Go back to topic: Fully Ephemeral DispVM's
| Currently Qubes DispVM's are not fully ephemeral; data written to xvda and xvdb is | Currently Qubes DispVM's are not fully ephemeral; by default data written to xvda and xvdb is written to the disk in plaintext. When the user sets ephemeral=True data written to xvdc is encrypted with an ephemeral encryption key placed in RAM. If in addition the user sets rw:root rw 0 then writes to xvda are routed to xvdc and thus encrypted. However xvdb is at present always written to the disk in plaintext. |