Many users have been requesting plausible deniability in Qubes in some form, either for the installation as a whole or specific qubes. RELIANT is a project that provides multi-level plausible deniability in Qubes via Shufflecake, a modern deniable encryption system.
- dom0 is made live/volatile via intrinsic systemd functionality.
- Deniable qubes are stored in Shufflecake volumes.
- During boot you enter the standard LUKS password for dom0, and the Shufflecake password for the top volume you want to decrypt.
- RELIANT facilitates this through initramfs and userspace tooling.
We emphasize the importance of preventing and avoiding leakage of any information, direct or indirect, about the hidden volumes and qubes within. This is largely addressed by moving dom0 to RAM, supported by hash verification of non-volatile storage media. But there are side channels we cannot address, such as traffic analysis or eavesdropping. For more information, see the README.
The project is in a highly experimental state and uses several features not officially supported by QubesOS, and I do not have the time or resources to maintain a fork. However, subject to the developers’ approval, I can start working on patches that will bring the necessary functionality into core Qubes codebase.
If anyone is interested in testing the system, I would be happy to provide support if you contact me. I have tested it myself and it does work, but as a developer I will inevitably be biased, especially regarding usability and convenience.
Q: How to update dom0 or templates?
A: There is a Maintenance Mode which can be entered by erasing systemd.volatile=overlay from the GRUB command line.
Q: Does volatile dom0 require lots of RAM?
A: Not really - most devices which can run Qubes, can run RELIANT as well.
Q: How to copy files between qubes?
A: Never copy directly between hidden qubes in different Shufflecake volumes - this will reveal the source qube’s existence and name to the target. Use a proxy disposable qube.
Q: What are the prerequisites for installation?
A: Enough free space on disk for the Shufflecake partition, a bootstrap qube with Docker, good knowledge of Linux and Qubes for troubleshooting.