Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks

2018-01-10 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-01-08 12:35, taii...@gmx.com wrote: > Is there any news on a fix or work-around coming for 3.2? > > Converting all the templates to HVM is doable and would greatly > improve security, in light of the severity of these exploits I see > no

Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks

2018-01-10 Thread 'awokd' via qubes-users
On Wed, January 10, 2018 10:21 pm, Vít Šesták wrote: > Meltdown can be mitigated by using HVM/PVH. If you look at the XSA, they > also have prepared PV-in-PVH mode that mitigates it also for PVs. (This I pointed this one out too last week, sounds interesting. > probably won't work for CPUs

Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks

2018-01-10 Thread Vít Šesták
Meltdown can be mitigated by using HVM/PVH. If you look at the XSA, they also have prepared PV-in-PVH mode that mitigates it also for PVs. (This probably won't work for CPUs without VT-x/AMD-v, but those are rare today. It also probably won't work for VMs with PCI devices if system does not

Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks

2018-01-08 Thread Yuraeitha
On Monday, January 8, 2018 at 7:36:05 PM UTC+1, tai...@gmx.com wrote: > Is there any news on a fix or work-around coming for 3.2? > > Converting all the templates to HVM is doable and would greatly improve > security, in light of the severity of these exploits I see no reason not > to do it

Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks

2018-01-08 Thread taii...@gmx.com
Is there any news on a fix or work-around coming for 3.2? Converting all the templates to HVM is doable and would greatly improve security, in light of the severity of these exploits I see no reason not to do it despite it not being in the original requirements. I would appreciate advice on

[qubes-users] Announcement regarding the Meltdown and Spectre attacks

2018-01-04 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, The Qubes Security Team is currently investigating the extent to which [XSA-254] (and the [Meltdown] and [Spectre] attacks more generally) affect the security of Qubes OS. The practical impact of these attacks on Qubes is