On Tue, Apr 4, 2017 at 11:35 AM, Hack <mistermys...@outlook.com> wrote: >> Dear Qubes community, >> >> We have just published Qubes Security Bulletin (QSB) #29: >> Critical Xen bug in PV memory virtualization code (XSA-212). >> >> [...] >> >> Discussion >> =========== >> >> This is another bug resulting from the overly-complex memory >> virtualization required for PV in Xen. As we announced last year [5], >> the upcoming Qubes OS 4.0 will no longer use PV. Instead, we will be >> switching to HVM-based virtualization: >> >> | One of the most important security improvements that we plan to >> | introduce with the release of Qubes 4 is to ditch paravirtualization >> | (PV) technology and replace it with hardware-enforced memory >> | virtualization, which recent processors have made possible thanks to >> | so-called Second Level Address Translation (SLAT), also known as EPT >> | in Intel parlance. SLAT (EPT) is an extension to Intel VT-x >> | virtualization, which originally was capable of only CPU >> | virtualization but not memory virtualization and hence required a >> | complex Shadow Page Tables approach (which we believed back then was >> | actually less attractive than the PV approach). We hope that embracing >> | SLAT-based memory virtualization will allow us to prevent disastrous >> | security bugs, such as the infamous XSA 148, publicly disclosed in >> | October of last year, which unlike many other major Xen bugs >> | regrettably did affect Qubes OS. Consequently, we will be requiring >> | SLAT support of all certified hardware for Qubes OS 4 and later. > > > Does anybody know about Ryzen SLAT support?
See https://groups.google.com/d/topic/qubes-devel/LRKd_rK2lXc/discussion -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_B0GkgCQGBxh_Krx5iUwbdEKZ1oWAJTHR692vC5Ao3WjA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
