On Fri, Oct 16, 2020 at 11:35:40AM +0200, Anders Andersson wrote:
How could any hardening in OpenBSD protect from someone owning the hardware? Or do you mean that an OpenBSD guest would run with exclusive access to the NIC and then every other guest is routed through that guest?
Yes, exactly. The OpenBSD guest would have exclusive access to the NIC, and handles all networking for the entire system.
At the moment, Qubes uses a Fedora Linux-based guest system to handle networking. This means that if an attacker can compromise the Fedora networking drivers, they can compromise the guest, and potentially use the guest's PCI access to exploit Xen.
As noted in the original Github issue, attacks on networking sub-systems are all too common (apparently some Middle Eastern countries are building or have built systems to mass exploit anyone who e.g connects to a shopping mall's Wi-Fi network).
OpenBSD's hardening and generally higher standard of code quality would go a long way to mitigating this attack scenario.
