Question about qubes s hypervisor

[blacklight]

We all know well why xen was chosen as the hypervisor for qubes instead of kvm, since this has been stated in multiple places by the devs. But i wonder how feasable it would be to use bhyve as a hypervisor for qubes. Ive read that it only uses roughly 30k lines of code, so its smaller then xen which is good since less code means less attack surface right? and seems to support vt-d and vt-x. Also its made by the freebsd theme, which are known for the high coding standards. Would it be possible to run qubes with bhyve instead of xen? If not, why?

I would love some info on this :)

Greetings, blacklight447

[Jean-Philippe Ouellet]

I've looked into this possibility in the past.

Last I checked, bhyve's device models were required to be in the host
and ran with significant privileges. This may have been addressed by
[1], but I'd need to do more research to be sure and see what privs
they still run with.

Other things that would need to be done before it's a viable candidate:
- some XenStore equivelant
- some vchan equivalent
- expose shared mem for zero-copy framebuffers
- de-systemd-ification of dom0 things
and undoubtedly other things that don't immediately come to mind.

Definitely not a trivial task in any case.

Cheers,
Jean-Philippe

[1]: https://reviews.freebsd.org/D8290

[blacklight]

What i wonderd the most, if bhyve had these features, would it be a more secure hypervisor then xen for qubes? Since xen has the advantage of having a broader audience looking at the code for vurnablities, and bhyve has less lines of code to have vurnerablities in, i wonder what would be preferable for a secure hypervisor for qubes.

Cheers,

Blacklight

[Marco Silva]

How about hardware compatibility issues?