Qubes in tmpfs 🀫

Original forum link
https://forum.qubes-os.org/t/11127
Original poster
xuy
Editors
deeplow
Created at
2022-04-28 10:13:50
Last wiki edit
2023-09-07 05:19:25
Revisions
2 revisions
Posts count
67
Likes count
63

You can use your QubesOS πšœπšπšŠπšπšŽπš•πšŽπšœπšœ just like TailsOS, with persistent storage for VMs. That is pretty simple! It takes 6Gb of extra πšπ™°π™Ό (for store root filesystem files).

The steeps:

  1. Install QubesOS, boot to it and make base configuration: screen resolution, keyboard layout, etc.

  2. Edit kernel parameters variables at grub settings file /etc/default/grub:

GRUB_CMDLINE_LINUX="... πš›πš.πš‹πš›πšŽπšŠπš”"
GRUB_CMDLINE_XEN_DEFAULT="... dom0_mem=max:10240M ..."
The πš›πšπš‹πš›πšŽπšŠπš” option - drop to a shell at the end (see πš–πšŠπš— πšπš›πšŠπšŒπšžπš).

  1. Generate grub2 config and reboot PC:
sudo grub2-mkconfig | sudo tee /boot/efi/EFI/grub.cfg
reboot
  1. "π™Ώπš›πšŽπšœπšœ π™΄πš—πšπšŽπš› πšπš˜πš› πš–πšŠπš’πš—πšπš’πš—πšŠπš—πšŒπšŽ", then copy files from SSD to πšπ™°π™Ό:
umount /sysroot
mkdir /mnt
mount /dev/mapper/qubes_dom0-root /mnt
mount -t πšπš–πš™πšπšœ -o size=100% none /sysroot
cp -a /mnt/* /sysroot

Hooya! Your πš€πšžπš‹πšŽπšœπ™Ύπš‚ πš πš˜πš›πš”πš’πš—πš πš’πš— πšπ™°π™Ό.

You can create a πšπš›πšŠπšŒπšžπš module to automate the steep four, if that makes sense.

Then the volume

  1. Mount a special πš‘πš’πšπšπšŽπš— partition to /opt

  2. Create qubes VMs files at varlibqubes pool

qvm-create -P varlibqubes --class TemplateVM --label black debian-10-pool
qvm-create -P varlibqubes --template debian-10-pool --label blue darknet-i2p
  1. Change the path via symlinks to access the VMs:

sudo rm -Rf /var/lib/qubes/vm-templates/ ; ln -s /opt/vm-templates/ /var/lib/qubes/
sudo rm -Rf /var/lib/qubes/appvms/ ; ln -s /opt/appvms /var/lib/qubes/
* In the /opt directory should be a VM files created earlier, with identical to current VMs names.

You should like to configure the system

  1. Add bash aliases
echo '
alias qvm-clone="qvm-clone -P varlibqubes"
alias qvm-create="qvm-create -P varlibqubes"
' >> $HOME/.bashrc
  1. Configure AppVMs
lspci
qvm-pci attach --persistent --verbose vmname dom0:06_00.0

qvm-prefs --set vmname ip 10.137.0.81
qvm-prefs --set vmname netvm none
qvm-prefs --set vmname provides_network true
qvm-prefs --set vmname memory 800
qvm-prefs --set vmname maxmem 8000

Good luck!

NOTE: Install QubesOS updates from normal persistent mode (not from πšπ™°π™Ό mode).

References

  1. Linux - Load your root partition to πšπ™°π™Ό and boot it - Tutorials - reboot.pro: _https://reboot.pro/topic/14547-linux-load-your-root-partition-to-ram-and-boot-it/ _https://web.archive.org/web/20220224235759/https://reboot.pro/topic/14547-linux-load-your-root-partition-to-ram-and-boot-it/
  2. π™³πš›πšŠπšŒπšžπš Wiki: _https://dracut.wiki.kernel.org/index.php/Main_Page
  3. Deniable encryption Β· Issue #2402 Β· QubesOS/qubes-issues Β· GitHub: _https://github.com/QubesOS/qubes-issues/issues/2402
  4. AMD Memory Encryption β€” The Linux Kernel documentation: _https://www.kernel.org/doc/html/v5.8/x86/amd-memory-encryption.html