Side booting another Linux? (qubes on different partition)

What are the risks of booting another (not Qubes) Linux on the same machine as where I run my Qubes?

What are the risks of the normal Linux compromising my Qubes drive?

To be extra safe, would you only install Qubes on an external drive and keep it disconnected while booting the other OS, or do you think this doesn’t matter? (It would be convenient to have both on internal drives of course, just worried it’s less secure.)

There are quite a few threads on this forum that explain this.

The general gist of it is that if you run something else that has access to your Qubes OS drive/partition, it generally has unrestricted access to touch/alter any part of that partition.

It isn’t necessarily “normal Linux”. It’s the fact that it will treat your Qubes OS install just like a normal drive, and likely won’t stop anything nasty (or innocent, for that matter) from making modifications, both innocent or malicious, to your Qubes OS install.

This would definitely stop your Qubes OS install from being treated as “just another drive”, for sure.

But this wouldn’t protect your Qubes OS install from any firmware attacks.

I’m not saying that your device firmware is necessarily “compromised”.

It might be, it might not be.

I’m saying that when Qubes OS is the booted operating system, there will be more roadbloacks, checks and balances in place between the high-level stuff (web browser, website code, userspace, AppVMs, etc.) and the low-level stuff (dom0, PCI device firmware, drivers, BIOS, etc.) than a regular monolithic GNU+Linux-based operating system.

Because of this, it’s a lot more difficult to get from the usual attack vectors (USB drive, web browser, GNU+ Linux root user, etc.) to the mission-critical stuff (such as the BIOS) :slight_smile:

DISCLAIMER:

Terminologies like “secure”, “compromised”, “attacker”, etc., are incredibly subjective, and there is no universal definition of any of these.

The only definition of “secure” that even remotely resembles anything universal is:

  • My computer is performing the tasks that I want it to do successfully
  • To the best of my knowledge, my computer isn’t doing anything I don’t want it to do, or anything that I am not prepared to accept
  • If my computer is doing something I am not aware of or would not be prepared to accept, I am in blissful ignorance thereof”.

Absolutely, it would.

One way is to use LUKS encryption or similar on the other drive/partition, using a different key. Assuming that your RAM/hardware components aren’t backdoored, as long as you never decrypt the other drive, it should be sufficient.

2 Likes

I should qualify this.

This will likely prevent you from anyone being able to alter your partition. AES-XTS is (currently) very resistant to any attacks that try and alter the data.

But it does not stop anyone from:

  • copying the encrypted data
    • …for later brute-forcing in their lab
    • …in extreme cases, for later extortion/coercion
  • outright deleting/shredding the partition
    • "I don’t know exactly what’s on it, but I know it’s important, so bye-bye!"
  • for those drives that allow firmware updates, interacting with the firmware of the encrypted drive to make it do something nasty
  • finding and exploiting any vulnerabilities in any other hardware component that is involved in LUKS decryption processes
    • RAM
    • CPU
    • Motherboard
    • LUKS binaries
    • initramfs
    • any other relevant component I haven’t listed here

There are other things that can be done that have always been way beyond the scope of LUKS encryption.