Hello,
> >
> >> The threat model is pretty similar to Qubes' Trusted PDF feature.
> > Not quite. The PDF processing happens in a throwaway VM, whereas here
> > the video processing as done today happens in dom0.
>
> I was suggesting the compression could be done in an appVM... it should
> be trivial to do so.
>
> The result is supposed to be a sanitized, trusted document. I think this
> is about as realistic for video as it is for PDFs.
>
I was able to do the following, which I believe is more in line with Qubes'
philosophy and allows recording of screencasts using *any* software running in
an AppVM *and* realtime streaming (desktop sharing - but view only) on
teleconferencing software.
Here's the outline of the solution:
- Install and load v4l2loopback on the AppVM you want to record/simulate cam
- Capture the screen on DOM0 using ffmpeg -f x11grab -f rawvideo
- Open a qubes-rpc channel to an AppVM
- Send the stream to /dev/video0 on the AppVM, enconding to the appropriate
format.
Basically, the following script on DOM0:
******
#!/usr/bin/sh
qvm-run -p \
--localcmd="/home/matheus/ffmpeg-static/ffmpeg \
-f x11grab -r 15 -s 800x600 -i :0.0+0,0 \
-pix_fmt yuv420p -threads 0 -f rawvideo -" \
untrusted \
"sleep 3 ; /home/user/Downloads/ffmpeg-static/ffmpeg \
-f rawvideo -s:v 800x600 -pix_fmt yuv420p -re -i pipe: \
-f v4l2 /dev/video0"
******
The trickiest points (for me) were to compile and install v4l2loopback as a
kernel module on the template-vm (I had unmatching kernel version and headers
installed - had to manually download and install the headers to compile it) and
discover the combination of ffmpeg that would deliver the correct image.
Ideally, we could "extract" the x11grab code from ffmpeg and write a simpler
utility that only grabs the screen and redirects all the output to the RPC
channel, removing the need to bring ffmpeg into DOM0.
If that utility were built into a qubes repo I believe that would pretty much
eliminate any attack vectors (as DOM0 is only being used as an input source to
another AppVM which does the heavywork encoding and streaming the data).
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ee3c3334-3120-408e-ab1e-bed0cbe2601a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
