zlacker

>>jfreax+(OP)
Does anyone know if PCI passthrough works so we can play games inside a windows vm? Some user already asked this on the mailing list but got no answer. [1]

[1] https://groups.google.com/forum/#!topic/qubes-devel/MfHy2jmX...

>>redtue+FA
Qubes uses Xen and thus PCI passthrough for gaming can be made to work through the same procedures necessary for any other Xen+Linux OS.

But PCI passthrough for gaming isn't a great fit for the Qubes security model: it requires trusting that the Windows guest cannot compromise the GPU you loan it, which makes it a much bigger risk than an ordinary AppVM.

>>wtalli+HB
I thought the PCI passthrough security model assumes that the guest does compromise the GPU, and the guest-controlled GPU is isolated from the rest of the system using the IOMMU.

Do you mean these controls are porous by design or are you talking about bugs in the IOMMU protections?

>>zurn+r31
First of all guest can easily update firmware on that device. As stated before GPUs are really complex devices and some part of them might be badly documented, like there is whole HDCP / DRM support that isn't documented at all. Of something like that happen you'll never find out.

Next time your PC going to boot your GPU will be initialized with host BIOS / UEFI long before kernel get possibility to limit it with IOMMU.

>>SXX+1b1
Interesting point. I hope this threat is something GPU vendors address, since secure virtualized GPU access has been a marketed feature for a while (at least from AMD). Quick googling drew a blank sadly.