I think the USB part of this makes it inherently insecure.
You were talking about ghosting VMs on drives… why not do this on a secondary internal drive with an encrypted hidden volume? That way you can keep dom0 isolated and avoid the problems associated with USB drives.
I want the option to keep the ghost layer and primary computer separate. Without the external HD attached there would be no trace of its existence. If I make a hidden vault on the internal drive, the hidden vault would be easy to spot, as it will be large.
I’m pretty new to Qubes… but since Dom0 is the master of sys-usb… could sys-usb pipe back to dom0 thru a firewall?
If that wasn’t possible, lets imagine I setup the USB drive, such that it can only be accessed via an encrypted password.txt file on dom0… _ full disk encryption.
So now, I know this USB device can’t practically mount on any other computer.
At that point my risk would be hardware spychips (likely at the manufacture supply chain level)? Correct?
Okay… if I accept that risk, how is the best way to expose the drive to dom0, so I can bind to the encrypted container inside?
Lastly… lets imagine the drive has a spychip: What would be the tells to watch for/scan for/setup a monitor for?
I like that extra level of protection. Drilling down on it, I don’t know if it can expose dom0 to the data on the USB drive, like you said… unless I missed something in the documentation.