitive information,
like keys, stuff etc?
Possibly. It depends on how fast the keys degrade in RAM. There
isn’t a formula for this AFAIK. To give the keys more time to fade away,
use a machine with soldered-on memory.
Best to have good enough OPSEC that you aren’t targeted like this
to begin with.
You can use memory encryption to protect your system against a lot of memory attacks, including physical attacks like cold boot.
Intel calls their technology Total Memory Encryption (TME) and AMD calls their Secure Memory Encryption (SME). Intel current tech is Total Memory Encryption Multi-Key (TME-MK), which can do things like encrypt the memory of different VMs with different keys.