OpenBSD Xen PHVM
577 views
Skip to first unread message
Jan Betlach
Sep 6, 2016, 3:38:59 AM9/6/16
to qubes-users
Looks like Open BSD implemented Xen PHVM drivers in 6.0. How exactly does it help to run OpenBSD guest in Qubes?
Marek Marczykowski-Górecki
Sep 6, 2016, 6:51:01 AM9/6/16
to Jan Betlach, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, Sep 06, 2016 at 12:38:59AM -0700, Jan Betlach wrote:
> Looks like Open BSD implemented Xen PHVM drivers in 6.0. How exactly does it help to run OpenBSD guest in Qubes?
PHVM drivers itself (disk/net) simply improve performance. But based on
this (or rather some parts used by those drivers), it is possible to
build drivers exposing some xen interfaces to user space, which allows
porting Qubes-specific integration.
Those drivers are required to port:
- qrexec agent (used to control VM from dom0 - for example start
applications - mostly qvm-run tool
- gui agent (seamless GUI integration)
Both of them use libxenvchan library, which itself rely on shared memory
interface and even channels. On Linux this is about those drivers:
- xen-gntalloc
- xen-gntdev
- xen-evtchn
I haven't read what parts are really implemented in Open
BSD. "Xen PHVM drivers" is rather broad term - may include just a
disk/network drivers, or just kernel part - without exposing it to
userspace. Release notes include only this:
"The xen(4) driver now supports domU configuration under Qubes OS.",
which links to:
xen driver performs HVM domU guest initialization, provides
abstraction for virtual Xen interrupts, access to the XenStore
configuration storage as well as a device probing facility for
paravirtualized devices such as disk and network interfaces.
So, it looks promising. But don't know if that's all what is required.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXzp+GAAoJENuP0xzK19csLjAH/jW6KRs0cASgFbRVOcJR10Q3
vjzWhZyf60aPRBOM/izOVUExbmmVtjtmQ4JIpoTplXYfTVAqHhiIqvWT7GzhotIP
20JUCV8SjrvLNYCGl7CKIRuiOVUx85tdM3OIZBcqexL+Z/YpFX40odpkIlAY9nax
PM+gGzCEsSe9FjnZUma6nA4h5iJ8Jz7tcHm83NJywcF9UR9BFeRs21n224xCqWQX
23PrRNaKyEHshI/5WHUx9ImDIPNliHC9H+DerMWQzphOtivNCwKvcJ8AteImKW/H
7w4lXQ7wJEX9eyZQGwKuNz/FozVZNfxIwGvpz18vZvZVk0VTUwd5b1iIwiOmQZI=
=qzuF
-----END PGP SIGNATURE-----
Hash: SHA256
On Tue, Sep 06, 2016 at 12:38:59AM -0700, Jan Betlach wrote:
> Looks like Open BSD implemented Xen PHVM drivers in 6.0. How exactly does it help to run OpenBSD guest in Qubes?
this (or rather some parts used by those drivers), it is possible to
build drivers exposing some xen interfaces to user space, which allows
porting Qubes-specific integration.
Those drivers are required to port:
- qrexec agent (used to control VM from dom0 - for example start
applications - mostly qvm-run tool
- gui agent (seamless GUI integration)
Both of them use libxenvchan library, which itself rely on shared memory
interface and even channels. On Linux this is about those drivers:
- xen-gntalloc
- xen-gntdev
- xen-evtchn
I haven't read what parts are really implemented in Open
BSD. "Xen PHVM drivers" is rather broad term - may include just a
disk/network drivers, or just kernel part - without exposing it to
userspace. Release notes include only this:
"The xen(4) driver now supports domU configuration under Qubes OS.",
which links to:
xen driver performs HVM domU guest initialization, provides
abstraction for virtual Xen interrupts, access to the XenStore
configuration storage as well as a device probing facility for
paravirtualized devices such as disk and network interfaces.
So, it looks promising. But don't know if that's all what is required.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXzp+GAAoJENuP0xzK19csLjAH/jW6KRs0cASgFbRVOcJR10Q3
vjzWhZyf60aPRBOM/izOVUExbmmVtjtmQ4JIpoTplXYfTVAqHhiIqvWT7GzhotIP
20JUCV8SjrvLNYCGl7CKIRuiOVUx85tdM3OIZBcqexL+Z/YpFX40odpkIlAY9nax
PM+gGzCEsSe9FjnZUma6nA4h5iJ8Jz7tcHm83NJywcF9UR9BFeRs21n224xCqWQX
23PrRNaKyEHshI/5WHUx9ImDIPNliHC9H+DerMWQzphOtivNCwKvcJ8AteImKW/H
7w4lXQ7wJEX9eyZQGwKuNz/FozVZNfxIwGvpz18vZvZVk0VTUwd5b1iIwiOmQZI=
=qzuF
-----END PGP SIGNATURE-----
Jan Betlach
Sep 6, 2016, 8:28:22 AM9/6/16
to qubes-users
On Tuesday, September 6, 2016 at 9:38:59 AM UTC+2, Jan Betlach wrote:
> Looks like Open BSD implemented Xen PHVM drivers in 6.0. How exactly does it help to run OpenBSD guest in Qubes?
> Looks like Open BSD implemented Xen PHVM drivers in 6.0. How exactly does it help to run OpenBSD guest in Qubes?
There are more details in the paper here: https://www.openbsd.org/papers/asiabsdcon2016-xen-paper.pdf.
Wouldn't it be great to build a pf based firewall in Qubes? :-)
Marek Marczykowski-Górecki
Sep 6, 2016, 8:50:53 AM9/6/16
to Jan Betlach, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
part missing (in addition to my previous email): network backend driver.
Without this, it is impossible to have ProxyVM.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
TZCUIiAY0JIkbKxy5YrurHttZ51Qsc2KLT9/+yE98u0evyXNi+m8JlN7zruUq6XF
11wY9GuMjeKGmarOIzrMl/RIZnnYrMLJBYXVec+bi/nptPzRnCldg46NmH/PGSvc
sE7kHX9gjuNZiDXx5Kc+8Q7EnYR9kLwz4/QLYv9LGHsYMEjXVeuUXVYfEETa+SZb
5whn5P7vXIpt2Rc32Qo8ozLQW9hwwQJkSvGe8iqiTEIAcZ4248xdL9rUqHI2zK7k
W67IbH+vC1C7waiAsEV/hHNd34zyXlbCYYrmUmbX+Zl7GXK1QhDByYDHVYUPxg8=
=POAE
-----END PGP SIGNATURE-----
John R. Shannon
Sep 7, 2016, 12:34:02 PM9/7/16
to qubes...@googlegroups.com
From the OpenBSD 6.0 Release Notes:
> The xen(4) driver now supports domU configuration under Qubes OS.
--
John R. Shannon
> The xen(4) driver now supports domU configuration under Qubes OS.
John R. Shannon
jkitt
Sep 8, 2016, 4:49:00 AM9/8/16
to qubes-users
Fingers crossed on this one.
cubit
Oct 21, 2016, 12:50:47 PM10/21/16
to John R. Shannon, qubes...@googlegroups.com
7. Sep 2016 16:33 by jo...@johnrshannon.com:
From the OpenBSD 6.0 Release Notes:The xen(4) driver now supports domU configuration under Qubes OS.
Has any persons investegated if OpenBSD as a AppVM is likely to possible?
raah...@gmail.com
Oct 21, 2016, 11:10:23 PM10/21/16
to qubes-users, jo...@johnrshannon.com, cu...@tutanota.com
ya, its been done before I think? i read something about there is now xen drivers, but it still missing net driver for a sys-net? It is on the mailing list somehwere i'll try to look.
raah...@gmail.com
Oct 21, 2016, 11:13:06 PM10/21/16
to qubes-users, jo...@johnrshannon.com, cu...@tutanota.com, raah...@gmail.com
oh this is the thread lmao...
jkitt
Oct 22, 2016, 3:48:26 AM10/22/16
to qubes-users, jo...@johnrshannon.com, cu...@tutanota.com
I'd really like to see this.
Reply all
Reply to author
Forward
0 new messages