On Thu, Oct 19, 2017 at 1:25 AM, blacklight <pandakaas...@gmail.com> wrote: > We all know well why xen was chosen as the hypervisor for qubes instead of > kvm, since this has been stated in multiple places by the devs. But i wonder > how feasable it would be to use bhyve as a hypervisor for qubes. Ive read > that it only uses roughly 30k lines of code, so its smaller then xen which is > good since less code means less attack surface right? and seems to support > vt-d and vt-x. Also its made by the freebsd theme, which are known for the > high coding standards. Would it be possible to run qubes with bhyve instead > of xen? If not, why? > > I would love some info on this :) > > Greetings, blacklight447
I've looked into this possibility in the past. Last I checked, bhyve's device models were required to be in the host and ran with significant privileges. This may have been addressed by [1], but I'd need to do more research to be sure and see what privs they still run with. Other things that would need to be done before it's a viable candidate: - some XenStore equivelant - some vchan equivalent - expose shared mem for zero-copy framebuffers - de-systemd-ification of dom0 things and undoubtedly other things that don't immediately come to mind. Definitely not a trivial task in any case. Cheers, Jean-Philippe [1]: https://reviews.freebsd.org/D8290 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_BnwQ%2BK4V%2B9g38qvD2n1FgLDiD7JA98QrSw8J%2B4FO-uBg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.