How I can define, that VM1 is running exclusively the CPU1..4?
(and so all other VM's will run on CPU core 5..8)
This would prevent the data leaks due to covert channels via cpu caches.
https://www.qubes-os.org/doc/data-leaks/
Kind Regards
could it be that with some real-time OS features, it will possible to splitt the Cores of an CPU in two clean domains?
This would lead to a better latency performance for real time communication, like skype and for some "air-gapped engines" inside Q.
Kind Regards
real crypto works always with air-gapped machines.
PC0 handels all encryptions (PC0 is sheltered)
PC1 is the achive
The charme of this solution is, that the risk of bit-leaks, of the crypto keys can mitigated.
In qubes I could use a dual CPU system.
CPU0 handels all encryptions in all CyptoVMs (PC is sheltered)
CPU1 is the power-support for all other VMs
How I can make sure that all CyptoVMs are powered by the cores of the CPU0 and all others by the CPU1?
Kind Regards
P.S. Optional would be the (external) "crypto-chip" solution, like a FPGA board.
How I can configure Qubes that all black VMs are running under CPU0 and all other VMs are running under CPU1?
That would be cool!
Kind Regards
would be the Intel Skylake Technology SGX a solution, so that the keys cannot be read from the crypto processes?
https://github.com/01org/linux-sgx
Kind Regards
the idea is, if crypt-methods may help...
E.g. can holomorphic encryption be used to do all the crypt-key calculation on encrypted data (instead of the plain-text of the key) - so "nobody" can leak key-bis, also if N VMs work in parallel?
Kind Regards