So I found this need enclosure on amazon. It allows you to present up to 4 VHDs/ISOs to the computer as disks and toggle the removable/fixed status. Iodd-ST400 - iODD
It will support fixed size VHDs and VMDKs, and I think it actually presents the drive to PC as a real disk (not the boot from VHD option in windows). I’m pretty sure I can convert my current real disk to one of those formats. I currently use a 2TB high-end SATA SSD and feel like I don’t need that much space for just Qubes, but haven’t tried to dual boot to avoid cross contamination. It appears this option will allow me to multi-boot without the other drives (virtual disks) being aware of each other. I can hotadd a normally offline backup volume too.
The obvious concern is that I would be putting a lot of trust in the enclosures software, but I can at least still use the typical encyption provided by qubes. Another concern is when the disk is put into admin mode the whole drive contents are accessible, so I’d want to avoid mounting in that mode when using on other OS’s and stick to containerized VHDs for seperate portable storage.
EDIT: The mfgr documentation says to avoid full OS encryption and specifically calls out bitlocker. I think I’m going to buy one and test it out. Combined with an 8TB Samsung QVO this is quite a powerful combination
All of my computers have at least 2 USB controllers so I’ll be able to isolate the controller with the boot drive. I figured I’d include my bolt keyboard and mouse on it too to completely segregate trusted USB. It comes in the mail today, I plan on attempting this weekend.
It would be interesting to use the hotswappable “virtual disks” as a form of PD. I can boot up qubes and itll just look like an innocent homelab experiment, but if I specifically attach a certain VHD i’ll have access to sensitive VMs. I can more comfortably leave qubes online and locked because I can isolate sensitive parts at will. I’ll have to figure out how Qubes reacts to having volumes with qubes on them come and go, might have to do some scripting
Here’s an update:
I got the device working its pretty nifty, you can present 3 VHDs to your PC at the same time and one ISO, unfortunately the read/write speed is around 225MBps, and thats with sequential. I don’t really want to use Qubes with storage that slow, but maybe if I have time I’ll test it out as a proof of concept.
Now I think I’ll just stick to swapping out nvme’s on my caseless mini PC, ive got a quick m.2 latch so it only takes seconds.