-I am using qubes on external hard.
-My Dom0 Desktop can read my internal hard and I can access the files on it .
my question is “if my internal hard compromised can it compromises my qubes -running on external hard -”
My first thought is, “it shouldn’t.” That said, are there any circumstances where dom0 might read the drive, and are those attack vectors?
1 Like
First, it’s generally not recommended to dual boot a qubes system unless you are simply testing it out.
While Qubes by default does not expose USB mass-storage devices to dom0, any internal drives are attached to dom0 by default. Note that the non-boot device file systems aren’t parsed and mounted by default…but the partitions are parsed and shown in /dev.
EDIT: I take back the part about the internal drive filesystem not being parsed. I tested by attaching a second internal drive and powering up. I found that a local NTFS volume name shows up associated with the block device in the Qubes device widget. At a minimum, some parts of the filesystem are scanned by components of dom0.
There’s a kernel parameter for libata (originally via a patch, now in mainline kernels) to disable ATA or SATA drives at boot time discussed here: boot - How can I tell linux kernel to completely ignore a disk as if it was not even connected? - Ask Ubuntu
If the other drive is NVME, I’m less certain if there is a solution.
B
2 Likes
I think we need more info here.
If the question only this, the the answer is a simple yes.
But as others are explained, in case of a dual boot, there are many more - and much more dangerous - attack vectors you are facing into.
1 Like
Any different thoughts here ?
Clarified post title and moved to “General Discussion” … this is clearly Qubes OS specific and as such off-topic in “All around Qubes”
1 Like