Another thought I had was to do binary translation of GPU instructions and/or Software Fault Isolation a la NaCl.
On Jan 20, 2018 10:29 AM, "Vít Šesták" < groups-no-private-mail--contact-me-at--contact.v6ak....@v6ak.com> wrote: > When Qubes gets a separate GUIVM, the risks of GUI virtualization could > become lower, because the GUIVM is expected to be more up-to-date (and thus > have recent security updates for the drivers) than the current dom0. > > The GUI virtualization should be optional (so user can choose the > reasonable tradeoff). This can be actually good for security provided that > the choice is informed. User that wants some GPU-insentive tasks will now > probably choose Ubuntu (or dualboot) over Qubes. None of them are better > choices than allowing to take some risks for some VMs. > > Before GUIVM is implemented, it probably does not make much sense to > implement GPU virtualization, because it would make additional maintenance > effort for ITL. > > GPU passthrough (that can be also used with some less secure approach of > GPU virtualization) might be a reasonable addition for some people, but not > as a general solution for all Qubes users, because external monitors often > connected to the dedicated GPU*. Not mentioning laptops with just one GPU. > (Those can be more common for Linux and Qubes users.) > > I foresee a GPUVM in VM settings (like today's NetVM in VM settings). > > Regards, > Vít Šesták 'v6ak' > > > *) I honestly don't know the reason for that. In the past, I had laptop > with three graphical outputs (screen, VGA and HDMI). Since the old > integrated GPU was able only two of them, it makes sense that one of the > outputs goes through the dedicated cards. The last time I checked, it > however looks like this should be no longer a problem. Today's Intel CPUs > seem to often support three displays (quickly verified on Intel ARK on few > random CPUs), while today's laptops tend to have just two outputs (internal > and HDMI). > > -- > You received this message because you are subscribed to a topic in the > Google Groups "qubes-users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/qubes-users/l2oqYEWpY-A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/3a20b39b-7ee8-43ca-9cfc-1d5e2ed26f18%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN9qXq71yxmUjSbTNutjWQV7ywDzYMjZcO6OqUrtc12qiA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
