Re: [qubes-users] Re: How risky is GPU pass-through?
On 04/09/2019 08:53 AM, unman wrote: > On Mon, Apr 08, 2019 at 02:32:04PM -0400, taii...@gmx.com wrote: >> On 02/25/2019 04:02 PM, John Mitchell wrote: >>> If I may ask what OS do you use for the host? >>> >> >> Devuan, it is debian without systemd. >> >> I compile most of the related packages though like libvirtd, qemu etc >> cause the ones from the distro are way too outdated to support what I need. >> >> You should get a new non-gmail email btw. >> > > Do you run Qubes? Of course. > On what hardware? > * Lenovo X220 with coreboot * KCMA-D8 with Opteron 4284 cpu and coreboot-libre. I have a bunch of computers so much that I need a server rack soon :D On 04/10/2019 03:13 PM, jrsmi...@gmail.com wrote: > To be concrete and transparent, the mobo with PS/2 is a Gigabyte X299 >Designare ex with four USB controllers and a header for a hardware TPM, >which I’ve populated. >The other mobo is an ASUS X299 Prime Deluxe II >with no PS/2, five USB controllers and only supports a firmware TPM. >Both are fantastic boards, They are propriatary with ME and no libre firmware so I wouldn't put them in the great board area. > but one is going back. If isolating USB kb and mouse to one controller >that dom0 has exclusive access to is actually more secure than native >PS/2 then I would lean > toward keeping the ASUS and do without TPM. > TPM's are proprietary black boxes and to my consideration pointless it would be better to do your own code signing deal with coreboot and grub signing your owner kernels and having a write-locked flash chip load grub which loads your signed kernels only, you would then lock the computer case with a high security lock. I also suggest using keyboard and pointing device without re-writable firmware, to my knowledge only the (usa made!) Unicomp keyboards fit that bill and they have ones with pointing devices both a trackball and a laptop style trackpoint. Anyone who thinks that chinese made and usa made electronics are equal on a security footing is naive, china gets caught implanting backdoors in hardware all the time whereas to my knowledge with US made hardware that has never happened and here you can say no without getting put in prison. RaptorCS/RaptorEngineering was doing some cool work with an open foss us made security product like a TPM called FlexVER if anyone is interested in an alternative, no idea when it will be released though and it will probably only work on the OpenPOWER stuff. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c7962b1c-f32d-19ae-df81-705866c68973%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
Le mercredi 10 avril 2019 19:59:09 UTC+2, throwaway...@gmail.com a écrit : > Le mardi 9 avril 2019 22:41:17 UTC+2, awokd a écrit : > > From Throwaway42's document: > > > > > GRUB\_CMDLINE\_LINUX=" > > > rd.qubes.hide\_pci=0a:00.0,0a:00.1 > > > modprobe=xen-pciback.passthrough=1 > > > xen-pciback.permissive" > > > > Instead of xen-pciback.permissive on the Linux options line, could you > > set the GPU's two PCI devices to permissive > > https://www.qubes-os.org/doc/pci-devices/#permissive ? Seems it would > > make it a little more restrictive. Also, is that modprobe required? I'd > > think Qubes would load that module by default. Hiding it here makes sense. > > I updated the docs. > In fact, the permissive flag wasn't necessary ( at least, for the RX580) Full doc, with latest patchs https://github.com/Qubes-Community/Contents/blob/master/docs/customization/windows-gaming-hvm.md -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c00e75a2-7f09-494e-9da6-c9db7ab4bfa9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
Le mardi 9 avril 2019 22:41:17 UTC+2, awokd a écrit : > From Throwaway42's document: > > > GRUB\_CMDLINE\_LINUX=" > > rd.qubes.hide\_pci=0a:00.0,0a:00.1 > > modprobe=xen-pciback.passthrough=1 > > xen-pciback.permissive" > > Instead of xen-pciback.permissive on the Linux options line, could you > set the GPU's two PCI devices to permissive > https://www.qubes-os.org/doc/pci-devices/#permissive ? Seems it would > make it a little more restrictive. Also, is that modprobe required? I'd > think Qubes would load that module by default. Hiding it here makes sense. I updated the docs. In fact, the permissive flag wasn't necessary ( at least, for the RX580) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e4c6210-1bd3-4c18-b022-889edba02907%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
From Throwaway42's document: > GRUB\_CMDLINE\_LINUX=" > rd.qubes.hide\_pci=0a:00.0,0a:00.1 > modprobe=xen-pciback.passthrough=1 > xen-pciback.permissive" Instead of xen-pciback.permissive on the Linux options line, could you set the GPU's two PCI devices to permissive https://www.qubes-os.org/doc/pci-devices/#permissive ? Seems it would make it a little more restrictive. Also, is that modprobe required? I'd think Qubes would load that module by default. Hiding it here makes sense. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8bc8dd66-a414-f9ab-e39c-373e335bed2f%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
799 wrote on 4/9/19 7:31 PM: Hello throwaway42, schrieb am Di., 9. Apr. 2019, 21:17: (...) Just for information: I have a gaming VM inside Qubes OS It is a windows 7 HVM, with a dedicated GPU. Performance are very good. I referenced some useful links here https://neowutran.ovh/qubeos.pdf Nice write-up ... Thanks. Seconded! This is the first report I've seen of successful GPU pass-through under 4.0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8c1d6fdb-6f44-5ec4-2faa-f2bd4ce339f2%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
Hey throwaway42, Thank you for the information! I wish I had this 6 months ago when I began planning my personal VM server. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/24eef0f7-9c1f-41b9-8ae8-f30443b5a254%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
Hello throwaway42, schrieb am Di., 9. Apr. 2019, 21:17: > (...) > Just for information: > I have a gaming VM inside Qubes OS > It is a windows 7 HVM, with a dedicated GPU. > Performance are very good. > I referenced some useful links here https://neowutran.ovh/qubeos.pdf Nice write-up ... Thanks. Why don't you add this information to the Qubes Community Docs, so that it can be rea(che)d by a broader audience? Hypertext is such a great invention compared to PDFs ;-) - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uCvAbw5FRCk%2BzaZBPdWLThUbedhfd4mgUkcUhcVcz98w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
Le mardi 9 avril 2019 15:29:48 UTC+2, John Mitchell a écrit : > On Tuesday, April 9, 2019 at 2:53:25 PM UTC+2, unman wrote: > > > > > Do you run Qubes? On what hardware? > > I wanted to use Qubes however I didn't feel that my usage case would be > supported here so I opted for Xubuntu running QEMU and Virtual Machine > Manager. I have it working, responding here from a VM. I've been following > Qubes since version 1, just not using because of the many security features. > > AMD Ryzen 2700X, 8 cores, 16 threads > 32 GB ram > GeForce GT 1030 (desktop GPU) > Radeon RX 590 (gaming GPU, pass through, also working) > > The gaming GPU is blocked in the kernel from the host OS (Xubuntu) with > virtio. I suppose virtio could be a security risk. The host OS is > restricted to 4 GB (hugepages) and one core (two threads). I have RAID 10 > running on the host CPU. KVM shares the host memory however it has one core > for itself for iothreads, etc. The rest is available for VMs. Neither of > the two CPUs for the host and KVM have ever maxed usage for longer than half > a second. > > I was planning to use bcache to speed up the RAID although I may skip that > since I am not feeling a need for speed. RAID 10 is plenty fast when the > drives are not spun down. I have SMART monitoring setup too along with temp > and fan monitoring. The host runs from an SSD. Next month I will add a > backup solution. > > I have some bloat in the host that I need to clean up. Overall it is a solid > setup, certainly not as secure as Qubes. However I don't believe I would > have this working with Qubes. Just for information: I have a gaming VM inside Qubes OS It is a windows 7 HVM, with a dedicated GPU. Performance are very good. I referenced some useful links here https://neowutran.ovh/qubeos.pdf -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/56e637ec-537b-4129-87cf-beb1c5b64608%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
On Tue, Apr 09, 2019 at 06:29:48AM -0700, John Mitchell wrote: > On Tuesday, April 9, 2019 at 2:53:25 PM UTC+2, unman wrote: > > > > > Do you run Qubes? On what hardware? > > I wanted to use Qubes however I didn't feel that my usage case would be > supported here so I opted for Xubuntu running QEMU and Virtual Machine > Manager. I have it working, responding here from a VM. I've been following > Qubes since version 1, just not using because of the many security features. > > AMD Ryzen 2700X, 8 cores, 16 threads > 32 GB ram > GeForce GT 1030 (desktop GPU) > Radeon RX 590 (gaming GPU, pass through, also working) > > The gaming GPU is blocked in the kernel from the host OS (Xubuntu) with > virtio. I suppose virtio could be a security risk. The host OS is > restricted to 4 GB (hugepages) and one core (two threads). I have RAID 10 > running on the host CPU. KVM shares the host memory however it has one core > for itself for iothreads, etc. The rest is available for VMs. Neither of > the two CPUs for the host and KVM have ever maxed usage for longer than half > a second. > > I was planning to use bcache to speed up the RAID although I may skip that > since I am not feeling a need for speed. RAID 10 is plenty fast when the > drives are not spun down. I have SMART monitoring setup too along with temp > and fan monitoring. The host runs from an SSD. Next month I will add a > backup solution. > > I have some bloat in the host that I need to clean up. Overall it is a solid > setup, certainly not as secure as Qubes. However I don't believe I would > have this working with Qubes. > Thanks John: I hope you'll come back to Qubes in the future. However, my question was addressed to Taiidan. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190409135303.za4nhjw3uo2qkmrb%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
On Tuesday, April 9, 2019 at 2:53:25 PM UTC+2, unman wrote: > Do you run Qubes? On what hardware? I wanted to use Qubes however I didn't feel that my usage case would be supported here so I opted for Xubuntu running QEMU and Virtual Machine Manager. I have it working, responding here from a VM. I've been following Qubes since version 1, just not using because of the many security features. AMD Ryzen 2700X, 8 cores, 16 threads 32 GB ram GeForce GT 1030 (desktop GPU) Radeon RX 590 (gaming GPU, pass through, also working) The gaming GPU is blocked in the kernel from the host OS (Xubuntu) with virtio. I suppose virtio could be a security risk. The host OS is restricted to 4 GB (hugepages) and one core (two threads). I have RAID 10 running on the host CPU. KVM shares the host memory however it has one core for itself for iothreads, etc. The rest is available for VMs. Neither of the two CPUs for the host and KVM have ever maxed usage for longer than half a second. I was planning to use bcache to speed up the RAID although I may skip that since I am not feeling a need for speed. RAID 10 is plenty fast when the drives are not spun down. I have SMART monitoring setup too along with temp and fan monitoring. The host runs from an SSD. Next month I will add a backup solution. I have some bloat in the host that I need to clean up. Overall it is a solid setup, certainly not as secure as Qubes. However I don't believe I would have this working with Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e24653c0-a5a9-42a7-b736-d3b9c154aad9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
On Mon, Apr 08, 2019 at 02:32:04PM -0400, taii...@gmx.com wrote: > On 02/25/2019 04:02 PM, John Mitchell wrote: > > If I may ask what OS do you use for the host? > > > > Devuan, it is debian without systemd. > > I compile most of the related packages though like libvirtd, qemu etc > cause the ones from the distro are way too outdated to support what I need. > > You should get a new non-gmail email btw. > Do you run Qubes? On what hardware? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190409125322.rjvdgcvtcle5qxjw%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
On Monday, April 8, 2019 at 8:32:09 PM UTC+2, tai...@gmx.com wrote: > On 02/25/2019 04:02 PM, John Mitchell wrote: > > If I may ask what OS do you use for the host? > > > > Devuan, it is debian without systemd. > > I compile most of the related packages though like libvirtd, qemu etc > cause the ones from the distro are way too outdated to support what I need. > > You should get a new non-gmail email btw. Thank you for the reply. I know Google (facebook, etc.) owns me. :( And most of the rest of us. Anyway I moved on to Xubuntu. It provides enough security for my needs and the GPU pass through is working. Also there is a patch coming for QEMU that should bump the performance so I am satisfied with my setup. I'll continue to keep an eye on qubes hoping one day the PCI pass through catches up. I realize Qubes is way ahead on the security side though. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ceedb06-1524-4f59-808f-314c88dd1e76%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
On 02/25/2019 04:02 PM, John Mitchell wrote: > If I may ask what OS do you use for the host? > Devuan, it is debian without systemd. I compile most of the related packages though like libvirtd, qemu etc cause the ones from the distro are way too outdated to support what I need. You should get a new non-gmail email btw. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13c47fa1-fc93-a745-238e-e9e509607625%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
On Monday, February 25, 2019 at 4:02:38 PM UTC-5, John Mitchell wrote: > If I may ask what OS do you use for the host? Guest the latest QSA answers this question somehwat lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9057a332-0547-4e86-8f74-af3294c6eed9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
If I may ask what OS do you use for the host? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/51068e18-48c0-47b5-899a-aba95943dd6b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
One of the reasons I hate the qubes mailinglist is because of the large amount of people here who claim to be experts while being absolutely clueless. I max out new games in a VM on my libre firmware piledriver opteron IOMMU-GFX setup. I would say the performance is almost native and that I don't have any complaints in regards to FPS. I can also run other VM's on another NUMA node or on another CPU without noticing. BUT WAIT! Because some new guy with an annoying and weird name hasn't seen it done himself I must be lying and so is red hat - we are part of the the vm gaming conspiracy trying to entice mere mortals in to buying expensive enterprise grade hardware for no reason! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/906ca129-7040-209a-1381-42cae9621e0a%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
On Tuesday, December 25, 2018 at 1:02:05 PM UTC-8, qubenix wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Zrubi: > > On 12/23/18 9:34 PM, Demi M. Obenour wrote: > >> Someone I know is interested in using QubesOS. However, they > >> are also a gamer: if they could not have a Windows VM with access > >> to a dedicated graphics card for use by games, then QubesOS is > >> not an option for them. > > > > Short answer: Qubes OS is not an option for them. > > > > Why do you say that? If you search this list there are people that > successfully game on Win vm with gpu passthrough. While it is certainly possible to play games with modest hardware requirements under a virt and still have acceptable performance, games with high hardware requirements running at high frame rates, at high resolutions, and maxed out display settings are going to run much more slowly under a virt than they will on Win10 running natively on the same hardware. Most people who spend the kind of money needed to buy such a system will not be satisfied with the performance provided by a virtual machine. If the reasons for this are not obvious to you, take it as an opportunity to learn about how virtualization works. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d8667a5b-b27e-411f-beef-e82de555a572%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Zrubi: > On 12/23/18 9:34 PM, Demi M. Obenour wrote: >> Someone I know is interested in using QubesOS. However, they >> are also a gamer: if they could not have a Windows VM with access >> to a dedicated graphics card for use by games, then QubesOS is >> not an option for them. > > Short answer: Qubes OS is not an option for them. > Why do you say that? If you search this list there are people that successfully game on Win vm with gpu passthrough. > > The risk part would come only after this feature exists in practice > ;) Search back for the details. > > I can't speak to the security risk from personal experience or knowledge, but I found this: https://security.stackexchange.com/questions/162122/gpu-passthrough-security/162175. - -- qubenix CODE PGP: FE7454228594B4DDD034CE73A95D4D197E922B20 EMAIL PGP: 96096E4CA0870F1C5BAF7DD909D159E1241F9C54 IRC OTR: DFD1DA35 D74E775B 3E3DADB1 226282EE FB711765 -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEElgluTKCHDxxbr33ZCdFZ4SQfnFQFAlwgMjdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk2 MDk2RTRDQTA4NzBGMUM1QkFGN0REOTA5RDE1OUUxMjQxRjlDNTQACgkQCdFZ4SQf nFR7IA//YE7rVNDmYFiXmIU9v7d7j9Bg3bPNSQ6wFnWNclylA3NSvzJ2k/uurcXW HSz/7r3jDSnJgD6trVan8SMOLlVhU48Hz9FCOxrVagwU69Ch+70vEZplauDcbEC7 UKu3vTFaC5Gawu8EHSqeT97eYCjSqvc/K82g6Wlij9uYOp7juTpQXX9ekIYH4i94 2TI+ZEYCJ/IaoL12aNQbDz6TzR6lsQDnsUiEppd1hnCX/yQphVymRlFG4qBQsXUA 40cAiqSUvpoAchxiWuTS7o4wCblSgrYkHHNzBvX0i+8JhSVmiknloPb+rBZmUVrs 0AoS2cqW3ojKIDXdfQ5Yn27p9TSR9AkoGbNDN9hZSl0CQTjXDGKV/Lcdj9qSSy+X +xOEJL63nYp94hofsDmZhg7EfcARA5C5JbLF0TzA2fyXlO7hgoX/SsCAv+KaDWhE 8B3Sq+sWH7MAfiJOK/UZN52Bi+I5hUsYsdXPTDSxqkhc6aOnYL8i9wi89gPZ4iVi JTQ6Tzn87Y5fWeBnz10viMWyfj71rD1AktA9GM20zsw60jx+GcDwtxOHxQLWRTNb vR1KuET9E+XaS4oEmTcNDACNj0ui+H7OgCRt64plfOttrc9FDtUXgTLMHypMx0bV zNsV02DucRNWaFSpG6ZrXJMarqvC4NLihAFzhpo2QsGQSpTgiME= =suwp -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/174d9e11-0e0a-7924-b8f8-5339b138358f%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
Zrubi: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/23/18 9:34 PM, Demi M. Obenour wrote: Someone I know is interested in using QubesOS. However, they are also a gamer: if they could not have a Windows VM with access to a dedicated graphics card for use by games, then QubesOS is not an option for them. Short answer: Qubes OS is not an option for them. The risk part would come only after this feature exists in practice ;) Search back for the details. What Zrubi said, really. Not a practical solution at this point. If at some point it works better, it seems to me too if the secondary GPU can be blocked from ever seeing dom0 and vice versa, it could be passed through without too large an attack surface increase. Assuming here Qubes/Xen/IOMMU can restrict overly large BARs, but that's any PCIe device. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9173fb7d-18d5-3f9b-3383-28a930e602fc%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.