On 08/16/2018 10:18 AM, FaB wrote: >> >>>> Hi, Taiidan! The OP seemed to recognize it was ideal to have devices in >> >>> separate IOMMU groups, so I assumed he was familiar with the warnings in >>> https://www.qubes-os.org/doc/assigning-devices/#pci-passthrough-issues and >>> just wondering if it was technically possible. > > I am fully aware of the security problematics of PCI passthrough, but until > there is a secure solution to passthrough GFX to a VM (Qubes 4.1 I hope !) > I am going to continue this way and accept the security decline.
There won't really be. The issue mainly comes from: * Hostile firmware re-writes. * Lack of FLR on most graphics devices. * The additional complexity of IOMMU-GFX assignment vs regular IOMMU assigned devices like a network device or HBA. It isn't that bad if you only assign a single card to a single VM and if you need it you need it. Practical reality is that short of being assange or some other very high profile person no one is going to waste such a high tech exploit on you when there are much easier ways to go about things. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d956988e-d697-3585-0468-adfa912f6c19%40gmx.com. For more options, visit https://groups.google.com/d/optout.
0xDF372A17.asc
Description: application/pgp-keys
