-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Apr 24, 2015 at 01:18:10PM -0700, WhonixQubes wrote:
> On 2015-04-24 1:04 pm, Marek Marczykowski-Górecki wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >On Fri, Apr 24, 2015 at 12:54:36PM -0700, WhonixQubes wrote:
> >>Generic CPUID Mask for AnonVMs
> >>
> >>Is this to be added to issue tracker?
> >
> >Yes, that's a good idea.
> >Anyway I don't think it will be possible to implement this anytime soon,
> >because of very limited support for HVM templates - especially you can't
> >start the template and VM based on it simultaneously, which is required
> >to update the whonix-gateway template.
> >Most likely required features for this will be available in Qubes 4.0
> >(see roadmap in Joanna's post).
> >
>
>
>
> Great! :)
>
> Actually, if this changes things...
>
> I don't think(?) we need the Whonix-Gateway as HVM, rather only
> Whonix-Workstation as HVM, and keep Whonix-Gateway as PVM since it is
> isolated from AnonVM workspace.
>
> So for template updates:
>
> Whonix-Gateway PVM TemplateVM could be launched with Whonix-Gateway PVM
> ProxyVM.
>
> Whonix-Workstation HVM TemplateVM could be launched with Whonix-Gateway PVM
> ProxyVM.
Indeed, so this makes the things much easier. There are still some problems,
but much easier to solve. For example our current libvirt does not allow
to pass kernel cmdline to HVM[1], but this is a minor problem.
[1] Discussion on this here, somehow stalled...
https://www.redhat.com/archives/libvir-list/2015-March/msg01127.html
> Joanna also said:
> "Thus, perhaps we should consider distributing Whonix workstation
> template as an HVM template instead of a PVM one? Fortunately we do have
> templates support for HVMs, so this should be perfectly possible."
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVOqdfAAoJENuP0xzK19csVjoH/0a3dNp1MQCF5gfJTBx6PbyL
zy3evBTIfTCizBJ7+C+ooUeSfnWkuFfWP3PqqYkwQ88PJHIwDhhNEO99XsGdh1ym
0YCRwYNNtqaC/J9SH8h/5GUOD9V6O+ldcF3LLCbIY7mYhVkhiQr77c8iUe0b3lJR
fy9MnYrQI3teuU/Oo49TVA14XcFMzAYv3krDBJk+ZxliODZrzjGU7CGCKAquBUTm
ziSzIdy96CfsfFrFetMN4ZBySs/DIeoh0vcnqgxft8snq+Bs3zy3ftrMcuLzxIch
zM+njmsWuscXfILRUUkjHTfZHMoQi25SPYjFhvNjyYtx1SMBporPE8Di9ytlda0=
=5cpi
-----END PGP SIGNATURE-----