porting to ARM
216 views
Skip to first unread message
Ph.T
Jan 10, 2018, 1:55:47 AM1/10/18
to qubes-devel
I notice there is Xen for ARM but no qubes for ARM;
qubes Minimum is 64-bit Intel or AMD processor (x86_64 aka x64 aka AMD64)
that is because the recommended is:
Intel VT-d or AMD-Vi (aka AMD IOMMU)
(Intel® Virtualization Technology for Directed I/O (VT-d)
required for effective isolation of network VMs).
. is it true that ARM has nothing comparable to VT-d;
ie, no effective isolation of network VMs?
any docs to that effect?
Phil Torrance
qubes Minimum is 64-bit Intel or AMD processor (x86_64 aka x64 aka AMD64)
that is because the recommended is:
Intel VT-d or AMD-Vi (aka AMD IOMMU)
(Intel® Virtualization Technology for Directed I/O (VT-d)
required for effective isolation of network VMs).
. is it true that ARM has nothing comparable to VT-d;
ie, no effective isolation of network VMs?
any docs to that effect?
Phil Torrance
Joseph Taylor
Jan 15, 2018, 7:07:39 AM1/15/18
to dr....@gmail.com, qubes...@googlegroups.com
>. is it true that ARM has nothing comparable to VT-d;
ie, no effective isolation of network VMs?
any docs to that effect?
From what I understand ARMv8 introduced an IOMMU (referred to by ARM as SMMU) which provides more or less equivalent functionality to VT-d or AMD-Vi. There are limitations however - Xen support for ARM's SMMU capabilities is very new and probably experimental (a cursory Google search for ARM IOMMU Xen brings up only a Whitepaper from 2016 and some results mentioning only 2 of the 3 terms), and Qubes is built around a lot more than Xen, requiring a dom0 (which is currently an x86-64 Linux distro), domUs (again, currently x86-64 based) and all the Qubes glue to hold everything together. In order to support ARM the Qubes codebase would need to be ported to run over an ARM based version of Xen, an ARM based dom0, have ARM based domU templates made and have all of the native code ported to the new architecture.
The other problem is that Qubes is built around running on laptops and to an extent desktops, not phones and tablets. The UI would need a complete redesign and new tools would need to be built to isolate services not present on laptops like telephony. And if you intended to run an ARM based laptop on Qubes you're throwing away one of the most important reasons for Qubes even existing - backwards compatibility. Far fewer Linux packages run on ARM than x86, and it isn't even possible to run a Windows VM on ARM yet.
So basically, the hardware support is there, but due to limited developer time and limited utility no efforts have been made towards porting to ARM. That may change in the future - Qubes is built to be modular so that hypervisors and host OSs can be changed relatively easily, but at the moment the dev team is still polishing the system on x86-64, and the required dev time to both port to ARM, redesign the UI and develop new features to support the target platform (presumably phones and tablets) is unfeasible at this stage.
Ph.T
Jan 16, 2018, 11:10:16 PM1/16/18
to Joseph Taylor, qubes...@googlegroups.com
On Mon, Jan 15, 2018 at 5:07 AM, Joseph Taylor <tayl...@protonmail.com> wrote: ...
thanks for your reply Joseph Taylor;
when I first thought of ARM
I was hoping it was less backdoored than x86-64,
and less prone to #spectre;
but I had neglected to consider
how important Windows OS is to the Qubes team.
. another thought that came later,
is that the ARM port of Xen is less popular,
and thus less tested (major problem).
Phil Torrance
Reply all
Reply to author
Forward
0 new messages