Friend, I wish you robust health! Thank you for the guides you create!
In fact, Qubes, like any other Linux, normally boots in an overlayfs using the standard dracut modules that work on all Linux systems and launch the root in tmpfs. One of those modules is published here Qubes in tmpfs 🤫 - #86 by linuxuser1. I’ve also tested several other modules from GitHub - it all worked in Qubes. The dom0 logs are completely erased. The entire system operates with amnesia when installing Qubes with Btrfs.
If you decide to make DVMs resistant to forensic analysis, you can improve or simplify the solutions for a dom0 live in ZRAM (a dom0 running in tmpfs requires a lot of RAM, but this approach with ZRAM significantly reduces memory consumption, and even systems with 16 GB of RAM work well with DVMs and AppVMs in live mode).
However, you don’t pursue the goal of protection against forensic. Therefore, your solution is very good. I constantly use it whenever I need to run a browser in persistent mode.
3 Likes