Dual boot win7 debian Uefi

stefanos · May 31, 2019, 3:39pm

hi
since my some BTCs were mybe phished on win7 or because malware. i want do following changes on my machine.

i have one ssd drive on machine

1- i want to install win7 or win10 and shrink ssd for linux before full encrypting that win.

2- i install debian full encrypted with luks

Mswin will be for webbrowsing online buying and adobe programms.

Debian will be only for whonix to be separated from the private area

is this concept sufficient and safe?
Are both ssd partions fully encrypted in the case of shrinkinig it

What about swap boot created in linux are they encrypted

In Addition how to secure sensetiv data on Whonix workstation? incl storage folder

Thanks

Edit: Moved from Physical Isolation by @0brand

0brand · May 31, 2019, 5:58pm

Hi stepanos

While installing 2 operating systems, 1 each on a separate partition might seem like it would enhance security in the same way as physical isolation (which requires two separate computers). Dual booting is not recommended.

The following could apply to any dual-boot configuration. Such as a Windows and Debian dual-boot configuration.

https://www.qubes-os.org/doc/multiboot/

One problem is that when you dual or multiboot, even if you are using encryption on your Qubes installation, /boot is still unprotected and could be maliciously modified by the other OS, possibly leading to Qubes itself being maliciously modified.

The other problem is firmware security - for example the other system could infect BIOS firmware, which might enable compromise or spying on the Qubes system.

stefanos · May 31, 2019, 8:04pm

Grub2 has an option to crypt bootloader and (crypting grub2 and kernel ramdisk against physical attaks )

So your opinion would be to install just debian on ssd and then use vbox to drive whnonix machines and win10 win7 ?

0brand · May 31, 2019, 9:40pm

If the bios firmware was infected with malware an encrypted bootloader would not be of much help.

Best case would be to use the computer for Whonix use only. But thats’ not always an option for everyone such as in this case. Running Windows and Whonix in VirtualBox would isolate the VMs from each other and the host. That alone would be reason to use a hypervisor over dual-booting imo. You would want not want to use the host (debian) for any online activities. You would only update the packages on the host and nothing else.

You should also check out the Whonix wiki for more on securing your host and Whonix. These are just two of the many chapters dedicated to this subject.

stefanos · May 31, 2019, 10:34pm

now i unterstand that dual boot is no go

Pro: using win as dual boot would be faster .

i´ve decided to use debian as host . all my activities will be only on VM

but could for example win7 or 10 VMs infect debian host in other ways even if i never did any activities on host