Whonix Workstation vs Hardened Gentoo (ClipOS) Template Disk Encryption

Which of these templates is more secure from a disk encryption standpoint? Whonix workstation with
no network access or a hardened Gentoo template (like ClipOS) with no network access?

Can you clarify what your threat model is? Which attack are you trying to prevent?

compromised dom0 with xen-blkback disk r/w access.

Nothing will save you from a compromised dom0. It has full access to everything. However it’s extremely hard to compromise. How would it be done?

Could it be done via encryption libraries within dom0? Because encryption/decryption is still done in dom0 unless the splt-dmcrypt shell script is applied (this should really be a saltstack script).

You have to trust that all code in dom0 is not malicious: Security-critical code | Qubes OS

There is a big community constantly verifying this code, and you can help too.

If it’s buggy though, it’s not that dangerous: Security-critical code | Qubes OS

Encryption library doesn’t parse your data; it treats it just as zeroes and ones, so it doesn’t matter if some of it could be malicious (just like with the copy-paste content and moving files across VMs).

this is dm-crypt you are talking about right?


By default, Qubes OS uses LUKS/dm-crypt to encrypt everything except the /boot partition.

From the Wikipedia:

The dm-crypt device mapper target resides entirely in kernel space, and is only concerned with encryption of the block device – it does not interpret any data itself.