-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-01-06 17:37, Marek Marczykowski-Górecki wrote: > On Fri, Jan 06, 2017 at 08:04:08PM +0000, 5vo30m+lpi66xm176ugr7ruk via > qubes-users wrote: >> Hi everyone! > >> First off happy new year! :) > >> To get into the subject, I'm trying to get as many Qubes users around me as >> possible to convert my family and friends from Windowsism to Qubism. However >> in some cases I see that the Intel®™ (backdoor℠ inside®) hardware that they >> have does not support VT-x and VT-d. > >> So I would like to better understand the implications of this. From the User >> FAQ: > >> https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-x > >> I understand that this means that: > >> o Not being able to use fully virtualized VMs (e.g., Windows-based qubes) > >> o No security benefit in having a separate NetVM > >> But the points I wont to understand are: > >> ~ Does this mean that one wont be able to install Windows in a VM in such >> system (that's it?)? > Yes. > >> What does fully virtualized VM really mean? > > https://www.qubes-os.org/doc/glossary/#hvm > > In short: a VM running OS not necessary modified to be running in a VM. > >> ~ How is this relevant practically speaking? In other words, could an >> attacker deploy malware to NetVM (from an AppVM that is connected to the >> NetVM)? If not, in which situations can attacker get to the NetVM and >> therefore to dom0? > > The way you've descried, or using some remote attack directly on NetVM - > because NetVM is what is facing external network directly. >
Another, additional way of answering this question: "On a system without VT-d, everything should work in the same way, except there will be no real security benefit to having a separate NetVM, as an attacker could always use a simple DMA attack to go from the NetVM to Dom0." Then read this: https://www.qubes-os.org/doc/user-faq/#what-is-a-dma-attack Basically, read the next two FAQ entries after the one you linked. :) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYcKbyAAoJENtN07w5UDAw380P/3vH/GlHBGsYV5qmU1fDdRu8 JHz9ZG5tWVIba219sYMNCHa4F+Wc907prEyooG0XRBwtIKoZ/qXP5bMKX6WBuXSw 8wQfEewrWvSU7vCGW67DEc4OYcwKNwiV8mX6ebFSt/dtKHshLmyCylnaJ0Sg59Kn PwIdkG1E7Gzt7pt0Ti2WUzjKeWMY0GWZm9kuYG5DL1iRguanGrmVyn+RRAZMn5af WRrP7GBFAK7ykOWP4zTpZ8onlL7En9s+MNp7Mn6hyDyIYKvwQ2LcE63p2H8dozku 5cDGkxWJIB/dqhd9URnVhq/cVKdXvHXGztGBR62tSpq2neuYhi8FyTpdKqxuspvV 1zMsBGp8DP8Q03Mf8AeJ7DLfrHfZYi1HmwhYa3uOZnntAHd3x93QRXOyiWiLr88e aBiYHCQMdy+o8FMrikvPfQi8Wd7JGSqmzOzw8TMhnuQ8QlZCa6GdYfQa23oBi4El t12M2RBykur2grLfRf/wUcMiTRxZ1WTVXrY4YPDoH+79QzEV5xhJrrlWKFYEYySG SsnOpToBa/iHwWtrVKqDfubca1umDnSRjYJuKjWourzO5LEpG9hkjFdUg0olTMet C05tE/Hlg8+PeLg2y06PCavQZK7nRkN7L3U0SEYck8RVovslKmbUeKFWtMM+rqQi ZPisdXAjwa+YtnEsdwbz =EXu4 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13f1c956-855f-cdaf-6f6e-a4331e0189b9%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.