-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-11-06 15:14, Chris Laprise wrote: > On 11/05/2016 04:46 AM, Joanna Rutkowska wrote: >> >> In the long term, we would like to maintain *full* isolation of most of the >> PCIe >> devices (so DMA and MSI capable) from the TCB (perhaps except for the MCH >> pseudo >> devs). >> >> This should be maintained throughout the whole boot process, starting from >> the >> reset vector. I don't think running Linux would allow us to achieve that. >> So, we >> should aim at keeping Xen, and in the future, when we have better firmware to >> work with (Coreboot?) make sure that at no point in time any of the untrusted >> PCIe, such as your WiFi NIC, can interfere with the boot process. >> >> joanna. > > Speaking of long-term, it would be interesting to know if ITL could consider > specifying a hardware platform where Qubes or a Qubes-like OS could operate > with greater consistency. The Qubes community currently spends most of its > time and effort trying to reconcile the OS with the whims and priorities of > Windows PC vendors. > > Even if its not realistic to build such a PC in the near term, having a > hardware (and firmware) specification that supports the objectives of Qubes > could be educational and garner interest from more hardware-focused people > and projects. It would also serve as a reminder of how (comparatively) > problematic most PCs are. > > Chris >
What you're describing sounds like the required specifications for Qubes-certified hardware beginning with R4.0: https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/ Or did you have something different in mind? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYH/LTAAoJENtN07w5UDAw2K0QAJwJthLjxrqLew+3wTDZWgTZ aqOgbuhzK7jLf1ORr5f12B3iy0dn8LdOcZ+168DJMlcGiJrWr6gJglFLV+STWytu rQw0eZgbdN+srnSIf0RnshOGHowo4NLwUp02IgYyWAQ9WY2K4IbYFP+UKgX98QaT Euhg1e3Dynjd8N1T9zeLk1034wpp8hq5rSIuKEfuq1MwN550e6CH0btUF/okR/VS 76k+TtkaZUAzfPzlKFwS61/LdA/OeP0k44xvKJKPOiNY7Jpwt+a6o9Wl59K1rrLg 7kWpn3VVmMz0v5JvailsSJ5Bie8Ijl+GQQQMA/YdTTMQqUYXGuNiIzHPNIIpzWUx M8fMDMY0PLFDkoh2G92YhGNpsMzkRC+yOivpR8QtDGyVdYf3Pc89HdlWVrVj9wJz imViTTiZZlod8cz3PjkhzJeOxond+2X4QJQi5h8L03KKDZf+ThB2Oy5mlKaJ1ZRx LhxN0cmz+bM1dhuuomg/NnH/vQu31k9eGZfIrblqdXoNNU/OofqQGBqoqFGKEjp2 PodXEdatXdPmnowUrOvExONvN6OKyukOxjXcywGgimOdiX2C7Wsowl14cIMy0xJb 5LEjFCCSI2lw3etp3AFRFKKu5/CxC5SmIvqxDv7ZStV0fzWpqghUfHw403gf4IyE hV9tdYQB0AHMygkRmtgd =3oMw -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/83e07971-45b6-8d83-0f65-2895e56c0151%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
