Is it more secure to buy a secondary external SSD instead of internal SSD?
Assuming you actually mean use (not buy), the question is: Secure against what?
- PCI devices get attached to dom0 which is bad for security.
How exactly?
qvm-device pci listwill show that both internal SSD devices are attached to dom0. So the SSD that you install qubes os on is attached to dom0. That is also the device that you create qubes on and run the qubes on.
If you have a secondary device, it would have to be used the same way. If everything is set up properly, you should not be able to attach a USB drive to dom0 the way you attach it to domUs (through sys-usb).
This is where my lack of knowledge raises the question about the 1st/primary internal SSD which qubes os is installed on, it seems like it’s contradicting with dom9 is supposed to be isolated from partitions etc. But it’s not as the
qvm-device pci listshows.
- Device != partition.
- USB controllers are PCI devices (run
lspciin dom0 and you will see them).
What you quoted doesn’t mean dom0 should be isolated from any partition - that is impossible because it must boot and run somehow. What the quote means (my understanding, w/o having read that topic) is that you should not mount non-dom0-specific partitions in dom0. For instance, you should not directly mount a domU image in dom0 dir and play with the files in it.
So my concern is because we create all kinds of qubes and disposables and untrusted VMs which uses the same pci storage device as dom0 is using, that seems like a “serious” (whatever serious could mean) attack vector.
Can you describe the attack?
So this topic is about the secondary SSD. If we make it internal with PCI, then it will have the same problem. But if we make it external with USB then it uses sys-usb which isolates it from dom0 which should be more secure.
Consider this: Unlike USB devices, PCI ones can’t simply switch to keyboard mode and start typing in your dom0. You may want to read about BadUSB, Stuxnet and similar.