WoW, It is really nice to have someone working on this!
On 2020-08-01 17:39, Jason M wrote: > > > One thing to consider is also enabling memory deduplication in KVM > (KSM). This should nicely save memory when running multiple similar > VMs, > but at the same time is risky in light of speculative execution and > also > rowhammer-style attacks. > > > Personally I would be concerned of the risk, but I guess it could be an > option for users with low memory. Just for mention some idea (pretty off topic), I think that this kind of security risk could be highly reduced with a simple Qubes RPC which pauses all (or near all) running VM's when some critical data is unencrypted in memory. In example, a cold electrum wallet with an offline VM (priv-vm) with encrypted private keys and another with just public keys: - When you want to sign a transaction on the offline VM, it requests to dom0 to stop the another and waits. - dom0 pauses all needed VM's (maybe asks for confirmation) - priv-vm now asks for the password of the seed, decrypts it, signs the transaction and wipes the memory. - finally it tells dom0 to resume all VM's again. I am not sure if it is a pretty crazy idea. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/159d4a3a-99ee-0cc4-a490-9bfc338a2316%40riseup.net.
