Qubes OS 4.0 without IOMMU
608 views
Skip to first unread message
damm swing
Sep 14, 2017, 3:22:52 PM9/14/17
to qubes...@googlegroups.com
Hello,
Will it be possible to use the final version of Qubes OS 4.0 (at your own risk) on hardware without IOMMU (only with SLAT)?
Regards
Yethal
Sep 14, 2017, 5:12:26 PM9/14/17
to qubes-users
danns...@gmail.com
Sep 14, 2017, 6:42:12 PM9/14/17
to qubes-users
Tai...@gmx.com
Sep 14, 2017, 11:05:24 PM9/14/17
to damm swing, qubes...@googlegroups.com
You can get a laptop (see my post in "Acer Aspire E15" thread for my
recommended choices) that has all the features you need for only
$100-200 so it isn't worth it for the developer team to make it possible
for qubes to work without one of the key security measures.
damm swing
Sep 15, 2017, 11:58:23 AM9/15/17
to qubes-users
https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/
Marek Marczykowski-Górecki
Sep 15, 2017, 5:44:58 PM9/15/17
to damm swing, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Yes, it is possible to switch sys-net and sys-usb to PV, but even for PV
IOMMU makes a great difference. See here:
https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-d
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZvEnSAAoJENuP0xzK19csQ4EH/1feU2j6eYUvRN0WBlwDtYdb
8PvF3Qk/nXuYRIzBjQ2ykHc6MsX4YQdvRU1gI90JdHX+5y6PSrKGGm8O5AWxhRp6
Xl1Ev5Xs5vV8wCjcYp9FVpMmD+aGx06CtHaWkhQkMe7rhSxcoxASBZiMNvCl/kWC
D4wZ2Hvg5Fp3LqiEHfx3Kei8OSqnd/UaVRnLcMSkQ4B64ilkJbT036AbNNYCN0wW
saTSOxzEHzSrLvBvBm50n7v7f+jJCxnGPeeWxdW9dWXyXdAThTiKk/RtYp+0ZYv3
/FNdvNhJ24kjF7KE1NffHGVoYY4veoGISfV/TSeQ86GIjxF98yaV0ji0UonRYIo=
=aHth
-----END PGP SIGNATURE-----
Hash: SHA256
IOMMU makes a great difference. See here:
https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-d
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZvEnSAAoJENuP0xzK19csQ4EH/1feU2j6eYUvRN0WBlwDtYdb
8PvF3Qk/nXuYRIzBjQ2ykHc6MsX4YQdvRU1gI90JdHX+5y6PSrKGGm8O5AWxhRp6
Xl1Ev5Xs5vV8wCjcYp9FVpMmD+aGx06CtHaWkhQkMe7rhSxcoxASBZiMNvCl/kWC
D4wZ2Hvg5Fp3LqiEHfx3Kei8OSqnd/UaVRnLcMSkQ4B64ilkJbT036AbNNYCN0wW
saTSOxzEHzSrLvBvBm50n7v7f+jJCxnGPeeWxdW9dWXyXdAThTiKk/RtYp+0ZYv3
/FNdvNhJ24kjF7KE1NffHGVoYY4veoGISfV/TSeQ86GIjxF98yaV0ji0UonRYIo=
=aHth
-----END PGP SIGNATURE-----
damm swing
Sep 16, 2017, 3:46:35 PM9/16/17
to qubes-users
By the way, is it possible that some AppVM could compromise NetVM (e.g. by a hypothetical bug in Xen net backend) and then use the DMA attack?
Marek Marczykowski-Górecki
Sep 18, 2017, 5:41:00 PM9/18/17
to damm swing, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Sat, Sep 16, 2017 at 12:46:35PM -0700, damm swing wrote:
> By the way, is it possible that some AppVM could compromise NetVM (e.g. by a hypothetical bug in Xen net backend) and then use the DMA attack?
Yes, it is theoretically possible. See for example here:
> By the way, is it possible that some AppVM could compromise NetVM (e.g. by a hypothetical bug in Xen net backend) and then use the DMA attack?
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-023-2015.txt
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
igZOQMYVwzwa4bRvisoYtd1xn1/1e4yL7BWwmwKjEr5RhkTa5hI3+qOCw7DW7znU
zkHNwh3yEYBr52d4RWWMtDYGC01Kv+66zvZlCsetbmbyn768ltpyndQzyUgVDBOw
Z5zD61r+kTxg4YsIZuwfbtsyyKgfC2gEjQRYjr417V/RYINgcOl8XSlcEBClWssM
tqZZcAQ4DCzFakyZZI2cgxgW4Wn/3u7UJbO7TS5TCe/qaUq0YVBc1FMus32v4BxN
vgZ+XX+ZFb64hJwotPLP3u4R8VSWyOL/2ichE/snID5VUbw5o2oEOMdXLs6EFdo=
=0CkL
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages