Consider Nuke Button Keybinding

[bkerensa]

It might be helpful to have as a feature the ability to easily keybind a specific key that will initiate wiping containers with metadata. You could call it a nuke feature of sorts.

[andrewdavidwong]

containers with metadata

Does this mean "all contains that have metadata" or "containers along with their metadata"?

And by "containers" do you mean qubes (VMs)?

Does qvm-remove already do this? Would it just be a matter of keybinding qvm-remove? If so, I imagine there are already several ways of doing that.

[andrewdavidwong]

containers with metadata

Does this mean "all contains that have metadata" or "containers along with their metadata"?

And by "containers" do you mean qubes (VMs)?

Does qvm-remove already do this? Would it just be a matter of keybinding qvm-remove? If so, I imagine there are already several ways of doing that.

[andrewdavidwong]

@bkerensa: Any thoughts on the previous questions? Would you mind clarifying for us specifically what you have in mind?

[andrewdavidwong]

@bkerensa: Any thoughts on the previous questions? Would you mind clarifying for us specifically what you have in mind?

[bkerensa]

@andrewdavidwong qvm-remove does not appear what I had in mind as it does not appear at least from the readme to offer secure wiping. Ideally this would be the ability to keybind a perhaps bleachbit CLI execute to wipe all VM's which might be more secure.

This would allow someone who feels their hardware is going to be compromised by human access to initiate a secure wipe of the VM's

[bkerensa]

@andrewdavidwong qvm-remove does not appear what I had in mind as it does not appear at least from the readme to offer secure wiping. Ideally this would be the ability to keybind a perhaps bleachbit CLI execute to wipe all VM's which might be more secure.

This would allow someone who feels their hardware is going to be compromised by human access to initiate a secure wipe of the VM's

[andrewdavidwong]

In that case, it sounds like this might be a duplicate of #921.

To clarify, it sounds like the purpose is the same, even if the execution is not. The suggestion is #921 is to provide a way to wipe the LUKS header for the entire encrypted disk (which, of course, contains all the VMs along with the entire OS). Your suggestion, if I understand it correctly, is to preserve the OS but securely wipe only the VMs along with their metadata. However, if I understand you correctly, your goal in doing this is precisely the same as the goal of #921. In that sense, it seems fair to say that they are duplicates. Do you agree?

Another possible way of implementing your suggestion would be to have per-VM encryption, then wipe the encryption headers for each VM. (See discussion in #904 and #1293.)

Do you think it's fair to say that your suggestion qualifies as a duplicate of one (or more) of these?

[andrewdavidwong]

In that case, it sounds like this might be a duplicate of #921.

To clarify, it sounds like the purpose is the same, even if the execution is not. The suggestion is #921 is to provide a way to wipe the LUKS header for the entire encrypted disk (which, of course, contains all the VMs along with the entire OS). Your suggestion, if I understand it correctly, is to preserve the OS but securely wipe only the VMs along with their metadata. However, if I understand you correctly, your goal in doing this is precisely the same as the goal of #921. In that sense, it seems fair to say that they are duplicates. Do you agree?

Another possible way of implementing your suggestion would be to have per-VM encryption, then wipe the encryption headers for each VM. (See discussion in #904 and #1293.)

Do you think it's fair to say that your suggestion qualifies as a duplicate of one (or more) of these?

[andrewdavidwong]

Closing due to inactivity/lack of response. Please feel free to reopen this if you revisit the matter in the future.

[andrewdavidwong]

Closing due to inactivity/lack of response. Please feel free to reopen this if you revisit the matter in the future.