Hi, I'm interested in how qvm-block and qvm-usb are implemented and in which way they interact in the USB drive case. Here is what i discovered about PCI Passthrough and USB Passthrough: >From [0] I read that Qubes OS uses VT-d (through [3] and [5]) to isolate >networking and USB controllers in domains. In fact lspci (in dom0) states that >the pciback driver is associated with those PCI devices. So dom0 handles only >the passthru, nothing more. [6] states that it's not possible to assign a single USB devices to a domain, because VT-d design. However I think that it's not updated because qubes-usb-proxy ([2]). From [7] and [8] I deduced that qvm-usb uses PVUSB ([4]) to passthru single USB device. >From [1] I read that qvm-block uses Xen block backed hosted in the UsbVM. >Initially I didn't find what it refers to. Then I found xl block-attach >command (from [2]). So I found [10] and [11].
So I concluded: - qvm-usb uses PVUSB. However Qubes OS's xl doesn't seems to implement usb-list and related. - qvm-pci uses Xen PCI passthru. So xl pci-attach and related. - Specifically for network: xl network-attach. From [2] I read that because [12] the attack surface is smaller in guest domain. So the security benefit. - qvm-block uses xl block-attach and related. - qvm-block is independent from qvm-usb, after that the guest domain detect the drive. Are these conclusions correct? [0] = https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf [1] = https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf [2] = https://www.qubes-os.org/doc/usb/ [3] = https://wiki.xenproject.org/wiki/Xen_PCI_Passthrough [4] = https://wiki.xenproject.org/wiki/Xen_USB_Passthrough [5] = https://wiki.xenproject.org/wiki/Driver_Domain [6] = https://www.qubes-os.org/doc/assigning-devices/ [7] = https://github.com/QubesOS/qubes-issues/issues/2144 [8] = https://github.com/QubesOS/qubes-issues/issues/531 [9] = https://www.qubes-os.org/doc/dom0-tools/qvm-block/ [10] = https://xenbits.xen.org/docs/4.6-testing/man/xl.1.html [11] = https://xenbits.xen.org/docs/4.6-testing/misc/xl-disk-configuration.txt [12] = https://wiki.xenproject.org/wiki/Xen_Networking -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/EzH_IgMoPWd_ziFRhS6XBjYigIlVgEUcdpECg5-TaHMMk2fhKUALwQf3omSW-M40L3oc9ULf4IITneu4hm4fbZaEZ6j21dFTSAaML4sJjBI%3D%40protonmail.ch. For more options, visit https://groups.google.com/d/optout.
