You can use GPU computing in Dom0 with the assumption that:
- You trust the software you plan on using
- 3D design software such as Blender
- GPU compute such as CUDA libs, Tensorflow, Keras, etc..
- You only create assets/code and export them out of Dom0
If you have multiple GPU (i.e. integrated + NVidia), it is possible with Xen to do GPU pass-through (Assign the NVidia GPU to a dedicated VM) however:
- It is far from trivial and only limited setups are known to work
- The security of it is not as robust (I can't remember where I read that, I think it was in the GPU Pass-through page of the Xen wiki)
I have tried with limited success few years back (only one boot and was never able to get it back after)...
Sorry forgot to mention that GPU pass-through also require another monitor (or switch input...).
It may also be much easier to only use it as a Compute GPU (you keep the UI via Qubes-Dom0)
You right, one can, but:
* At least, this goes against the nature of Qubes.
* You don't have any Internet connection there.
* Creating only (and not importing anything) is a very important (and often unrealistic) assumption. So, you should not open any file you download. If there is some vulnerability in such software (well, Blender: https://developer.blender.org/T52924), you are actually potentially more affected than with traditional OS like Ubuntu: In Qubes, dom0 sometimes gets out of date (like Q3.2 being based on EOLed F23), so you don't receive any security update for software like Blender. That's not because ITL does not care about security, that's because Blender is not a a security-critical component like Xen or Linux kernel are. That's the cost of using Qubes in a way it was never intended.
> If you have multiple GPU (i.e. integrated + NVidia), it is possible with Xen to do GPU pass-through (Assign the NVidia GPU to a dedicated VM) however:
> - It is far from trivial and only limited setups are known to work
Right.
> - The security of it is not as robust (I can't remember where I read that, I think it was in the GPU Pass-through page of the Xen wiki)
I guess one of potential reasons: Some people have succeeded only without stubdom, i.e., with QEMU running in dom0.
V6
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1970768.QL1Wn2a4Hl%40mail.
--
You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/l2oqYEWpY-A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
I'll reply in that thread about this to stay in topic.
But in few words: Not possible until GPU virtualization to have a trustable solution.
Since I am unable to estimate the security aspects of any given approach, and you do, have you seen this approach? https://forum.level1techs.com/t/looking-glass-guides-help-and-support/122387
I am not member of the Qubes core team, I am an avid user/developer and believer :) so my view is only mine...
The project you mention is doing a great job (for a VMWare workstation type set-up), however as far as I understood the copy is from/to the same GPU. This is where I am NOT comfortable with. As explained the client VM would issue processing requests to the GPU (and may abuse it).
However, using their work to copy from one GPU (assigned to ONE VM) to Dom0 GPU could be good. However you still have the problem with the BW on the bus (luckily depending on your hardware build 2 different buses (your 2 cards are on different PCIe lines). You will not get 144Hz but 60Hz is within reach. Temptation to compress the stream will be there, the decompression code will be in the attack surface.
Thanks for looking at it, and your thoughts. :)
To clarify: their idea indeed is to use two GPUs, since SR-IOV support simply isn't an option for regular users (due to artificial market segmentation), and according to them, any dom0 GPU that supports PCIe gen3 x4 can handle up to 4k60 at least.
--
You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/l2oqYEWpY-A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3a20b39b-7ee8-43ca-9cfc-1d5e2ed26f18%40googlegroups.com.