On 4/12/19 10:35 AM, Marek Marczykowski-Górecki wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi all,
We're considering dropping support for "qemu-traditional" stubdomain in
Qubes R4.1. The qemu-traditional is a very old fork of qemu, semi-maintained
by Xen, but in practice receiving very little attention. Maintaining
working stubdomain with it, although theoretically supported upstream,
require significant number of patches (for example to have PCI
passthrough working).
Since Qubes R4.0, the default stubdomain implementation use upstream
qemu in a Linux-based stubdomain. This is a thing still not available in
upstream Xen, but I'm working on it.
The nice thing about this stubdomain implementation is actually
maintained qemu version, including security related features like
running it sandboxed with seccomp (in addition to PV stubdomain). The
bad thing is larger memory footprint (~150MB compared to ~40MB).
Stubdomain is needed only for HVM domains, so basically any non-Linux
VM, plus VMs with PCI devices (until PVH domain would get PCI
passthrough support).
One reason to keep qemu-traditional support, besides lower memory usage,
is running a VM which was installed with it. Some systems (like Windows)
may not like switching to newer stubdomain, without reinstallation, as
such switch will change what devices are emulated (different disk
controller, different chipset etc). But I'm not sure if that's important
enough, especially since Qubes Windows Tools for R4.0 in practice also
means Windows reinstallation in many cases (it is quite complex to
update them in place, or uninstall old one without breaking the VM).
This would have a negative impact on Windows 7 users: Existing
installations may stop working, and Microsoft won't allow complete
updates to systems that have not received a certain patch level to W7
Windows Update by a certain date. IIRC the cutoff date for updating
Windows Update is sometime this year, so fresh installations of W7 could
soon be fubar even if the intent is to run them as legacy, isolated vms.
In Qubes R4.0 it's possible to choose stubdomain version:
- - the new one (default):
qvm-features -D VMNAME linux-stubdom
- - the old one:
qvm-features VMNAME linux-stubdom ''
The old one is automatically set when restoring a HVM backup from Qubes
3.2 or older. If you have such VM, you can try switching to the new
stubdomain and see how it works.
Any opinions?
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/2271dd09-d223-f1c6-8372-5fb0932758a5%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
