Qubes OS: A reasonably secure operating system

(www.qubes-os.org)

441 points ploggingdev | 1 comments | 19 Nov 17 16:06 UTC | HN request time: 0.222s | source

Show context

notfed ◴[19 Nov 17 20:42 UTC] No.15735828[source]▶

Note that while Qubes OS uses full-disk encryption, it runs on Xen, which does not support hibernate.

This means that, if you use this OS on a laptop, you'll be vulnerable to cold-boot attacks, even after you close your lid, unless you configure it to shutdown on lid close. (I.e., if a highly skilled adversary steals your laptop then, even if your laptop lid is closed, they will be able to read your RAM and therefore decrypt your entire hard drive.)

Despite the major security implications, it doesn't sound like a fix will be implemented any time soon. [1]

[1] https://github.com/QubesOS/qubes-issues/issues/2414

replies(2): >>15736066 #>>15736180 #

freeloop3 ◴[19 Nov 17 21:58 UTC] No.15736180[source]▶

>>15735828 #

Silly. If you did fully shutdown, you're now much more vulnerable to an evil maid attack, which that same advisory could employ. And now you haven't been tipped off there was an attack to begin with.

replies(1): >>15738272 #

1. notfed ◴[20 Nov 17 06:50 UTC] No.15738272[source]▶

>>15736180 #

Hmm, I commend your point, however I think there is room for debate on both sides.

To defend hibernation/shutdown: if I lose my laptop or it is stolen, and I realize I will never see it again, then at least I will have peace of mind that no one can ever recover the data, assuming I had a strong password.

An evil maid attack assumes I will have the laptop in my possession again. This is a different problem, and requires different measures to defend against. I'm interested in hearing why you think leaving a laptop in sleep mode protects it from an evil maid attack.

↑