What's your opinion about QubesOS ? Is it really more secure?

Are you sure? Because most victims of theft probably thought it would never happen to them or that it would never happen where they live.

That being said, I have no idea where you live so maybe your equipment is totally secure.

It is, of course, up to you. Only you can decide which risks you care about.

For myself, I measure the risk again the cost to determine if it is worth it. In the case full disk encryption(FDE), the cost is minimal. A small amount of performance loss and the time/effort it takes to deploy it. On the risk side, FDE protects against not only theft or other physical exploits but also accidental loss such as failing to wipe a drive before disposing of it. So, for me, it is worth it.

@dalto
I have 2 storage devices in this desktop. One SSD & one HDD.

The SSD has 2 partitions. The first one is the / where EOS is installed & a separate /home.
The spinning HDD has only one partition where I keep large files.

Is there a way to implement FDE without doing a complete reinstall ?

I have invested so much time to configure EOS I am looking for way to avoid a reinstall.

If you have sufficient free space on those devices you can theoretically move all the data off of one device onto the other. Enrypt it, then reverse the operation and encrypt the other device.

That being said, it is probably easier just to backup your data, reinstall and then restore your backed up data.

@dalto
The data that I have on the HDD is of no value even if it ends up in wrong hands.
I just want to do what you suggested. I want to copy the data which is in my /home/username to the spinning drive encrypt the /home & copy the data back.
The copying process is easy but how do I encrypt my /home ? Is it possible to do this while using the system or will I need the EOS Live USB ?

Do you have your /home on it’s own partition, or it part of your root partition?

$ lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda      8:0    0 149.1G  0 disk 
└─sda1   8:1    0   149G  0 part /home/home/seagate  
sdb      8:16   0 111.8G  0 disk 
├─sdb1   8:17   0     2G  0 part /boot/efi
├─sdb2   8:18   0  39.1G  0 part /
└─sdb3   8:19   0  70.8G  0 part /home 
sr0     11:0    1  1024M  0 rom  

sdb2 is my root.
sb3 is my home which as you can see is separate.

First, ensure you have a backup.

Unmount /dev/sda1 and remount it outside of your /home. It doesn’t matter where but for the purposes of this discussion, I will assume it is mounted at /mnt/seagate

Then:

sudo rsync -aAXHv /home/arch_lover /mnt/seagate

Now check that /mnt/seagate/home contains the contents of your home folder. Ensure it also contains all hidden files/directories.

From here, you can either do it in place, or switch to a live media. It is substantially easier to do it from live media, so I would recommend that. Here are the steps:

• Put a luks container on /dev/sdb3 and then format it with your preferred filesystem
• Mount the filesystem somewhere
• Use the above rsync command in reverse to copy the data back to the new partition
• Update /etc/fstab with the new /home mount.
• Reboot

@dalto
I am going to do this right now. One last thing. You remember I asked if its a bad idea to use an old EOS iso for installation ? I guess it was you who told me to download a fresh iso before a new install so I have deleted the EOS iso. If I do this from the actual install will the process differ in any way ?

Yes, there are many more steps involving safely unmounting and temporarily remounting your /home directory. Also, parts of the process would have to be done from the TTY as root.

Alright, I am running Grsync at the moment for backup. I will download EOS iso & try this once I make a live usb.

@dalto
Very sorry. I actually happen to have the iso. I forgot I had made another copy.
The iso is endeavouros-2021.04.17-x86_64.iso
Honestly I am feeling nervous about this whole thing. I will just reinstall with FDE.

Will this iso work ? Or is it too old ?

Note: I actually spotted it while I was running the rsync command you gave me.
Its a good thing that I have a third copy of my /home. I mean my home is already backed up to my external drive excluding the hidden stuff.

That is the latest ISO.

Done ! I have reinstalled EOS with FDE. After installation I got 800MB+ updates. Since I have a daily limit of 3GB I ran out of data. So I couldn’t reply yesterday.

I must mention one point. I was trying to create a separate /home partition but that was not possible. When I select manual partitioning there was no option for encryption & when I selected Erase disk there was no option for a separate /home partition.

Source : https://discovery.endeavouros.com/encrypted-installation/encrypted-installation/2021/03/

While entering the passphrase I used the same. I mean I used my login password as my passphrase. Is that okay ? I didn’t even know what a passphrase means. This is my first encrypted install.

This might be of use then.

Yes, I can do that now. I mean after finishing the installation. During the install I had to learn how to enable encryption. So you can understand that FDE is something which is completely new to me. Despite the fact that I was not aware of the “technical” meaning of passphrase I had guessed what it means & luckily my guess was correct.

Now the only thing that’s causing worry is if I made the right decision of using my login password as my passphrase.

I would be interested to know if anyone installed QubeOS and loaded up few apps to see what experience is like. Especially if straight forward to create the application containers i.e. easy as VMware or Virtualbox etc

Maybe I’ll throw it on physical drive to give a go. Running out of SATA ports on motherboard now as I hate partitioning to try out new distros.

Just search “qubesos review” on Youtube. If only I had enough RAM I would have tried it. I am also curious.

It means the same thing as “password”.

It is certainly less secure than having them different. That being said, either can be changed.