Re: [qubes-users] My Intel system doesn't have Vt-x and Vt-d, please help me understand the implications.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-01-06 17:37, Marek Marczykowski-Górecki wrote: > On Fri, Jan 06, 2017 at 08:04:08PM +, 5vo30m+lpi66xm176ugr7ruk via > qubes-users wrote: >> Hi everyone! > >> First off happy new year! :) > >> To get into the subject, I'm trying to get as many Qubes users around me as >> possible to convert my family and friends from Windowsism to Qubism. However >> in some cases I see that the Intel®™ (backdoor℠ inside®) hardware that they >> have does not support VT-x and VT-d. > >> So I would like to better understand the implications of this. From the User >> FAQ: > >> https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-x > >> I understand that this means that: > >> o Not being able to use fully virtualized VMs (e.g., Windows-based qubes) > >> o No security benefit in having a separate NetVM > >> But the points I wont to understand are: > >> ~ Does this mean that one wont be able to install Windows in a VM in such >> system (that's it?)? > Yes. > >> What does fully virtualized VM really mean? > > https://www.qubes-os.org/doc/glossary/#hvm > > In short: a VM running OS not necessary modified to be running in a VM. > >> ~ How is this relevant practically speaking? In other words, could an >> attacker deploy malware to NetVM (from an AppVM that is connected to the >> NetVM)? If not, in which situations can attacker get to the NetVM and >> therefore to dom0? > > The way you've descried, or using some remote attack directly on NetVM - > because NetVM is what is facing external network directly. > Another, additional way of answering this question: "On a system without VT-d, everything should work in the same way, except there will be no real security benefit to having a separate NetVM, as an attacker could always use a simple DMA attack to go from the NetVM to Dom0." Then read this: https://www.qubes-os.org/doc/user-faq/#what-is-a-dma-attack Basically, read the next two FAQ entries after the one you linked. :) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYcKbyAAoJENtN07w5UDAw380P/3vH/GlHBGsYV5qmU1fDdRu8 JHz9ZG5tWVIba219sYMNCHa4F+Wc907prEyooG0XRBwtIKoZ/qXP5bMKX6WBuXSw 8wQfEewrWvSU7vCGW67DEc4OYcwKNwiV8mX6ebFSt/dtKHshLmyCylnaJ0Sg59Kn PwIdkG1E7Gzt7pt0Ti2WUzjKeWMY0GWZm9kuYG5DL1iRguanGrmVyn+RRAZMn5af WRrP7GBFAK7ykOWP4zTpZ8onlL7En9s+MNp7Mn6hyDyIYKvwQ2LcE63p2H8dozku 5cDGkxWJIB/dqhd9URnVhq/cVKdXvHXGztGBR62tSpq2neuYhi8FyTpdKqxuspvV 1zMsBGp8DP8Q03Mf8AeJ7DLfrHfZYi1HmwhYa3uOZnntAHd3x93QRXOyiWiLr88e aBiYHCQMdy+o8FMrikvPfQi8Wd7JGSqmzOzw8TMhnuQ8QlZCa6GdYfQa23oBi4El t12M2RBykur2grLfRf/wUcMiTRxZ1WTVXrY4YPDoH+79QzEV5xhJrrlWKFYEYySG SsnOpToBa/iHwWtrVKqDfubca1umDnSRjYJuKjWourzO5LEpG9hkjFdUg0olTMet C05tE/Hlg8+PeLg2y06PCavQZK7nRkN7L3U0SEYck8RVovslKmbUeKFWtMM+rqQi ZPisdXAjwa+YtnEsdwbz =EXu4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13f1c956-855f-cdaf-6f6e-a4331e0189b9%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] My Intel system doesn't have Vt-x and Vt-d, please help me understand the implications.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jan 06, 2017 at 08:04:08PM +, 5vo30m+lpi66xm176ugr7ruk via qubes-users wrote: > Hi everyone! > > First off happy new year! :) > > To get into the subject, I'm trying to get as many Qubes users around me as > possible to convert my family and friends from Windowsism to Qubism. However > in some cases I see that the Intel®™ (backdoor℠ inside®) hardware that they > have does not support VT-x and VT-d. > > So I would like to better understand the implications of this. From the User > FAQ: > > https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-x > > I understand that this means that: > > o Not being able to use fully virtualized VMs (e.g., Windows-based qubes) > > o No security benefit in having a separate NetVM > > But the points I wont to understand are: > > ~ Does this mean that one wont be able to install Windows in a VM in such > system (that's it?)? Yes. > What does fully virtualized VM really mean? https://www.qubes-os.org/doc/glossary/#hvm In short: a VM running OS not necessary modified to be running in a VM. > ~ How is this relevant practically speaking? In other words, could an > attacker deploy malware to NetVM (from an AppVM that is connected to the > NetVM)? If not, in which situations can attacker get to the NetVM and > therefore to dom0? The way you've descried, or using some remote attack directly on NetVM - because NetVM is what is facing external network directly. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYcEZoAAoJENuP0xzK19cs10AIAJJTAtko8yOjdDXcWOaq7lRB 2fKeGJDIG5x9ZILWfJbDrqaAgd14NuQyCU4UAMokk3dkgo6u6/0gjr55tshp5pyx Ah6i253s+16MRatC+vBYohD+NJWE3tZG1vsr6IiDQxuqb/pykrqywbDcKUMIEtgs xrlorH5liM5LuWxiKPJSqtV9LtQb4Y3EILXBSeJuiDPeqbcaYu1lniSQMsoUUR7J HES0ygE552wH4HhMiqE3f3FOy7yQSF8lmjSRnl50X7Pzw0y1Ojs5CUgV/oYPh/XP vye8F6PGDxQpAx6HHCsuUSQgAoIUhWDrZJcXKHHvIoMKkgDPahP1IDt8eRa5m38= =qXgS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170107013743.GT5268%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] My Intel system doesn't have Vt-x and Vt-d, please help me understand the implications.
Hi everyone! First off happy new year! :) To get into the subject, I'm trying to get as many Qubes users around me as possible to convert my family and friends from Windowsism to Qubism. However in some cases I see that the Intel®™ (backdoor℠ inside®) hardware that they have does not support VT-x and VT-d. So I would like to better understand the implications of this. From the User FAQ: https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-x I understand that this means that: o Not being able to use fully virtualized VMs (e.g., Windows-based qubes) o No security benefit in having a separate NetVM But the points I wont to understand are: ~ Does this mean that one wont be able to install Windows in a VM in such system (that's it?)? What does fully virtualized VM really mean? ~ How is this relevant practically speaking? In other words, could an attacker deploy malware to NetVM (from an AppVM that is connected to the NetVM)? If not, in which situations can attacker get to the NetVM and therefore to dom0? Thanks for all the help! Sent using Guerrillamail.com Block or report abuse: https://www.guerrillamail.com//abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48d0f8ae1f196ed17d3d5f81ca16db398d6%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.