Hello, I had a lot of Qubes users ask me about this, so I thought I’d share with the community via the mailing list.
I just published a guide on how to use a kill cable (USB magnetic breakaway) on QubesOS. The article describes how to setup scripts in dom0 and sys-usb such that when the cable’s connection is severed (eg if an adversary physically snatches your laptop away from you while you’re working), then a user-configurable script is executed.
In this guide, I provide scripts (all GPL) for:
- locking the screen,
- doing a soft shutdown,
- doing a hard reboot, and
- executing a “self-destruct” trigger that wipes the LUKS Header, such that the entire QubesOS root FDE volume is indistinguishable from random data – protecting its LUKS-encrypted data even from rubber-hose cryptanalysis (read: giving-up your boot password under torture won’t be able to decrypt the data after this script runs).
It works with any USB cable, but I think it’s helpful to have one with a magnetic breakaway.
Hope this helps,
Michael Altfield
PGP Fingerprint: 0465 E42F 7120 6785 E972 644C FE1B 8449 4E64 0D41