Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-12-15 07:53:07 -05:00
Code Issues Projects Releases Packages Wiki Activity

Update links

Browse source
This commit is contained in:
Andrew David Wong 2020-09-13 08:19:29 -05:00
parent 3f6363ec49
commit 3110a406b6
No known key found for this signature in database
GPG key ID: 8CE137352A019A17
3 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
external/security-guides/security-guidelines.md vendored
View file

@ -141,7 +141,7 @@ See [here](/doc/usb/).
Dom0 Precautions
----------------
As explained [here](/getting-started/#appvms-qubes-and-templatevms), dom0 should not be used for any user operations. There are several reasons for this:
As explained [here](/getting-started/), dom0 should not be used for any user operations. There are several reasons for this:
1. Secure isolation among domUs (i.e., AppVMs, StandaloneVMs, HVMs, etc.) is the *raison d'être* of Qubes. This is the primary reason that we recommend the delegation of all user activities to some number of AppVMs. In the event that any given VM is compromised, only that particular VM is compromised. (TemplateVMs are the exception to this. If a TemplateVM were compromised, then every AppVM based on it might also be compromised. Even in this case, however, the entire system would not necessarily have been compromised, since StandaloneVM(s), HVM(s), and/or multiple TemplateVMs might be in use.) By contrast, if dom0 were ever compromised, the entire system would thereby be compromised.
2. Due to the absence of convenience mechanisms in dom0 such as the inter-VM clipboard and inter-VM file copying, it is significantly less convenient to attempt to use dom0 for user operations (e.g., password management) in conjunction with AppVMs than it is to use another dedicated AppVM (e.g., a "vault" VM).