On 09/25/2016 01:07 AM, neilhard...@gmail.com wrote:
Simple question: Why are Ethernet and WiFi in sys-net..?
Is it
(A) Just for easy access to the same network for all App VMs..?
(B) Because this is isolating Ethernet and WiFi from the rest of the system, to
stop DMA attacks..?
It's not clear to me whether the VT-D protection is occurring because you are
putting these devices in sys-net.
Its not clear to you because there is no vm classification called
"hardware" or "vt-d". There is nothing in Qubes Manager's listing that
flags certain vms as having PCI devices (you have to look at the Devices
tab in settings). Its an interesting idea, though.
Or whether the VT-D is implemented regardless of which VM the Wifi/Ethernet are
in.
I ask this because I want to run some programs in sys-net, and wonder whether a
DMA attack could screw up these programs.
Thanks
Anything you run in sys-net or other NIC-bearing vm (or USB-bearing vm)
should be considered vulnerable to DMA attacks, period. Probably most
other types of PCI devices carry that risk.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/24a22270-eecc-327c-b07b-09bbe81fa5fe%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
