It is really nice to have someone working on this!

On 2020-08-01 17:39, Jason M wrote:
>     One thing to consider is also enabling memory deduplication in KVM
>     (KSM). This should nicely save memory when running multiple similar
>     VMs,
>     but at the same time is risky in light of speculative execution and
>     also
>     rowhammer-style attacks.
> Personally I would be concerned of the risk, but I guess it could be an
> option for users with low memory.

Just for mention some idea (pretty off topic), I think that this kind of
security risk could be highly reduced with a simple Qubes RPC which
pauses all (or near all) running VM's when some critical data is
unencrypted in memory.

In example, a cold electrum wallet with an offline VM (priv-vm) with
encrypted private keys and another with just public keys:

- When you want to sign a transaction on the offline VM, it requests to
dom0 to stop the another and waits.
- dom0 pauses all needed VM's (maybe asks for confirmation)
- priv-vm now asks for the password of the seed, decrypts it, signs the
transaction and wipes the memory.
- finally it tells dom0 to resume all VM's again.

I am not sure if it is a pretty crazy idea.

You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To view this discussion on the web visit

Reply via email to