I know that Qubes OS disk is encrypted. My request is for additional security feature that have disposable encryption.
Reason: Non of the vm is encrypted and they write data directly on the Qubes OS disk.
Request: on every login Qubes OS ask user to enter a 15 character random password. user need not to remember anything. Using this password Qubes OS fast encrypt the free disk space again. This will remain untill the shutdown/ reboot.
What happen on next boot and login:: As all free space was encrypted by a strong password in previous session. So all deleted files/ temporary files/ disposed or deleted vm’s data everything undesirable will get dumped under that non recoverable encryption. Now user asked to enter 15 digit password again.
benefit: even if someone got physical access to the computer along with disk encryption and user password. Still all previous data will be unrecoverable.
This already exist, I think you can tweak it with qvm-volume?
many have begged for years to get a seamless implementation of VM level encryption of Qubes. The most illogical arguments against it that you should just give up any hope of seeing it happen.
You can use the solutions from this guide. dom0 runs in RAM. You just need to create appVMs in varlibqubes, and then it becomes impossible to recover data from previous sessions Qubes in tmpfs 🤫
And use this great solution if you have limited memory Really disposable (RAM based) qubes