So, I am using windows and willing to install Qubes along side it. But dual booting qubes is considered unsafe as someone with access to windows can easily modify bootloader of qubes OS.
So, I was thinking may be I can install qubes OS on a partition /dev/sda3 and use the built in encryption. But install bootloader on a removable USB 3.0 drive /dev/sdb1, if it’s even possible. And then install windows 10 on /dev/sda1. That way, QubesOS partition will be encrypted while accessing windows 10 and bootloader will not be available to be tempered with as it’s on a USB 3.0 drive.
So, whenever I need to access my Qubes setup, I will connect the bootloader USB drive and then boot into the /dev/sda3, decrypt and use.
Is it doable? And if yes, will I be able to use other USB devices, sys-usb? or not?