←back to thread

What Is Qubes OS?

(www.qubes-os.org)
224 points LinuxBender | 2 comments | 09 Jul 22 16:47 UTC | HN request time: 0.429s | source
Show context
rkagerer ◴[09 Jul 22 19:48 UTC] No.32038622[source]
I was reading about Device Isolation but there's still something I'm not clear on:

Does the OS claim to prevent partially-trusted PCI devices linked to one VM from accessing memory of another VM? If so, how's that done?

I understand by default the hypervisor resets a device when it's moved from one VM to another, which would mitigate an evil device driver in the former from impacting the latter. But that doesn't protect from isolation breaches caused by evil [persistent] firmware.

I thought PCI cards have DMA access to all the system's memory space, unless you happen to have a server-type motherboard with a "smart PCIe bridge that can be programmed to perform address translation and access restrictions" (https://superuser.com/a/988179). Is such hardware more common now? Or does Qubes rely on all hardware you plug into it being trustworthy?

replies(3): >>32038676 #>>32041986 #>>32046287 #
simcop2387 ◴[09 Jul 22 19:53 UTC] No.32038676[source]
The iommu device is present on nearly all systems these days, even consumer ones. Intel calls it vt-d. The big issue is the device groupings that are setup by the firmware, and down stream pcie bridges. It's become more common because it's the only way to secure thunderbolt ports
replies(2): >>32040094 #>>32042323 #
1. octoberfranklin ◴[10 Jul 22 06:24 UTC] No.32042323[source]
> The iommu device is present on nearly all systems these days, even consumer ones.

Along with the IME device or PSP device, which conveniently get to bypass the iommu.

Finding machines with an iommu and without an IME/PSP/equivalent is remarkably difficult. It's basically modern POWER9, 2013-era Opterons, and one or two chromebook-grade Rockchip devices.

replies(1): >>32046118 #
2. fsflover ◴[10 Jul 22 16:27 UTC] No.32046118[source]
IME is disabled and neutralized on my Librem 15, which runs Qubes flawlessly.