Le mercredi 12 mars 2014 15:17:53 UTC-7, Marek Marczykowski-Górecki a écrit :
> On 12.03.2014 22:10, David Schissler wrote:
> > Is there a fundamental reason why VT-x is not or cannot be available from
> > within a AppVM or is it simply not implemented?
> 
> Both: Nested VT-x isn't implemented in Xen 4.1 (which is used in Qubes). It is
> available in newer versions (AFAIR 4.2+), but even then we don't want to
> enable it (at least by default). Is has quite complicated, so have large
> attack surface.
> 
> > Also is it true that VT-x is required for 64 bit guests? 
> 
> Depending on definition of "required". Technically it is possible to emulate
> 64 bit machine in pure software, but I haven't seen any implementation of it.
> 
> -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?

Is this still accurate (for R3.2 and/or R4)? Does the inability to use VT-x 
apply to HVMs or only to AppVMs? Is this state of affairs expected to change in 
the foreseeable future? (Any design considerations that might make it less 
unsafe?)

If I understand correctly, full/faithful hw-accelerated nested virtualization 
is not possible in Qubes, but vagrant using e.g. LXC backend could be used for 
development?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0570cdb1-1c12-446f-92ec-ece66d0d0396%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to