On Thu, January 18, 2018 6:00 pm, Nik H wrote: > Reasoning: The entire point of HW virtualization is to have very fast and > seamless context switching so that if I have 10 different VMs running, > the processor does not lose performance from that. So you keep caches, > and you keep speculatively executing what you believe to be the correct > branch of an if statement. HW virtualization vs. software seems to have > been implemented mainly to improve performance, and not to improve > security/isolation. > > I found various snippets of information hinting at this as well, but > again, I'd be happy to be wrong! But, if I am right, then qubes isolation > is compromised.
This is the feeling I got too wrt Spectre, but it's hard to find facts on it. Maybe if we could look at what the virtualization opcodes are doing at a microcode level... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ce9c9392f0cd7a73fc766ebfecc47906.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
