On Mon, Dec 11, 2017 at 4:20 AM, 'Blacklight447' via qubes-devel <[email protected]> wrote: > In https://github.com/QubesOS/qubes-issues/issues/2185 it is mentioned that > Qubes will be using PVHVM instead of PVH until the latter is completed. > Anyway I can't seem to find what the difference in security is when > searching the two of them up on the web. Could someone explain to me what > the impact of chosing PVHVM for now is and what the difference in security > is with PVH (if there is any), or point me in the right direction where I > can find this information? > > Friendly greetings, > Blacklight
Marmarek or HW42 could probably give you better answers, but the following is my understanding: The terminology is admittedly somewhat confusing, especially since Xen people no longer talk about a discrete set of virt modes but it's now thought of as more of a "spectrum". Right now (R4-rc3) we are using a mode where memory management is handled by hardware (SLAT), but QEMU is still involved in domain init and provides device models for VMs which don't use PV drivers. The goal in the future is to eliminate QEMU entirely, but this requires kernel support which AFAIK deemed not mature enough the last time it was evaluated for use in Qubes. Various names have been used for this (and similar) virt mode at different points in time: PVH/PVHv2/HVMlite/etc. You can find more info on the Xen wiki and in various Xen developer summit presentation slides if you're so inclined. The benefits to removing QEMU entirely are: 1) reduced attack surface (both because you can't exploit qemu to escalate privileges within the domain (relevant for VMs without passwordless sudo), as well as eliminating the PV hypervisor interface exposed to the *-dm domains) 2) decreased per-vm memory footprint (right now each running domain requires an additional ~140mb mem for its corresponding *-dm domain) 3) lower CPU overhead (right now each *-dm domain takes ~10-15% CPU, see #2849 [1], but even after fixing that there would still be some overhead) Regards, Jean-Philippe [1]: https://github.com/QubesOS/qubes-issues/issues/2849 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CABQWM_D1XXoGG9JCxyF_Q-XMVOO%3DWV61rjnLEhuOubsoqYOajw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
