As @jevankhelped me on my previous step in order to set my dispxxx based on a win7-diisposable-template to work, here’s hoipefully the last one (set aside the audio, hahaha).
Why I’m trying to achieve this? Since I don’t trust Windows, and currently write/read is possible to a private disk Q, I have restricted user user more than built-in guest account is. User can only read from Q: I have disabled Run as administrator, and only Run as different user is possible if there’s a need for it.
All programs and files are actually on the other disk which I need to attach to dispxxx while it’s running.
I assume this way it is less trivial to compromise my dispxxx, while assuming the other disk is compromised anyway - basically I don’t care about the programs and files on it.
So, is there a way to issue a command, or some script which would basically attach the second disk to a dispxxx. Something like
qvm-block attach --persistent dispVM dom0:sdg
I have tried this command while dispxxx is running (with disp1209 instead of dispVM, of course), but attaching fails causing qube to be forcibly shut down.
It’s now obvious that most probably it doesn’t matter why I’d like to issue this command, since the way I 'd want to attach it is regular - either via device widget, or via terminal, which I neither succeed.
Attaching succeeds with --persistent when a VM is non-dispxxx.
Thanks again for taking the time to respond @jevank
There is no problem with Q. English is not my first language, and basically I just wanted to explain how I additionally hardened Win7 dispVMs and that it is the reason why I use only second HDD to store files and programs.
Of course I did, but when starting dispxxx based on it, attaching the second disk to dispxxx isn’t invoked/triggered.
I guess it sound logic, because any persistence should be somehow specifically and manually transferred from dispVm template to it’s dispVMs. But how?
It would be great if somehow this could be achieved like bind dirs is used in other cases…
For this you’ll have to use a named DisposableVM, as opposed to ephemeral disp1234 DisposableVMs.
Qubes currently doesn’t support configuring a DisposableVM Template so that every DisposableVM created from it (possibly more than one, running in parallel!) would start with a certain device attached. And it would only make sense for some use cases - read-only block devices come to mind.
Yes, I’m already using that as a workaround, as discussed in a quoted topic
It’s not that I insist on this, but the problem is that attaching this second block device isn’t possible to any Windows qube without --persistent parameter, while it is possible to attach it without this parameter to any Linux based qube.
So that is why I’m trying to find a way to attach this HDD to a win dispxxx qube anyhow.
I installed them all except network drivers from the very beginning (tried them to by setting networking manually and it worked just fine), but unfortunately it doesn’t do.
I read and tried probably everything on the subject before asked. It’s my principle.
What logs I could investigate?