On 11/05/2016 04:46 AM, Joanna Rutkowska wrote:
In the long term, we would like to maintain *full* isolation of most of the PCIe devices (so DMA and MSI capable) from the TCB (perhaps except for the MCH pseudo devs). This should be maintained throughout the whole boot process, starting from the reset vector. I don't think running Linux would allow us to achieve that. So, we should aim at keeping Xen, and in the future, when we have better firmware to work with (Coreboot?) make sure that at no point in time any of the untrusted PCIe, such as your WiFi NIC, can interfere with the boot process. joanna.
Speaking of long-term, it would be interesting to know if ITL could consider specifying a hardware platform where Qubes or a Qubes-like OS could operate with greater consistency. The Qubes community currently spends most of its time and effort trying to reconcile the OS with the whims and priorities of Windows PC vendors.
Even if its not realistic to build such a PC in the near term, having a hardware (and firmware) specification that supports the objectives of Qubes could be educational and garner interest from more hardware-focused people and projects. It would also serve as a reminder of how (comparatively) problematic most PCs are.
Chris -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/c9871047-d12c-abea-9145-028c65a273df%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
