Google Groupes

Re: [qubes-devel] Generic CPUID Mask for AnonVMs

WhonixQubes 24 avr. 2015 13:18
Envoyé au groupe : qubes-devel
On 2015-04-24 1:04 pm, Marek Marczykowski-Górecki wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, Apr 24, 2015 at 12:54:36PM -0700, WhonixQubes wrote:
>> Generic CPUID Mask for AnonVMs
>>
>> Is this to be added to issue tracker?
>
> Yes, that's a good idea.
> Anyway I don't think it will be possible to implement this anytime
> soon,
> because of very limited support for HVM templates - especially you
> can't
> start the template and VM based on it simultaneously, which is required
> to update the whonix-gateway template.
> Most likely required features for this will be available in Qubes 4.0
> (see roadmap in Joanna's post).
>



Great! :)

Actually, if this changes things...

I don't think(?) we need the Whonix-Gateway as HVM, rather only
Whonix-Workstation as HVM, and keep Whonix-Gateway as PVM since it is
isolated from AnonVM workspace.

So for template updates:

Whonix-Gateway PVM TemplateVM could be launched with Whonix-Gateway PVM
ProxyVM.

Whonix-Workstation HVM TemplateVM could be launched with Whonix-Gateway
PVM ProxyVM.

Joanna also said:
"Thus, perhaps we should consider distributing Whonix workstation
template as an HVM template instead of a PVM one? Fortunately we do have
templates support for HVMs, so this should be perfectly possible."



>> Implement Xen CPUID Generic Profile for Whonix-Workstation HVM
>> AnonVMs.
>>
>>
>> >Xen has support for emulating CPUID for HVM guests -- take a look at the
>> >config examples in:
>> >
>> >xen-4.1.6.1/tools/examples/xmexample.hvm-stubdom
>> >
>> >I haven't played with it, but see no reasons it should not work. I can
>> >imagine we introduce a prefs for VMs (say "generic_cpuid" settable via
>> >qvm-prefs) that would be resulting in additional config for cpuid
>> >emulation inserted in the config file for such VMs. We would need to
>> >agree on good-enough-for-everybody CPUID config and stick to it then.
>> >Again, this would be use-able for anon VMs mostly.
>>
>>
>> Brought up and discussed with Joanna in this thread:
>>
>> - https://groups.google.com/d/topic/qubes-devel/EXrWFgEp5Sg
>>
>>
>> Especially:
>>
>> - https://groups.google.com/d/msg/qubes-devel/EXrWFgEp5Sg/w_j1XozM_sIJ
>>
>> - https://groups.google.com/d/msg/qubes-devel/EXrWFgEp5Sg/nNay9cfQ6GwJ
>>
>> - https://groups.google.com/d/msg/qubes-devel/EXrWFgEp5Sg/mLk6wmywl74J
>>
>> - https://groups.google.com/d/msg/qubes-devel/EXrWFgEp5Sg/SR-KMw4ngVcJ
>>
>>
>> Thanks!
>>
>> WhonixQubes
>>
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJVOqHWAAoJENuP0xzK19csXCEH/ArqyUAEiCz1/Nz2v2MVdgO2
> SPunf0Wjfr4TTij+CloMJQ95zoV/TznjRPqzHG+OvJyvouBgCrnf4iFnG+vMGW8J
> aIp24BpI50iNWRCTxdfe3vX78o9RBsmHsC0w9qhsRcF55E4f71ioQalikbrSOTLj
> e0AFpiV7h8V756nUntvhfChzaCf+bosnY0Zy2HAnEx2t4njIeDze5SERAyERW3kP
> RYzMKLBWFOiBCG3S4W9FLmwCnC93XAIUpzbxPZdpiBFXaj0ly4JONKzr17XwCULW
> 7ck0/DU5HySnLxSF2hRRcD02VXVbE8ae7hEInalOSU+jObMrgfpWjJKyZ8dbwZY=
> =Mds/
> -----END PGP SIGNATURE-----