Re: Integrating OpenBSD into Xen/Qubes
On Fri, Oct 16, 2020 at 11:35:40AM +0200, Anders Andersson wrote: How could any hardening in OpenBSD protect from someone owning the hardware? Or do you mean that an OpenBSD guest would run with exclusive access to the NIC and then every other guest is routed through that guest? Yes, exactly. The OpenBSD guest would have exclusive access to the NIC, and handles all networking for the entire system. At the moment, Qubes uses a Fedora Linux-based guest system to handle networking. This means that if an attacker can compromise the Fedora networking drivers, they can compromise the guest, and potentially use the guest's PCI access to exploit Xen. As noted in the original Github issue, attacks on networking sub-systems are all too common (apparently some Middle Eastern countries are building or have built systems to mass exploit anyone who e.g connects to a shopping mall's Wi-Fi network). OpenBSD's hardening and generally higher standard of code quality would go a long way to mitigating this attack scenario.
Re: Integrating OpenBSD into Xen/Qubes
On Wed, Oct 14, 2020 at 8:24 PM wrote: > > A number of people are working on integrating OpenBSD into Qubes. > > In particular, OpenBSD's hardening and mitigations are potentially very > useful in talking to the NIC: Xen vulnerabilities have been repeatedly > found that would allow a guest with PCI access to compromise the entire > system, and on most machines the network card is a PCI device. How could any hardening in OpenBSD protect from someone owning the hardware? Or do you mean that an OpenBSD guest would run with exclusive access to the NIC and then every other guest is routed through that guest?
Integrating OpenBSD into Xen/Qubes
A number of people are working on integrating OpenBSD into Qubes. In particular, OpenBSD's hardening and mitigations are potentially very useful in talking to the NIC: Xen vulnerabilities have been repeatedly found that would allow a guest with PCI access to compromise the entire system, and on most machines the network card is a PCI device. Additionally, wireless drivers on Linux leave some things to be desired and the network stack is very exposed to the adversary compared to other aspects of the system. The limited scope of the networking VM in Qubes (it does not need much in the way of bells and whistles, it simply talks to the NIC and passes on data) means that it's much easier to use OpenBSD here than it would be to use OpenBSD for e.g GUI applications. Unfortunately, there are still significant issues (currently good integration requires patching /etc/rc, among other things): https://github.com/QubesOS/qubes-issues/issues/5294#issuecomment-707278609 As the commenter notes, this would be much easier if an OpenBSD committer was interested in helping. Anyone?