For the past few months, I have been using this setup. It remains a solid choice: storing an unencrypted /boot and a detached LUKS header on a USB drive keeps the internal disk encrypted without metadata.
However, it has some friction. I have to manually mount /boot before updating dom0 and remember to unmount it before rebooting or restarting sys-usb (e.g., during a template upgrade) to prevent the system from hanging.
Another setup makes /boot both encrypted and detached (stored on the USB). This also requires the drive to be present and mounted during dom0 updates.
I have successfully implemented an alternative setup with the following benefits:
dom0 can be updated without the USB drive.The OS is installed "normally" into an encrypted LUKS partition that includes /boot. We then create a USB drive containing only the GRUB EFI files and the detached LUKS header. Upon booting, GRUB (on the USB) unlocks the internal LUKS2 partition using the detached header, locates the internal /boot, and hands over the boot process.
This guide assumes Qubes is already installed, preferably with a detached header.
If you use Argon2 in the LUKS2 partition, a recent version of GRUB is needed. Note that it doesn't need to be installed to dom0.
It is high recommended to get yourself familiar with the two setups mentioned above, as well as the basic info in Arch Wiki.
/boot resides on a standard LVM logical volume or a dedicated partition. In particular, if / is supported by GRUB, /boot can be just a normal folder in /.If your /boot is currently detached, move those files to the internal location defined in the previous step.
Write a minimal grub.cfg that:
cryptomount to unlock the LUKS partition using the header file on the USB.configfile to hand over to the primary grub.cfg inside the now-unlocked LUKS partition.grub-mkstandalone to create an EFI binary and copy it to the USB EFI partition. Copy your header file to the USB, ensuring the path matches your grub.cfg.efibootmgr and adjust your BIOS/UEFI boot order as needed.initramfs in dom0. Because /boot is now encrypted, the initramfs remains secure. Note that the kernel does not "inherit" the unlocked state from GRUB, so it still needs credentials to unlock the partition again.A single USB drive can support multiple machines. Store all relevant header files on the drive and modify the USB’s grub.cfg to identify the machine's UUID via smbios. This allows GRUB to dynamically determine which header and partition to use.
With this setup, you can sign the GRUB EFI binary once. You only need to repeat this if you update GRUB or its configuration; you don't need to sign every kernel update. While this isn't a full hardware-to-kernel "root of trust," it is a convenient way to keep Secure Boot enabled for compatibility with other operating systems.