799: > What would be the better choice regarding attack surface: > disposable netvm+firewallvm vs. mirage-firewall?
You still need a netvm with Mirage, but smallest attack surface alone is disposable netvm + Mirage. "Disposable" doesn't increase or decrease attack surface, though. It helps against persistence- if something managed to compromise sys-net's rw area, it would be gone next reboot. > If I understand it right the mirage firewall has no/less option to be > compromised. > I am using the mirage fw and are only using a fedora-30-minimal based > sys-firewall to get dom0-updates, which can't be done via the mirage > firewall. > > But I'll also change this firewall to a static disposable FW. If you're using Mirage for a firewall, you don't need that fedora-30 sys-firewall inline any more. That might be what you have already done. You could create a sys-update and place it anywhere behind Mirage firewall. > Question: > Afaik the problem when using a static disposable sys-net VM is, that I need > to enter my Wifi Credentials each time, as the VM will be unable to > remember them. > Is there any way tweaking this behaviour? Put them in the custom DVM template you base the disposable sys-net from: https://www.mail-archive.com/qubes-users@googlegroups.com/msg26895.html. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/00b5f68c-28ff-1fca-df84-7047fa7a0c42%40danwin1210.me.
