Featured Updates

BusKill v0.7.0 released
BusKill Demos (Windows, MacOS, Linux, TAILS, QubesOS)
Disarm BusKill in QubesOS
LUKS Header Shredder (BusKill Self-Destruct Trigger)
BusKill available in-store (Leipzig ProxySto.re)
BusKill goes to DEF CON 32
Bitcoin Black Friday (10% discount on BusKill)
BusKill available in-store (The Netherlands NovaCustom)
3D-Printable BusKill Prototype Demo
BusKill Now Shipping!
previous arrow
next arrow

A Laptop Kill Cord for QubesOS

This post will describe how to use BusKill as a dead man switch to trigger your laptop to self-destruct if it’s physically separated from you. This guide is specific to QubesOS users.

What if someone literally steals your laptop while you’re working with classified information inside a Whonix DispVM? They’d also be able to recover data from previous DispVMs–as Disposable VM’s rootfs virtual files are not securely shredded after your DispVM is destroyed.

QubesOS Logo
QubesOS: A reasonably secure OS

This is part one of a two-part series. For part two, see Disarm BusKill in QubesOS (2/2)

  1. A Laptop Kill Cord for QubesOS (1/2)
  2. Disarm BusKill in QubesOS (2/2)

Are you a security researcher, journalist, or intelligence operative that works in QubesOS–exploiting Qubes’ brilliant security-through-compartimentalization to keep your data safe? Do you make use of Whonix Disposable VMs for your work? Great! This post is for you.

I’m sure your QubesOS laptop has Full Disk Encryption and you’re using a strong passphrase. But what if someone literally steals your laptop while you’re working with classified information inside a Whonix DispVM? Not only will they get access to all of your AppVM’s private data and the currently-running Whonix DispVM’s data, but there’s a high chance they’d be able to recover data from previous DispVMs–as Disposable VM’s rootfs virtual files (volatile.img) are not securely shredded after your DispVM is destroyed by Qubes!

Let’s say you’re a journalist, activist, whistleblower, or a human rights worker in an oppressive regime. Or an intelligence operative behind enemy lines doing research or preparing a top-secret document behind a locked door. What do you do to protect your data, sources, or assets when the secret police suddenly batter down your door? How quickly can you actually act to shutdown your laptop and shred your RAM and/or FDE encryption keys?


BusKill utilizes a magnetic trip-wire that tethers your body to your laptop. If you suddenly jump to your feet or fall off your chair (in response to the battering ram crashing through your door) or your laptop is ripped off your table by a group of armed thugs, the data bus’ magnetic connection will be severed. This event causes a configurable trigger to execute.

The BusKill trigger can be anything from:

  1. locking your screen or
  2. shutting down the computer or
  3. initiating a self-destruct sequence

This post will describe how to setup such a system in QubesOS with BusKill

Continue reading

LUKS Header Shredder (BusKill Self-Destruct Trigger)

This post will describe how to add a trigger that initiates a “self-destruct” sequence when your BusKill laptop kill cord’s connection is severed–rendering your data permanently & irrevocably destroyed in the event that your laptop were physically separated from you (ie: by a snach-and-run thief).

LUKS Header Shredder

Many people were disappointed when the original post introducing BusKill only alluded to a self-destruct trigger, without actually describing how to use it with BusKill. This was done for two reasons:

  1. Most people probably don’t actually want an accidental false-positive to destroy all their data and
     
  2. A self-destruct sequence should be taken seriously. Its implementation should be thoroughly thought-out, tested, and forensically analyzed

This article will provide that thorough analysis and explain to the reader how to implement a self-destruct trigger with BusKill on linux machines that have FDE with LUKS.

Continue reading

Scroll to top