Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-02-25 17:21:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Cross-link installation guide and re-verification section

Browse Source
This commit is contained in:
Andrew David Wong 2022-07-20 22:56:56 -07:00
parent 3d08155ea9
commit 2e3c43c836
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
2 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
project-security/verifying-signatures.md
View File

@ -554,7 +554,7 @@ FAQ](#troubleshooting-faq) below.
_This is an optional section intended for advanced users._ _This is an optional section intended for advanced users._
After you have authenticated your Qubes ISO and written it to your desired After you have authenticated your Qubes ISO and written it onto your desired
medium (such as a USB drive or optical disc), you can re-verify the data that medium (such as a USB drive or optical disc), you can re-verify the data that
has been written to your medium. Why would you want to do this when you've has been written to your medium. Why would you want to do this when you've
already verified the original ISO? Well, it's conceivable that a sufficiently already verified the original ISO? Well, it's conceivable that a sufficiently
@ -570,14 +570,16 @@ cryptographically-signed (or both), as discussed in our [installation security
considerations](/doc/install-security/). considerations](/doc/install-security/).
This section will walk through an example of re-verifying the installer on such This section will walk through an example of re-verifying the installer on such
a device. We begin by assuming that you have just written your desired Qubes a device. We begin by assuming that you have just [written your desired Qubes
ISO onto the USB drive. First, unplug your USB drive and flip the write protect ISO onto the USB
switch so that the data on the drive can no longer be altered. If you have a drive](/doc/installation-guide/#copying-the-iso-onto-the-installation-medium).
different computer from the one you used to create the installation medium, First, unplug your USB drive and flip the write protect switch so that the data
consider using that computer. If not, try to at least use a fresh VM (e.g., if on the drive can no longer be altered. If you have a different computer from
it's a Qubes system). The idea is that the original machine may have been the one you used to create the installation medium, consider using that
compromised, and using a different one for re-verification forces your computer. If not, try to at least use a fresh VM (e.g., if it's a Qubes
hypothetical adversary to compromise an additional machine in order to succeed. system). The idea is that the original machine may have been compromised, and
using a different one for re-verification forces your hypothetical adversary to
compromise an additional machine in order to succeed.
Now, our goal is to perform the same verification steps as we did with the Now, our goal is to perform the same verification steps as we did with the
original ISO, except, this time, we'll be reading the installer data directly original ISO, except, this time, we'll be reading the installer data directly

3
user/downloading-installing-upgrading/installation-guide.md
View File

@ -92,6 +92,9 @@ chosen a different medium, please adapt the instructions accordingly.
<i class="fa fa-exclamation-circle"></i> <i class="fa fa-exclamation-circle"></i>
<b>Note:</b> There are important <a href="/doc/install-security/">security <b>Note:</b> There are important <a href="/doc/install-security/">security
considerations</a> to keep in mind when choosing an installation medium. considerations</a> to keep in mind when choosing an installation medium.
Advanced users may wish to <a
href="/security/verifying-signatures/#how-to-re-verify-installation-media-after-writing">re-verify
their installation media after writing</a>.
</div> </div>
<div class="alert alert-danger" role="alert"> <div class="alert alert-danger" role="alert">