On 08/20/18 12:49, Chris Laprise wrote:
On 08/20/2018 11:34 AM, tierl...@gmail.com wrote:
What's the most convenient way to wipe these images? (I'm just talking about individual VM images)

To clarify on your first question: Since encryption is protecting the storage pool that contains the disk images and its on an SSD, the only sure way to 'wipe' them in general (not just in the other-VMs-can't see the data sense).... is to throw away the encryption passphrase. This makes the entire pool unusable, but if this seems like a problem you can configure more than one storage pool each with its own encryption key+passphrase and store VMs inside them.

With an Opal 2.0 SSD you could create a "locking range" for the volatile portion of the VM file system, using sedutil-cli then when destroying the VM you simply run it with the '--eraseLockingRange' command which essentially flips the key bits associated with that region of the SSD. The logic built into the drive will ensure the erase of the physical memory mapped into that SSD's defined locking range[n].

sedutil-cli


--setupLockingRange <0...n> <RangeStart> <RangeLength> <password> <device>
--enableLockingRange <0...n> <Admin1password> <device>


--disableLockingRange <0...n> <Admin1password> <device>
--eraseLockingRange <0...n> <password> <device>

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f2019579-5ab4-5f5f-0278-aefd757df080%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.

Reply via email to