On Sunday, November 13, 2016 at 3:05:17 PM UTC-8, Marek Marczykowski-Górecki wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Sat, Oct 22, 2016 at 10:50:53PM -0700, Trioxin wrote: > > As a developer, I see Qubes as an amazing opportunity to develop and > test > > my software on multiple operating systems from a central secure > location. I > > develop marketing software, games, and machine learning algorithms. For > a > > lot of that, I need to utilize my GPU (A Titan X Pascal). I haven't > > installed Qubes yet but I was doing research and all I could find was a > > thread here that started in 2014 and had one post from 2015. > > > > As a user, I must say that if my OS can't utilize my GPU in my OS, it's > not > > an OS I can use for day to day operations. I read about the security > > concerns and it's no more a concern that any other device you plug into > > your computer. The GPU isn't some gaping security hole. Today's > > motherboards and various other components have firmware scattered about > > your system. The GPU is no more insecure than them and it's a critical > > component of any computer. > > The GPU _is_ somehow special - not only because of its complexity, but > mostly because of the data it handle. If someone control the GPU, he/she > control what you see on the screen and can capture it (break privacy), > or replace it (break integrity). Of course in theory you could expose > only "subset" of GPU to particular VM (for example allow access only to > some predefined surface), but in practice (because of its complexity) it > is hard to do securely. There is XenGT project from Intel which tries to > do > something like this, but it isn't fully functional yet. > > The above mostly applies to shared GPU. If you have separate GPU and > want to assign it to just one selected VM, it should be possible in > theory right now. In practice - you've found already how it works... > This should be doable, but it isn't our top priority right now - we have > a lot of higher priority tasks... > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJYKPGoAAoJENuP0xzK19csPi0H+wZtTpKaQvewkcsPOm6Sluy4 > 60Pl9J2HRWISHJ9sI+EFQWSX1wxNW4rW4miryZwJgVHI++vyd8c234EbWtIm0DKc > JsF8qXgi1mGkNEObyFjdAF0c7CVRwPuxapv13WVZ2MuWnJ0YVZn15ev4dV4IgdrF > FTkkuQcYj2i8kwqmRO4QYQqx4WDS/hwbXGdwVG+Klu6ICNW/Ieoq2DqMnhBT/Qk9 > SfNnnuU+l/P3Hh6YZf2uJfqZKb2IN7kQIAofHAcQ5sRbc5DVOkovrooJangVQWiP > uDLFlsBw3kP61Cuhed4vgQtKOCI9LVKMbozneYPo90lWX2drNao1Wg69NFFMzHw= > =J2NS > -----END PGP SIGNATURE----- >
Sort of a shame, but I understand the issues and why it's problematic, and also that support for it is low on the priority list. A lot of higher end laptops have two GPUs these days, and for those of us with lower threat levels, gaming inside a Windows VM is still attractive. It can be disabled in BIOS usually to save power, but then it's just sitting there doing...not much. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ef6f4213-048c-40c7-ace4-e90a88651b3d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
