-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, Nov 30, 2020 at 03:59:21PM -0800, Lucas Zanella wrote: > > This project: > https://github.com/Fmstrat/winapps/ > <https://github.com/Fmstrat/winapps/issues/112> > does what Qubes do to Linux and Windows 7, but to Windows 10 on KVM, by > using RDP. Not the best approach but no one is working on the Windows 10 > port of the windowing thing.
Thanks for the info, this is quite useful. > Maybe some people could work on porting this > to Qubes, and maybe some prople from Qubes could direct funds to this. > I even opened an issue about this: > https://github.com/Fmstrat/winapps/issues/112 > I miss using Windows properly when I work on Qubes. > > Would be nice for developers to at least know about the existence of this > project. Sorry if not the proper place. This is a perfect place for this thread. I think we did evaluated built-in RDP server before for extracting application windows and that feature was available only with server Windows licenses, at that time (Windows XP / Vista / 7). Perhaps something have changed since then. Using RDP directly isn't something we want to do, as it's quite complex protocol and a risk of the server attacking the client is too high. When integrating this into Qubes, I can think of a few methods: 1. Have some "proxy" Linux VM that on one side connects to the RDP server and on the other exposes windows as we do on Linux. 2. Integrate RDP client into existing gui-agent-windows instead of using custom graphics driver (that is incompatible with Win10). 3. Learn what API RDP server uses to extract individual windows and use that API in gui-agent-windows. The first one is the easiest, although probably the slowest and also require extra RAM for that VM. That VM probably can be quite small (200M?) but still. In some threat models it could be also combined with other stuff, but that reduces isolation. The second option reduces memory footprint from "one Linux VM" to "one Windows application", but requires some development on the gui-agent-windows side. Some of it possibly could use freerdp code (if licenses are compatible, which I believe they are). The third option would be IMO the best one, but requires substantial research (and depending documentation availability, quite likely reverse engineering some parts), in addition to development similar to the second option. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl/FqOAACgkQ24/THMrX 1yzKpwgAg7ftuicZi133jbndjoSm8Vg0SARU+0Pt5J78vHymk6oAxZbXmQVSq8oz AVn3EaJp/xWtUVcY5LnHT7eHMX+73ddp3YUoVzJK86hzrTcKjJ7Zr6xFbbgvAHcc Y0iz34pz74x4PaHSG2NyBMGMONojdMWizufuAC3usewH2B4AG9Xt4P5HhxjOQjqJ /j4+rEkc6YqKKsbsUU1W8modolQwxGxG555QV2EI6438VonOhAmLjI3rxHO2uZth +3U0eOJwWVxpFs09VwB1vnsT7uUp9Ddr7yjJetP687k7pmKYwOLo7Uj9sn9yIb/I x4PkGz1Sj6GD6Drn3YQWLAR4YjimtQ== =onUd -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20201201022225.GF201140%40mail-itl.