-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01/17/2017 11:14 AM, [email protected] wrote: > I'm not a Xen expert, so don't flog me too harshly, and I did > search the posts for this subject, but couldn't find it. > > There is a painfully well known problem of having to "trust" Intel > to properly implement their "Intel Management Engine". Only very > recently has there been a hardware solution to fixing that problem > on more recent chipsets, however, I have not heard much from the > Qubes community on this point. Reference: > http://hackaday.com/2016/11/28/neutralizing-intels-management-engine/ > > Xen is capable of booting a VM with its own BIOS. Why would it not > be possible, for extreme privacy cases, to Xen virtualize Qubes > (nested VMs) such that IME does not matter, as IME would only > affect Xen on the hardware, not the VM with the open source BIOS > which is running Qubes. Reference: > https://wiki.xenproject.org/wiki/Hvmloader
Well it doesn't matter what you try to achieve in a top level VM if the lower layers (AppVM -> dom0 -> Xen -> EFI/BIOS -> Hardware) are powned. Lower 'layers' always owning the higher ones in any case. This is something that most of the people out there not takes into account (and/or do not care about) - -- Zrubi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYfgVFAAoJEH7adOMCkunmyQsP+QGLXmncVjEcHOZJjX1VgLpS HUhOQoK9hCXzOpI1YiHpNGuA17YSBEgXB0TXxCwKk5If2voJiwde5ixysnnukqZL 4LFVu/D2vd+VyoJFwTQ7dO5dosIm66axin7TbXE4ejagKWYmDURhyEzkvKmiqz8q ReJT4yy4xLwO8dtFh4E1hidvLVQ6jg6HGFww6ZenHDt15AHY7iMbd6pfoybDMyXH Uifaqi/S8EMJjX9d3InR4rndYPRU8F0bl2W30aoq0raEisxuYAhauIBCb8jBFh6L /XfE8oaWcsEt3M3TpNvU0TuWDQuHZqiorVuYfFsfliJDA96mPwbikiVNpc5HwcCJ 32r9Sim45It5A0clts6ub4nPtCy04Y6QaucA/nMAWclrud/bLxjaMujBwNDQX0XQ Vwtr02wFkCKMyMjdse4uLZDeKAaHJRkrkBrhXehPMiTXYjvcx15Wp934o2VV7yPD 1v+tukvHMkbbPu03XjExRGoJs6a+3yrkHDQuNTOkEmOHZ2224GoyX0sSLX021enf 8FxXX6XkxWT/pSOpl5Gfa7kSaK9Nm8S1Q/bPFvS1gVX4rqB4MltXulXicAfBH1eU b2iuj2Yn6Za6kSxcf9SM328cF9DIavSvns+7omOb/K8sE0e3hAvFw2xsPYPsnJES tq8h2CGcFFgEFMB4JiUF =ygdh -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a32281a-a3af-b725-0748-03e5151a4ba4%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
