zlacker

[return to "What Is Qubes OS?"]
1. rkager+Nr[view] [source] 2022-07-09 19:48:10
>>LinuxB+(OP)
I was reading about Device Isolation but there's still something I'm not clear on:

Does the OS claim to prevent partially-trusted PCI devices linked to one VM from accessing memory of another VM? If so, how's that done?

I understand by default the hypervisor resets a device when it's moved from one VM to another, which would mitigate an evil device driver in the former from impacting the latter. But that doesn't protect from isolation breaches caused by evil [persistent] firmware.

I thought PCI cards have DMA access to all the system's memory space, unless you happen to have a server-type motherboard with a "smart PCIe bridge that can be programmed to perform address translation and access restrictions" (https://superuser.com/a/988179). Is such hardware more common now? Or does Qubes rely on all hardware you plug into it being trustworthy?

◧◩
2. Terry_+3k1[view] [source] 2022-07-10 04:57:46
>>rkager+Nr
If all the criminal elements on the internet including the dark web are actually the state, then worrying about device isolation is the least of your worries!
◧◩◪
3. nix23+qy1[view] [source] 2022-07-10 08:39:41
>>Terry_+3k1
>then worrying about device isolation is the least of your worries!

Like your microphone or cam?

◧◩◪◨
4. Terry_+Sb2[view] [source] 2022-07-10 14:54:40
>>nix23+qy1
Or operating system and hardware circuit design.
[go to top]