On Saturday, December 16, 2017 at 3:25:46 AM UTC+1, Yuraeitha wrote: > Aight, so the idea of this thread, is to get an overview of where we stand, > that is, how far are we away from archiving GPU Passthrough on Qubes. > > The underlying reason it's currently not working, appears to be because of > its current state a virtual GPU for a specific VM, would require direct > access to dom0. This is deemed a serious security threat breaking a central > pillar of what Qubes is all about, attempting to isolate dom0 as far as > possibly possible. Therefore, from what I can gather, what we need is virtual > GPU operating from an underlying DomU stub-domain, preferably, one separated > from another DomU stub-domain, which holds the important and critical VM data > and user operations. Thereby it's not only about single virtualization > anymore, but also about group segmenting and isolating entire virtual > stub-domains. That means, one group of VM's is isolated from another group of > VM's. Please correct me if I'm wrong here, it's great for the discussion to > have the most accurate information. > > Here is a scenario that stresses the above, > https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA > Managing to make GPU passthrough work, but only by passing it directly to > Xen, instead of Libvirt, which in turn, exposes dom0. > > Initially, this is all the reasons I can think of for wanting V-GPU. > - Heavy graphic designer job or hobby (movies, animations, etc.). > - Running Qubes on many screens at desk. > - Extending a single Qubes machine around the house or company, using > multiple of screens, keyboards/mouses or other thinkable means. > - Gamers who take security and privacy seriously (there is surprisingly many > of them out there). > - Cryptocoin miners who wish to utilize a single machine for all round > purposes. > - Using a qube as a streaming TV, and want good graphics for the specific > TV-VM. For example 4k or even 8k+ or more on multiple tied screens. > > Some of these are exotic and probably not many around use them, however, > others are quite common. Whichever the case, it's all scenarios with a common > problem. The point here, is to underpin the possible use-cases. > > > > I must be tired, I initially wrote 'qubestions' instead of 'questions' > here... > aight, so possible questions for the discussion. > > - What would it take for Qubes to obtain stubdomains in a feasible means to > allow safe GPU Passthrough? > - Are there other problems that needs solving too? If so, which ones? > - What is the grand big picture status between the above two questions? > - Are there currently any plans for any of these required implementations? > For example Qubes stub-domains in Qubes 4.1? Qubes 5? or are they still > unplanned? If planned, or in part planned, like only halfway there, then, > what are these plans? Please elaborate. > - Other possible questions you can think of. > > > I'm sure there are aspects I did not think of, but that's fine, after all, > this is a discussion. This initial post is just to kick it off. The purpose > is to combine information that a few selected individuals might be sitting > on, with the many users who do not know about the current state. Thereby, > building community awareness of the current situation. Whatever you got to > say, or ask, about GPU Passthrough, this thread can be used for that! The > only limitation, is that it is a discussion, and not a place to ask how to > get your own specific case of GPU Passthrough to work. It's a general, meta > discussion. > > What is your thoughts on the matter?
Just to add a use case is all developers doing something including the gpu. I found Qubes OS the other day and installed it on a secondary pc. It seems great, and besides the security concerns it also gives a great way to organize the computer. To keep work, private and open source projects separated. I work on TilelessMap, an open source project to keep huge amounts of map data locally (linux, windows or android). Can be view as a privacy project since it makes you independent of connection which reveals what maps you are interested in (where you are in other words). https://github.com/TilelessMap It renders the map in openGL som I have a problem adopting Qubes OS on my primary laptop. But I would really love to do it. write this just to point out that it isn't just gaming that is the use case. Anyway, Qubes OS looks fantastic, for more or less anything else. Thanks ! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6508adf7-c40f-4909-89ea-de3a13b903b2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
