-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, Oct 02, 2016 at 01:25:19AM +0000, Adin Kapul wrote: > Hi, > > > > I am curious what prevents (even if not completely untrusted) implementation > of a storage driver domain. > > > It is discussed in the architecture document, and has been alluded to by > Joanna, so I'd assume that this is an eventual aim of the Qubes project. > > > > The process is relatively simple on stock Xen, and Qubes already supports > using AppVMs as storage driver domains to serve locally-stored images (just > as Dom0 stores guest images) to other guests, so I'm curious what obstacles > there are to implementing this for the main guest storage, or is it simply a > case of it not being a priority and no one having worked on it?
Moving all the storage to separate domain means that dom0 have no direct access to hard drive. This makes boot process much more complex - for example dom0 also needs to be booted somehow - to start that storage domain. This, to be meaningful in any way, require working trusted boot. And given problems with Intel ME and TXT implementation, there is no hardware providing it. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJX8hfxAAoJENuP0xzK19cs4BsH/RmG7u21gSVHvxDLr7ugyuB0 i6fNQkj+bYymjX+76pFAHmiIhVYMR5V1AYZjNSZ0O4T7dXVGpvmIjrgZ3vK00SNA tHEvQ2N4SvY8uo7BPQMjvtjM+crVQTaMVa8mKKzzBWLSj2DxBI1c5PtwC8Y12dgQ 7FimTWbgEIZhiOshwoJU2euwZUKVpXXgA5VLSTubY5WuqK1tiE8WyxhLizq5iigy 0PE9FNPV5t6oG6K8MrqloSt2PdZybrsH6vqvOQ20k2Gnf4MHBSzSkH2T9lVNCNKF TnGiNaUUAvr2jqGIrWOO2ADed8NqKumq/RS1JjoTDzLa2n0T2ft3rNgR+oa3BWM= =rDhQ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161003083353.GC7105%40mail-itl. For more options, visit https://groups.google.com/d/optout.
