On Wednesday, September 20, 2017 at 12:27:24 AM UTC, nicholas roveda wrote: > Does Qubes store any Hypervisor settings apart qubes.xml? > I'm pretty sure it does, so where are stored the raw Xen settings and how can > they be manipulated? > > I was trying to access via dom0 to a Template console using `xl console` and > I ran into a common problem related to hvm domain, the absence of a console > to bind to. > > https://www.xenproject.org/questions-and-answers/xl-console-does-not-work-on-hvm-guest.html > > So, I've changed the kernelopts to expose a tty, but I don't know how to > change the related settings in the Xen prospective. > > Can someone post the right procedure for Qubes?
I'm probably the wrong person for this, however Correct me if I'm wrong, but doesn't Dom0 use XL, and DomU's use QVM? I believe the logic behind this is to make it easy to switch between hypervisors below Qubes, in the future, and also to be able to switch Dom0 linux system with another, like Debian instead of Fedora, and making as little code in the templates as possible, so that everything can be considered like "blocks" that can be taken out easily, and switched. So in other words, I don't think much, or anything at all, is written to XL from the DomU domains. It seems only Dom0 would do that? So in a sense, QVM will be the one talking with the DomU's only. I could be wrong though, but I don't think you can communicate with XL from the templates. Also Xen can run in two modes, either many systems ontop Xen, or a single domain (DomO) ontop Xen. I believe Qubes is doing the latter. Which again points towards that you cannot communicate with Xen from the templates. This too is the reason why making the high-end graphics work in Qubes is a security flaw, because graphics is run directly with XL-passthrough rather than through QVM. Since the templates can communicate with the Xen layer, it creates openings and cracks for which attackers can zip through. Which is the reason as far as I understand it, as to why Xen is completely isolated from the templates. But as said, I'm not the right person to answer this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68333cd4-008a-4ac7-86f8-70f217bdb6ae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
