Hey @tzwcfq
Can you link to a reader that mounts as mmcblc? The one I have mounts as sd. If possible, can you link to one that connects via USB?
Yeah, I don’t expect it to be able to block any malware. But doesn’t it make sense to write-block any files on a system that don’t need to be dynamic? It could potentially block a malware that relies on a persistent modification to anything the write-block protects. Any idea on what other major components of Qubes we can write-block in addition to /boot?
Hey @slcoleman,
This is cool. I didn’t realize these exist. I think this is the solution I would choose. Two concerns I would have are: Can I use RAID? And what would it look like to load as much from the partition as possible? tzwcfq mentioned that we should do this with /boot. What other areas of the file system can we lock down? Also, do you know if it would be possible to write-block only specific files on the partition? I’m trying to figure out how to use Ventoy to boot ISOs but allow persistent Live CD data.