I understand that you can save the backup file in the virtual machine of your choice. By default, I see that it is in dom0.
So I created a “backup” folder in my personal documents (on dom0).
I imagine that afterwards the backup file can be copied to the place of my choice? for example, on a USB key or on the cloud?
I’m a bit worried that my encryption password will be saved in clear text on dom0, if I save the default settings. Given that, in principle, dom0 is completely secure, is this really a serious security issue?
Now the backup is finished: the file is in my backup folder. I didn’t restore it, because I read that the restored files would be installed in a sub-folder of dom0. I prefer to avoid losing space on my disk…
So I will regularly (probably every day) make a backup of my system, because I will probably work on it during a whole week, to install all my working environment.
I also make a backup before each delicate operation: for example, if I make updates.
Yes, but since you saved the backup in dom0, you’ll have to copy it out of dom0 into a domU:
You can avoid this in the future by creating the backup in a domU to begin with, if you prefer.
It’s generally not a concern, because if an adversary ever gains access to dom0, it’s game over anyway. Of course, we can always imagine edge cases in which an adversary might be able to glimpse your backup passphrase in plaintext in dom0 without being able to do anything else for some reason. If your threat model includes such scenarios, you may want to just type the passphrase in manually each time instead of saving it in a backup profile.
Not only that, but you probably have all the same domUs still in the system as you do in the backup, and you can’t very well restore a domU that’s already there. However, if you want to verify the integrity of the backup file without actually writing out any data, there’s an option to do that in the restore interface. This is strongly recommended, since a backup that can’t be restored is as useless as no backup at all.
The thing about putting your backups in a AppVM is that if the system ever becomes corrupted you may loose your bootable system and with that your AppVM, and then you loose your backup files as well.
A better choice is to make backups on a separate USB/SATA drive mounted to your destination AppVM (eg sys-usb). Then as a worst case scenario if the system crashes hard, a freshly installed system can simply mount and read the backups from that separate drive to fully recover.
Don’t forget to test your backups periodically to verify everything is working correctly.
Putting encrypted backups on a USB drive or in the cloud is a great idea for most users. However, you can’t (or at least shouldn’t) try to copy/upload backup files directly from dom0 to a USB drive or the cloud. Instead, you should do that from an app qube.
It used to be stored in /etc/qubes but use of that option (save
configuration) has, I think, been remedied. @Phil - run the backup, and then grep MY_PASSWORD -r /etc to check
it isn’t stored there. (If you are exceptionally paranoid cd / && grep MY_PASSWORD -r )
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
As I said, the storing of password has been remedied - now you have to
opt in to save the password - the default is just to save settings, but not the password.
If you didn’t opt to save the password. then you are out of luck here.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.