Qubes for ARM

[anshul makkar]

Hi,

Anyone aware of any link/resource etc where QUBES has been ported to ARM ?

Thanks
Anshul Makkar
www.justkernel.com

[Igor Bukanov]

As XEN 4.3 has been ported to ARM and one can get it running on
Samsung Arm Chromebook [1], I suppose porting Qubes is theoretically
possible. But first I guess one would need to port Qubes to Xen 4.3.


[1] - http://lwn.net/Articles/558254/

> --
> You received this message because you are subscribed to the Google Groups
> "qubes-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-devel...@googlegroups.com.
> To post to this group, send email to qubes...@googlegroups.com.
> Visit this group at http://groups.google.com/group/qubes-devel.
> For more options, visit https://groups.google.com/groups/opt_out.

[anshul makkar]

Qubes support one exclusive feature of App VM where each App runs in its own small VM space.. This, is not true for Xen.. I wanted to utilize that feature on ARM .

[Joanna Rutkowska]

On 09/25/13 10:50, anshul makkar wrote:
> Qubes support one exclusive feature of App VM where each App runs in its
> own small VM space.. This, is not true for Xen.. I wanted to utilize that
> feature on ARM .
>

What you say is not correct. Qubes doesn't use any special "VM space"
for running apps.

joanna.

>
>
> On Wednesday, September 25, 2013 11:31:26 AM UTC+5:30, Igor Bukanov wrote:
>>
>> As XEN 4.3 has been ported to ARM and one can get it running on
>> Samsung Arm Chromebook [1], I suppose porting Qubes is theoretically
>> possible. But first I guess one would need to port Qubes to Xen 4.3.
>>
>>
>> [1] - http://lwn.net/Articles/558254/
>>

>> On 24 September 2013 10:51, anshul makkar <anshul...@gmail.com<javascript:>>

>> wrote:
>>> Hi,
>>>
>>> Anyone aware of any link/resource etc where QUBES has been ported to ARM
>> ?
>>>
>>> Thanks
>>> Anshul Makkar
>>> www.justkernel.com
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>> Groups
>>> "qubes-devel" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>> an

>>> email to qubes-devel...@googlegroups.com <javascript:>.
>>> To post to this group, send email to qubes...@googlegroups.com<javascript:>.

[anshul makkar]

Thanks Joanna for the reply.

Ah, but in presentation http://www.youtube.com/watch?v=0pPf1F1RGF8, one of the slide showed "APP VM"  which gave me illusion as each app will run in a separate VM .. (Just like Bromium has done).

So , it means in QUBES we have a trusted domain (template domain) where the host OS and applications are installed and other untrusted domains (user created) where these applications are used. Each single domain (which can have multiple apps) corresponds to each separate VM ?

Thanks

Anshul Makkar

www.justkernel.com

--
Thanks
Anshul Makkar
www.justkernel.com
http://www.linkedin.com/groups/Just-Kernel-3033180

[Joanna Rutkowska]

On 09/25/13 11:26, anshul makkar wrote:
> Thanks Joanna for the reply.
>
> Ah, but in presentation http://www.youtube.com/watch?v=0pPf1F1RGF8, one of
> the slide showed "APP VM" which gave me illusion as each app will run in a
> separate VM .. (Just like Bromium has done).
>

A wrong impression. I suggest you go and read the Getting Starting Guide
first, before posting to the developers list and spread confusion:

http://wiki.qubes-os.org/trac/wiki/GettingStarted

The very first paragraph there states:

"It's not true that every app runs in its own VM -- that would be a big
waste of resources. Instead the VMs represent security domains."

joanna.

[anshul makkar]

Ok. Thanks Joanna and sorry for making noise.

[Ph.T]

"It's not true that every app runs in its own VM -- that would be a big
waste of resources. Instead the VMs represent security domains."

. however, as JR pointed out in that youtube presentation[1]

 if you do have an app that needs a different security domain,

you can install that in a separate vm template .

. so in addition to the one browser template,

I can also have a gamer's template,

and another for a developer's template .

. that's like 5GB per template,

not a lot of wasted resource .

1: http://www.youtube.com/watch?v=0pPf1F1RGF8

--
You received this message because you are subscribed to the Google Groups "qubes-devel" group.

To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.

Visit this group at http://groups.google.com/group/qubes-devel.
For more options, visit https://groups.google.com/groups/opt_out.

--
Americium Dream Documents
"(real opportunity starts with real documentation)

[Axon]

On 10/04/13 07:22, Ph.T wrote:
> "It's not true that every app runs in its own VM -- that would be a big
> waste of resources. Instead the VMs represent security domains."
> . however, as JR pointed out in that youtube presentation[1]
> if you do have an app that needs a different security domain,
> you can install that in a separate vm template .
> . so in addition to the one browser template,
> I can also have a gamer's template,
> and another for a developer's template .
> . that's like 5GB per template,
> not a lot of wasted resource .
> 1: http://www.youtube.com/watch?v=0pPf1F1RGF8
>

Well, you have a couple of options. You could, as you say, create a
separate template for each program (which would indeed use a lot of
storage space). Or you could install all of the programs in the same
template but create separate AppVMs for different activities (which
would be very space-efficient). Of course, you could also do a
combination of both, which is, I think, what most Qubes users do.

The reason that it's acceptable, from a security point of view, to
install a bunch of different applications in the same template (even if
different security domains all use that same template) is that we only
have to trust that their installation scripts aren't malicious. As far
as the template is concerned, we don't have to trust that the programs
themselves aren't buggy and exploitable in some way, since we don't run
them in the template. We only run them in, well, whichever AppVMs we
choose to run them in. So, we might have a higher-security domain in
which we don't run those programs, and a lower-security domain in which
we run them, even though both are based on the same template. This gives
the user a great deal of flexibility in deciding how they would like to
make the trade-off between security and space-efficiency. It also
lessens the impact of that trade-off by allowing the user to have both
to a greater degree than is possible in other operating systems.