The tool `qvm-get-image` in `dom0` is really poorly explained. No manual
and `--help` only says "Secure copy of images between virtual machines."
One must visit the
[code](qubes-app-linux-img-converter/qvm-get-image at main · QubesOS/qubes-app-linux-img-converter · GitHub)
to try to understand, but I see the developers have been doing (much
work)[https://github.com/QubesOS/qubes-issues/issues/6425\] just for the
non-tech so I don't understand why such very simple thing (a good
explanation for `qvm-get-image`) isn't existent even though it can be
essential[^1] in many cases.
My question is on `qvm-get-image` security. How does it work? My guess is
`qvm-get-tinted-image` what's used in `dom0` to retrieve app icons from
VMs, including untrusted ones. Since `qvm-get-tinted-image` is the same as
`qvm-get-image` with extra tint, as can be seen in the
[code](qubes-app-linux-img-converter/qvm-get-tinted-image at main · QubesOS/qubes-app-linux-img-converter · GitHub),
my guess was `qvm-get-image` is completely secure to use.
I'm posting this because I won't take the risk of *compromising* `dom0`*
with a *guess*. Also because I saw:
[quote="unman, post:4, topic:5084"]
Well they are not widely advertised or promoted, and they do have some use.
They were introduced as tradeoff between security and usability.
I still prefer the “full screen and screenshot” route for backgrounds.
[/quote]
I'm also posting this as **a suggestion for adding more explanation to
`qvm-get-image` tool**, e.g.
Secure copy of images between virtual machines. Use with confidence to
get any image you want from any VM into dom0.
especially since `dom0` *already did that countless times* for all the app
icons in the app menus.