How to restore Qubes OS from Cloud backup quickly and securely?

Rhys-Hussain · June 29, 2022, 4:31am

Upload encrypted backup to cloud and then remove all your data on your computer can be a solution to prevent data leak before someone checking your computer which is mentioned in Feature Request: Peace of mind when crossing borders.
Normally we will do this

Copying the ISO onto the installation medium
Install Qubes OS from the medium
Download encrypted backup from cloud
Decrypt backup
Use Restore Backup to restore from backup

Is there any way to backup whole disk of Qubes OS so we can skip first two steps? Is this same as backup LUKS encrypted disk?

unman · June 29, 2022, 12:00pm

You can use dd to copy the whole disk - the image will be large and
unwieldy, and downloading it will be painful. But you can do it.
I really wouldn’t.
As a useful guide, how much actual data do you have to use the other
side of that border? Compare that to the size of your disk image.

If you are seriously worried about crossing borders, you should also
consider whether you are happy to put all your data at risk on the
other side of that border.

I salt my qubes, and store encrypted salt states online.
When travelling, if necessary, I use a clean oem disk. Reinstall
Qubes on a blank disk, and then selectively salt the qubes I want.
Restore the actual data I need.
It’s fast and precise.
It also has the advantage (like the “restore backup” method) of actually
using backups - taking a disk image is almost never a good backup.

I do take disk images of clean Qubes installs, particularly on test
machines.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

wizardofhoms · July 14, 2022, 1:10pm

Hello @unman,

Since I consider setting up a backup system in the cloud as well, and since I’m relatively new to managing Qubes through Salt, I would like to know if your notes here (notes/salt at master · unman/notes · GitHub) are a good entrypoint on achieving this…
Any further help of pointers will be greatly appreciated !
Thanks

unman · July 15, 2022, 3:05pm

Those are notes for training sessions - they aren’t polished in any way,
but they are good enough.
I think that together with the official Qubes documentation, and the
numerous examples, they are enough to get most people used to working
with salt in Qubes.
I’m always happy to answer questions about salt, and help with concrete
examples.
My aim is for simplicity and clarity - I don’t usually introduce
beginners to templating, for example. You need to walk before you can
run.

Rhys-Hussain · August 16, 2022, 9:52am

Using dd is a bad idea, I recently destroyed my data because of this.

What I have done:

dd from nvme0n1 to nvme0n2 in PC1
Use nvme0n2 in PC2
Format nvme0n2 in PC2 because of some reason
Do 1 again, which destroyed my data, it’s like dd from nvme0n2 to nvme0n1. I think computer was confused which is nvme0n1 and nvme0n2 after dd.

enmus · August 16, 2022, 10:57pm

Both we were taught.

kenosen · May 3, 2023, 6:51pm

This sounds like a great streamlined solution; I wonder, though, where do you restore the data from. If the salt files can create the qubes, I still need to store the data (say, an ecnrypted file of text documents) in the cloud along with the salt files. What I’ve done in the past is backup the one Qube where I keep my sensitive work, email it to myself and delete the qube from my laptop, then download and restore when safe.

Then again, maybe that’s not the most secure solution and perhaps doesn’t account for a backup/restore failure.