On 08/20/18 12:49, Chris Laprise wrote:
On 08/20/2018 11:34 AM, tierl...@gmail.com wrote:
What's the most convenient way to wipe these images? (I'm just talking
about individual VM images)
To clarify on your first question: Since encryption is protecting the
storage pool that contains the disk images and its on an SSD, the only
sure way to 'wipe' them in general (not just in the other-VMs-can't see
the data sense).... is to throw away the encryption passphrase. This
makes the entire pool unusable, but if this seems like a problem you can
configure more than one storage pool each with its own encryption
key+passphrase and store VMs inside them.
With an Opal 2.0 SSD you could create a "locking range" for the volatile
portion of the VM file system, using sedutil-cli then when destroying
the VM you simply run it with the '--eraseLockingRange' command which
essentially flips the key bits associated with that region of the SSD.
The logic built into the drive will ensure the erase of the physical
memory mapped into that SSD's defined locking range[n].
sedutil-cli
--setupLockingRange <0...n> <RangeStart> <RangeLength> <password> <device>
--enableLockingRange <0...n> <Admin1password> <device>
--disableLockingRange <0...n> <Admin1password> <device>
--eraseLockingRange <0...n> <password> <device>
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f2019579-5ab4-5f5f-0278-aefd757df080%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.