On 8/10/19 5:28 AM, 'awokd' via qubes-users wrote: > 799: > >> What would be the better choice regarding attack surface: >> disposable netvm+firewallvm vs. mirage-firewall? > > You still need a netvm with Mirage, but smallest attack surface alone is > disposable netvm + Mirage. "Disposable" doesn't increase or decrease > attack surface, though. It helps against persistence- if something > managed to compromise sys-net's rw area, it would be gone next reboot. > >> If I understand it right the mirage firewall has no/less option to be >> compromised. >> I am using the mirage fw and are only using a fedora-30-minimal based >> sys-firewall to get dom0-updates, which can't be done via the mirage >> firewall. >> >> But I'll also change this firewall to a static disposable FW. > > If you're using Mirage for a firewall, you don't need that fedora-30 > sys-firewall inline any more. That might be what you have already done. > You could create a sys-update and place it anywhere behind Mirage firewall. > >> Question: >> Afaik the problem when using a static disposable sys-net VM is, that I need >> to enter my Wifi Credentials each time, as the VM will be unable to >> remember them. >> Is there any way tweaking this behaviour? > > Put them in the custom DVM template you base the disposable sys-net > from: > https://www.mail-archive.com/qubes-users-/jypxa39uh5tlh3mboc...@public.gmane.org/msg26895.html. >
Sorry how is this done, I don't really follow along with the URL link how to store the wifi credentials in custom-dvm-template ? regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3038a47a-b816-9c10-b52d-43b4458adcc4%40riseup.net.
