Hello, just giving an update even though i’m very late to the party.
I rewrote this one tutorial you mentionned for the 5th time recently, although i confess it wasn’t on Qubes, but on a Kicksecure Host OS, now that they fixed their ram-wipe luks problem and provided an ISO to install the OS directly. Here are the 5 updated tutorials on this topic, in order:
http:// blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd .onion/opsec/linux/index.html : installing kicksecure as a host OS
http:// blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd .onion/opsec/livemode/index.html : installing ram-wipe, and using the host OS in live mode to prepare for long-term sensitive use
http:// blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd .onion/opsec/veracrypt/index.html Full disk encryption using Veracrypt (but on a non-system drive)
http:// blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd .onion/opsec/sensitivevm/index.html and finally the Sensitive VMs setup, where we just put whonix VMs in said veracrypt hidden volume.
This setup relies on 2 critical parts:
- the Host OS being in live mode with ram-wipe activated makes it possible to erase all forensic proof that may remain in the system drive of the hidden volume presence’s on the non-system drive upon rebooting the computer
- the veracrypt volume being on an entire non-system drive makes it so that the data actually gets saved even though the host OS is in live mode.
this is probably doable in qubes, i just didn’t explore it yet.