On Thursday, January 11, 2018 at 3:57:50 PM UTC+1, Andrew David Wong wrote: > ## Qubes 3.2 > > For Qubes 3.2, we plan to release an update that will make almost all > VMs run in a fully-virtualized mode. Specifically, we plan to backport > PVH support from Qubes 4.0 and enable it for all VMs without PCI > devices. After this update, all VMs that previously ran in PV mode (and > that do not have PCI devices) will subsequently run in PVH mode, with > the exception of stub domains. Any HVMs will continue to run in HVM > mode.
Is this the shim-based approach from XSA-254? Then it should be made clear that the VM's will be more vulnerable to Meltdown: "Note this shim-based approach prevents attacks on the host, but leaves the guest vulnerable to Meltdown attacks by its own unprivileged processes; this is true even if the guest OS has KPTI or similar Meltdown mitigation." https://xenbits.xen.org/xsa/xsa254/README.which-shim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2ed7448b-7d79-479b-ba9f-85a5583bbbcf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.