To those interested in fully stateless (anti-forensic) use of Qubes Stateless, this is an important update.
@Bob3 et alโฆ
I did some further digging into and testing of Qubes Stateless operations.
It seems there are some lingering issues & caveats with achieving fully stateless (anti-forensic) use of Qubes Stateless.
1. Dom0 Still Swaps to Storage Drive
More info here on Wikipedia for those not familiar with what swap is.
It appears that Dom0 Swap is still enabled with each system restart, and that @xuyโs recommended command sudo swapoff -a in post #18 for turning off Dom0 Swap is only temporary for any given Persistent mode session or Stateless mode session, but doesnโt last beyond restart (or maybe even a logoff?).
We need to come up with a persistent way to disable Dom0 Swap. I havenโt researched this yet.
In the meantime, you should run the temporary command in the Dom0 Terminal at the beginning of every new Qubes Stateless sessionโฆ
sudo swapoff -a
2. AppQubes Typically Created in โvarlibqubesโ Still Partially Using Storage Drive
While testing in Qubes 4.2-RC4, I discovered that creating an AppQube that is based on a TemplateQube and setting the storage pool to โvarlibqubesโ stores everything in Dom0โs /var/lib/qubes directory, EXCEPT for one thing Iโve foundโฆ
Running in Dom0 Terminal:
lsblk
lsblk | grep YOURQUBENAME
โฆreveals that your AppQube is still storing its โrootโ volumes on your storage drive.
Here, you can clearly see volumes named โqubes_dom0-vm--YOURQUBENAME--root--snapโ.
These โrootโ volume can write sensitive data during your Qubes Stateless session to your persistent storage drive, which could potentially be recovered from the storage drive.
For a fully stateless workaround with AppQubes, see the approaches in โ4. Workarounds for Fully Stateless AppQubes & DisposableQubesโ.
3. DisposableQubes in Stateless Mode are Typically Not Fully Stateless
You should be aware that typical default configurations of DisposableQubes while in Stateless mode are not fully stateless and store their data on your storage drive.
For a fully stateless workaround with DisposableQubes, see specific approah โcโ in โ4. Workarounds for Fully Stateless AppQubes & DisposableQubesโ.
4. Workarounds for Fully Stateless AppQubes & DisposableQubes
Thankfully, there seems to be a fully stateless workaround for the issues I described in โ2. AppQubes Typically Created in โvarlibqubesโ Still Partially Using Storage Driveโ and โ3. DisposableQubes in Stateless Mode are Typically Not Fully Statelessโ, although quite costly in some RAM spaceโฆ
You can take a few different approaches to resolve this fully stateless issue now:
- a. Instead of using AppQubes based on TemplateQubes, you could alternatively create StandaloneQubes in the โ
varlibqubesโ storage pool, which appear to store ALL data in traditional image files within Dom0โs โ/var/lib/qubesโ directory. This is very costly in Dom0 RAM, as it copies your entire TemplateQubeโs OS into Dom0 RAM space for each StandaloneQube you make, whether it is actively running or not, which is usually multiple extra GBs per qube, in addition to the RAM it takes to store any user files and the RAM it takes to run and operate the qubeโs OS & apps.
- b. You could create a new TemplateQube from the previous TemplateQube you want to use, but store that new TemplateQube in the โ
varlibqubesโ storage pool. Then create a new AppQubes based on this new TemplateQube, and store this new AppQube in the โvarlibqubesโ storage pool too. Now, when you use this new AppQube, it appears to store ALL data in traditional image files within Dom0โs โ/var/lib/qubesโ directory. This is as costly as the other method for the first AppQube, but you do not have to copy & store the entire TemplateQube OS root filesystem for every AppQube you want to make with it, so this saves a lot of RAM space for using more than one qube.
- c. Like โbโ, you could create a new TemplateQube from the previous TemplateQube you want to use, but store that new TemplateQube in the โ
varlibqubesโ storage pool. Then create a Disposable Template by creating new AppQubes based on this new TemplateQube, and store this new AppQube in the โvarlibqubesโ storage pool too. After creation, in the settings of this AppQube, under the โAdvancedโ tab, you can check to turn on โDisposable templateโ and after applying also select โDefault disposable templateโ to either be โ(none)โ or that very same AppQube itself. Now, you can use both this TemplateQube and Disposable Template AppQube to create new AppQubes and DisposableQubes fully within the โvarlibqubesโ storage pool. This is likely to generally be the most desirable approach for most people.
Here is an example implementation of approach โcโ:
Letโs say you want to base some of your fully stateless qubes on the โdebian-12-xfceโ persistent template.
-
- In Persistent mode: Create & Configure a new TemplateQube named โ
debian-12-xfce-statelessโ based on โdebian-12-xfceโ and choose to store it in storage pool โvarlibqubesโ (Advanced tab).
- In Persistent mode: Create & Configure a new TemplateQube named โ
-
- In Persistent mode: Create & Configure a new AppQube named โ
debian-12-xfce-stateless-dvmโ based on โdebian-12-xfce-statelessโ and choose to store it in storage pool โvarlibqubesโ (Advanced tab).
- In Persistent mode: Create & Configure a new AppQube named โ
-
- In Persistent mode: After creation, for the AppQube โ
debian-12-xfce-stateless-dvmโ, change the โAdvancedโ tab setting โDisposable templateโ to be checked as turned on (click Apply), then the โDefault disposable templateโ to either be โ(none)โ or โdebian-12-xfce-stateless-dvmโ itself.
- In Persistent mode: After creation, for the AppQube โ
-
- In Persistent mode: Create & Configure any new AppQubes based on โ
debian-12-xfce-statelessโ that you want to exist across multiple stateless boot sessions and choose to store them in storage pool โvarlibqubesโ (Advanced tab).
- In Persistent mode: Create & Configure any new AppQubes based on โ
-
- In Stateless mode: You are free to now use any AppQubes based on โ
debian-12-xfce-statelessโ and DisposableQubes based on โdebian-12-xfce-stateless-dvmโ, which appear to remain fully stateless by storing ALL data in traditional image files within Dom0โs โ/var/lib/qubesโ directory (that directory gets wiped and reset back to match the state of your last persistent session once your stateless session is powered down).
- In Stateless mode: You are free to now use any AppQubes based on โ
One may need to think about re-creating more or all of their systemโs various types of qubes to be fully stateless like this, if needing such levels of statelessness. It should be possible to make every single qube on oneโs system be fully stateless in โvarlibqubesโ storage pool.
With higher fully stateless RAM space demands, you may need a computer with higher amounts of hardware RAM and an increase to the โ dom0_mem=max:10240Mโ setting in my Qubes Stateless step-by-step instructions to be set meaningfully higher than โ10240Mโ.
5. The Pull Out Method 
One approach I experimented with last year was to boot from a USB drive, and once Qubes Stateless was at the login screen, I just pulled out the USB drive, and the system seemed to continue working fine.
I havenโt done further testing on this approach yet, but it could be a powerful hardware enforced method for ensuring you are fully stateless.
Qubes Stateless is an advanced hybrid state system, so controlling your level of statelessness can be a complex thing to manage, if desiring to be fully stateless.
Feel free to ask questions and provide further thoughts. 