Featured Updates

3D Printable BusKill Proof-of-Concept
BusKill Demos (Windows, MacOS, Linux, TAILS, QubesOS)
BusKill available in-store (Leipzig ProxySto.re)
BusKill v0.7.0 released
Disarm BusKill in QubesOS
previous arrow
next arrow

Disarm BusKill in QubesOS

This post will describe how to setup keyboard shortcuts in QubesOS so that you can temporarily disarm (pause) the BusKill laptop kill cord.

This allows the user to, for example, go to the bathroom without causing their computer to shutdown or self-destruct.

This is a guide that builds on part one: A Laptop Kill Cord for QubesOS (1/2). Before reading this, you should already be familiar with how to setup udev rules for BusKill on QubesOS.

  1. A Laptop Kill Cord for QubesOS (1/2)
  2. Disarm BusKill in QubesOS (2/2)

ⓘ Note: This post is adapted from its original article on Tom Hocker's blog.

What is BusKill?

What if someone literally steals your laptop while you're working with classified information inside a Whonix DispVM? They'd also be able to recover data from previous DispVMs--as Disposable VM's rootfs virtual files are not securely shredded after your DispVM is destroyed.

QubesOS Logo
QubesOS: A reasonably secure OS

Are you a security researcher, journalist, or intelligence operative that works in QubesOS--exploiting Qubes' brilliant security-through-compartimentalization to keep your data safe? Do you make use of Whonix Disposable VMs for your work? Great! This post is for you.

I'm sure your QubesOS laptop has Full Disk Encryption and you're using a strong passphrase. But what if someone literally steals your laptop while you're working with classified information inside a Whonix DispVM? Not only will they get access to all of your AppVM's private data and the currently-running Whonix DispVM's data, but there's a high chance they'd be able to recover data from previous DispVMs--as Disposable VM's rootfs virtual files (volatile.img) are not securely shredded after your DispVM is destroyed by Qubes!

Let's say you're a journalist, activist, whistleblower, or a human rights worker in an oppressive regime. Or an intelligence operative behind enemy lines doing research or preparing a top-secret document behind a locked door. What do you do to protect your data, sources, or assets when the secret police suddenly batter down your door? How quickly can you actually act to shutdown your laptop and shred your RAM and/or FDE encryption keys?


BusKill utilizes a magnetic trip-wire that tethers your body to your laptop. If you suddenly jump to your feet or fall off your chair (in response to the battering ram crashing through your door) or your laptop is ripped off your table by a group of armed thugs, the data bus' magnetic connection will be severed. This event causes a configurable trigger to execute.

The BusKill trigger can be anything from:

  1. locking your screen or
  2. shutting down the computer or
  3. initiating a self-destruct sequence

While our last post described how to setup such a system in QubesOS with BusKill, this post will describe how to add keyboard shortcuts to arm & disarm the dead man switch (eg so you can go to the bathroom).

Continue reading

A Laptop Kill Cord for QubesOS

This post will describe how to use BusKill as a dead man switch to trigger your laptop to self-destruct if it's physically separated from you. This guide is specific to QubesOS users.

What if someone literally steals your laptop while you're working with classified information inside a Whonix DispVM? They'd also be able to recover data from previous DispVMs--as Disposable VM's rootfs virtual files are not securely shredded after your DispVM is destroyed.

QubesOS Logo
QubesOS: A reasonably secure OS

This is part one of a two-part series. For part two, see Disarm BusKill in QubesOS (2/2)

  1. A Laptop Kill Cord for QubesOS (1/2)
  2. Disarm BusKill in QubesOS (2/2)

Are you a security researcher, journalist, or intelligence operative that works in QubesOS--exploiting Qubes' brilliant security-through-compartimentalizatio to keep your data safe? Do you make use of Whonix Disposable VMs for your work? Great! This post is for you.

I'm sure your QubesOS laptop has Full Disk Encryption and you're using a strong passphrase. But what if someone literally steals your laptop while you're working with classified information inside a Whonix DispVM? Not only will they get access to all of your AppVM's private data and the currently-running Whonix DispVM's data, but there's a high chance they'd be able to recover data from previous DispVMs--as Disposable VM's rootfs virtual files (volatile.img) are not securely shredded after your DispVM is destroyed by Qubes!

Let's say you're a journalist, activist, whistleblower, or a human rights worker in an oppressive regime. Or an intelligence operative behind enemy lines doing research or preparing a top-secret document behind a locked door. What do you do to protect your data, sources, or assets when the secret police suddenly batter down your door? How quickly can you actually act to shutdown your laptop and shred your RAM and/or FDE encryption keys?


BusKill utilizes a magnetic trip-wire that tethers your body to your laptop. If you suddenly jump to your feet or fall off your chair (in response to the battering ram crashing through your door) or your laptop is ripped off your table by a group of armed thugs, the data bus' magnetic connection will be severed. This event causes a configurable trigger to execute.

The BusKill trigger can be anything from:

  1. locking your screen or
  2. shutting down the computer or
  3. initiating a self-destruct sequence

This post will describe how to setup such a system in QubesOS with BusKill

Continue reading

LUKS Header Shredder (BusKill Self-Destruct Trigger)

This post will describe how to add a trigger that initiates a "self-destruct" sequence when your BusKill laptop kill cord's connection is severed--rendering your data permanently & irrevocably destroyed in the event that your laptop were physically separated from you (ie: by a snach-and-run thief).

LUKS Header Shredder

Many people were disappointed when the original post introducing BusKill only alluded to a self-destruct trigger, without actually describing how to use it with BusKill. This was done for two reasons:

  1. Most people probably don't actually want an accidental false-positive to destroy all their data and
     
  2. A self-destruct sequence should be taken seriously. Its implementation should be thoroughly thought-out, tested, and forensically analyzed

This article will provide that thorough analysis and explain to the reader how to implement a self-destruct trigger with BusKill on linux machines that have FDE with LUKS.

Continue reading

Scroll to top