I've been reading about Qubes OS for the past few days, and I came across the blog post below, detailing the switch from paravirtualization to hardware-enforced memory virtualization in Qubes 4. As I understand, the switch is intended to improve security (and avoids the overhead added by conventional hardware-assisted virtualization by using SLAT).
https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/ However, I noticed a few people voicing privacy concerns regarding the switch from paravirtualization to hardware-enforced memory virtualization. Here's one such comment, taken from an r/privacy Reddit thread. "Qubes v.4 does concern me though. I am NOT an expert here so I dont want to spread bad info but: Qubes 4 plans to ditch paravirtualization in favor of hardware-enforced memory virtualization (which I will call HEMV though I dont think it has an official acronym). This is good from a security standpoint- paravirtualization is vulnerable to code exploits (2 have happened to Xen, though never in the wild, KVM/Virtualbox/VMware have all had exploits), while HEMV is not. However, HEMV makes the profiling of hardware easier to accomplish. Given the recent spat of articles that talk about hardware profiling being used as a means to profile and track users, you can understand the basis for my concern- paravirtualization makes hardware profiling impossible unless an exploit is found to defeat it." Does this hold any water? Does the switch from paravirtualization to HVM/SLAT degrade privacy by allowing easier hardware fingerprinting? Sorry if this question has been asked and answered before; I searched around for a while, and found none. Also, feel free to correct me on anything I got wrong. Thanks! :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13b891e1-db96-462c-8410-f024fcf684e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
