Why is it not possible to securely virtualize the GPU?

On Sunday, January 14, 2018 at 6:08:37 AM UTC-5, Vít Šesták wrote:
> Qubes does not have GPU virtualization for security reasons. As a result, 
> additional GPU is used only in dom0 (od GuiVM in future). GPU might be useful 
> for:
> * additional output like HDMI (well, good luck…)
> * window manager acceleration (but integrated GPU usually does the job well 
> for less power)
> * GPU passthrough to a VM (It might work, but it is not officially not 
> supported and much work will be needed. Also, if the VM can rewrite GPU 
> firmware, the GPU can perform a DMA attack during boot.)
> When selecting my last laptop, I've decided to choose one without additional 
> GPU. First, I don't need it much. Second, it adds some hassle. It would be 
> ideal to have it switched off in order not to comsume power (=> lower heat, 
> more quiet laptop, better battery life). On the other hand, I remember having 
> HDMI output wired to the additional GPU, which was rather PITA. I was able to 
> get it somehow working on my old laptop, but it used to crash X11.
> HDMI through additional GPU will reportedly get better with Wayland, but we 
> are not there yet.
> Regards,
> Vít Šesták 'v6ak'

