Silk Road forums
Discussion => Security => Topic started by: Camarasin on June 26, 2013, 10:10 pm
-
I'm attempting to have two different drives each with their own OS, one for regular use, one for anonymous use; as part of my non-Tails security setup.
Is there any way I can get each OS to only "see" the disk its installed on and in no way interact with the other disk? Or any other way I can get the two disks to behave as two virtually separate systems as best possible?
I'm likely going to be using a Debian based distro for both OSes.
Thanks :)
-
If your processor supports VT-d or IOMMU you can do this with Xen and SATA passthrough. Without VT-d or IOMMU you cannot virtually isolate hardware though.
Essentially this configuration allows you to have multiple virtual machines that have direct access to (different) hardware, and to lock a specific piece of hardware to a specific virtual machine (so that even the host OS doesn't have access to the hardware anymore). I imagine this is what you meant and not something like dual booting right? PS: You can even game on a Windows VM with almost no performance penalty if you PCI passthrough a graphics card to a windows guest.
I don't think it is 100% perfect though, because there are theoretical attacks where the attacker, for example, reflashes your video card in such a way that it attacks your system during the boot sequence. But it is 99% perfect :P.
-
Well this is not going to necessarily be the easiest solution .. but, can you just plug in only the HD you wish to access at the given time? Leaving at least the interface to the other HD unplugged?
-
As KMF mentioned, there is some stuff you can do with virtualization to isolate OS hardware access. However, the host OS is still going to be able to detect both drives or the virtualization software wouldn't be able to provision it to the guest OSes.
In general, there is nothing you can do (outside of physically disconnecting the cables) that is somehow going to prevent hardware from being seen by the main OS installed on a system. It sees whatever is connected to its systemboard via the different ports.
-
As KMF mentioned, there is some stuff you can do with virtualization to isolate OS hardware access. However, the host OS is still going to be able to detect both drives or the virtualization software wouldn't be able to provision it to the guest OSes.
In general, there is nothing you can do (outside of physically disconnecting the cables) that is somehow going to prevent hardware from being seen by the main OS installed on a system. It sees whatever is connected to its systemboard via the different ports.
Actually you are right. The host cannot use a device while it is passedthrough to a guest VM (ie: you cannot have the host use the same graphics card that you passthrough to a guest, it would need to use its own) , but it can still detach it from the guest VM and then use it (meaning that the host can break the isolation). So the OP will need to have two xen virtual machines and a known as non-compromised host that is used for nothing other than Xen, and which has no networking code present on it. He will also need three hard drives, one for the host, and one to be passed through for the first VM and another to be passedthrough to the second. He would also need a third xen VM with a network card passedthrough to it, for all of the other VM's to route through to gain access to the internet. This is essentially describing Qubes btw.
+1 for pointing that out, my original description was misleading (because the host can access the passedthrough hardware, it just needs to detach it first).
-
Thanks for +1.
One additional comment I might make about your recent setup description is one could probably get by with just two physical disks with relatively the same level of security. If a partition is created on the same disk that the host OS is installed on to use for insecure/regular operations and then VT-d is used to isolate the secure physical disk, the two guest OSes would still be isolated from one another logically and this would avoid the need for having a separate physical disk just to boot the host OS. I don't know of too many laptops that can support three onboard drives so if this is the form factor being used (unspecified in OP) then he would probably only have the two drives max to work with.
Main thing with this setup to understand is that the secure volume can still be accessed with physical access to the computer so fully encrypt it and require a password for unlocking to boot for true security.