On Wed, Oct 24, 2018 at 2:44 AM 'awokd' via qubes-users < qubes-users@googlegroups.com> wrote:
> > > Unman: > > On Mon, Oct 22, 2018 at 10:40:23AM -0300, Franz wrote: > >> On Mon, Oct 22, 2018 at 10:29 AM unman <un...@thirdeyesecurity.org> > wrote: > >> > >>> On Mon, Oct 22, 2018 at 09:13:46AM -0300, Franz wrote: > >>>> On Mon, Oct 22, 2018 at 12:42 AM taii...@gmx.com <taii...@gmx.com> > >>> wrote: > >>>> > >>>>> No it won't. > >>>>> > >>>>> Expresscard > PCI-e > >>>>> > >>>>> PCI anything WILL NOT WORK - ALL IN SAME IOMMU GROUP. > >>>>> > >>>>> Save money buy one marketed for egpu gaming for $100 or so from bplus > >>>>> tech taiwan - expresscard>pci-e then buy a Sonnet Allegro Pro which > is > >>> 4 > >>>>> separate USB controllers which will work fine AS LONG AS YOUR LAPTOPS > >>>>> ROOT PORTS SUPPORT ACS otherwise it won't work they will all be the > >>> same > >>>>> group. I have no idea what laptops do however. > >>>>> > >>>>> > >>>> It seems my processor i7 3520m does not support ACS. So this should > mean > >>>> that even if I use 4 different PCI cards, in the best case scenario > they > >>>> can only be assigned to the same VM. > >>>> > >>>> On the same laptop Lenovo x230 a similar problem was that it has two > >>> native > >>>> USB controllers, but there is some connection between them so that > they > >>> can > >>>> only be assigned to the same VM. > >>>> > >>> > >>> Not in my experience with x230. Three controllers, and you can separate > >>> ports on Left and Right between two usbVM. > >>> > >> > >> with 3.2 or 4? > >> I tried various times with 3.2 and it replies something like that it > does > >> not want to do that because the two controllers are somehow connected > and > >> therefore there is a security risk isolating them when they are not > really > >> isolated. > >> > >> But of course you understand all that much better than me Unman :-) > >> > > > > Blind leading the blind, I'm afraid. > > > > This is with 4. I'll try it with 3.2.1 in the morning. > > > @taiidan- I based that from some code I saw in Xen that seemed to > support classic PCI passthrough. See also the last entry on this page > for example: https://wiki.xen.org/wiki/Xen_PCI_Passthrough. Agree it's > not the most secure approach with Qubes, if it works at all. > > @franz- I think the warning you were getting on 3.2 was caused by strict > reset mode. 4.0 disables strict reset by default in sys-usb, IIRC. So > you might want to go ahead and try it by following the 3.2 no > strict-reset section in > https://www.qubes-os.org/doc/assigning-devices/#pci-passthrough-issues. > > Interesting thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qBHd%2BZFvctgJwksnAx4ueTVWUoO2nAkgAZJ7WLS6YzYwA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
