-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2017-01-06 17:37, Marek Marczykowski-Górecki wrote:
> On Fri, Jan 06, 2017 at 08:04:08PM +0000, 5vo30m+lpi66xm176ugr7ruk via qubes-users wrote:
>> Hi everyone!
>
>> First off happy new year! :)
>
>> To get into the subject, I'm trying to get as many Qubes users around me as possible to convert my family and friends from Windowsism to Qubism. However in some cases I see that the Intel®™ (backdoor℠ inside®) hardware that they have does not support VT-x and VT-d.
>
>> So I would like to better understand the implications of this. From the User FAQ:
>
>>
https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-x
>
>> I understand that this means that:
>
>> o Not being able to use fully virtualized VMs (e.g., Windows-based qubes)
>
>> o No security benefit in having a separate NetVM
>
>> But the points I wont to understand are:
>
>> ~ Does this mean that one wont be able to install Windows in a VM in such system (that's it?)?
> Yes.
>
>> What does fully virtualized VM really mean?
>
>
https://www.qubes-os.org/doc/glossary/#hvm
>
> In short: a VM running OS not necessary modified to be running in a VM.
>
>> ~ How is this relevant practically speaking? In other words, could an attacker deploy malware to NetVM (from an AppVM that is connected to the NetVM)? If not, in which situations can attacker get to the NetVM and therefore to dom0?
>
> The way you've descried, or using some remote attack directly on NetVM -
> because NetVM is what is facing external network directly.
>
Another, additional way of answering this question:
"On a system without VT-d, everything should work in the same way,
except there will be no real security benefit to having a separate
NetVM, as an attacker could always use a simple DMA attack to go from
the NetVM to Dom0."
Then read this:
https://www.qubes-os.org/doc/user-faq/#what-is-a-dma-attack
Basically, read the next two FAQ entries after the one you linked. :)
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYcKbyAAoJENtN07w5UDAw380P/3vH/GlHBGsYV5qmU1fDdRu8
JHz9ZG5tWVIba219sYMNCHa4F+Wc907prEyooG0XRBwtIKoZ/qXP5bMKX6WBuXSw
8wQfEewrWvSU7vCGW67DEc4OYcwKNwiV8mX6ebFSt/dtKHshLmyCylnaJ0Sg59Kn
PwIdkG1E7Gzt7pt0Ti2WUzjKeWMY0GWZm9kuYG5DL1iRguanGrmVyn+RRAZMn5af
WRrP7GBFAK7ykOWP4zTpZ8onlL7En9s+MNp7Mn6hyDyIYKvwQ2LcE63p2H8dozku
5cDGkxWJIB/dqhd9URnVhq/cVKdXvHXGztGBR62tSpq2neuYhi8FyTpdKqxuspvV
1zMsBGp8DP8Q03Mf8AeJ7DLfrHfZYi1HmwhYa3uOZnntAHd3x93QRXOyiWiLr88e
aBiYHCQMdy+o8FMrikvPfQi8Wd7JGSqmzOzw8TMhnuQ8QlZCa6GdYfQa23oBi4El
t12M2RBykur2grLfRf/wUcMiTRxZ1WTVXrY4YPDoH+79QzEV5xhJrrlWKFYEYySG
SsnOpToBa/iHwWtrVKqDfubca1umDnSRjYJuKjWourzO5LEpG9hkjFdUg0olTMet
C05tE/Hlg8+PeLg2y06PCavQZK7nRkN7L3U0SEYck8RVovslKmbUeKFWtMM+rqQi
ZPisdXAjwa+YtnEsdwbz
=EXu4
-----END PGP SIGNATURE-----