-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Dec 16, 2017 at 04:58:20AM -0800, Vít Šesták wrote:
> > As for PVHv2 - in theory it should be available in 4.0 already, if you
> > have VM kernel new enough (4.11+).
>
> Good to know. I guess that when I have a suitable kernel, I also need t
Hello,
> > I believe that getting rid of QEMU is rather getting rid of PV domains than
> > getting rid of QEMU itself.
>
> Yes and no. From security POV this is correct. But at the same time,
> having qemu (with appropriate isolation) use resources (RAM, CPU), which
> already are scarce on Qubes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Dec 16, 2017 at 02:10:17AM -0800, Vít Šesták wrote:
> Just few notes:
>
> I believe that getting rid of QEMU is rather getting rid of PV domains than
> getting rid of QEMU itself.
Yes and no. From security POV this is correct. But at the s
On Mon, Dec 11, 2017 at 12:45:34PM -0500, Jean-Philippe Ouellet wrote:
> Marmarek or HW42 could probably give you better answers, but the
> following is my understanding:
>
> The terminology is admittedly somewhat confusing, especially since Xen
> people no longer talk about a discrete set of virt
Just few notes:
I believe that getting rid of QEMU is rather getting rid of PV domains than
getting rid of QEMU itself.
* First, privilege elevation is not much a threat in Qubes. OTOH, VM escape is
a fatal threat.
* I believe QEMU vulnerabilities typically require some lowlevel access to
devi