'Re: [qubes-devel] Qubes internal network topology'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Qubes internal network topology
From:       Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date:       2016-02-11 16:52:12
Message-ID: 20160211165212.GF1930 () work-mutt
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, Feb 11, 2016 at 01:56:11PM +0000, Andrew wrote:
> Marek Marczykowski-Górecki:
> > On Thu, Feb 11, 2016 at 12:20:40PM +0100, Zrubi wrote:
> > > Hi,
> > 
> > > I want to visualize the internal Qubes network topology.
> > > Is there any better way to get the actual topology than parsing the
> > > output of `qvm-ls -n`
> > 
> > Unfortunately no, at least not yet. We'd love to have something like
> > that in Qubes Manager in Qubes 4.0, but that's just a wishlist entry
> > for now...
> > 
> > 
> 
> I've made my own hacky script for visualizing network and PCI
> attachments.  Maybe this will tide you over until there's something more
> official?
> 
> It's not completely bug-free; there is a spacing issue for ProxyVMs, but
> visually I think it looks just fine and haven't had much motivation to
> fix it.
> 
> Pic with redactions attached.
> 
> Andrew
> 

Hate to break it to you, but you're not quarantining ME by assigning the ME host
controller device to a VM, as seen on your screenshot. This device is a mere
interface for the OS to talk to the ME, but ME is still free to do whatever DMA
it wants. Sorry. I once believed this would work too... :/

joanna.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJWvLw9AAoJEDOT2L8N3GcYygUQAKR/KEfVg5e8TSruXmowcPJw
VFCqKChZDInGeWk+xKnAGxtfZJ6nvxOjcreqyLqmY26ij8sYwQoCs/ZHLSRjfCVB
qjTDZD71Ey2tyLLEMmcFkgn3uQIdQWnH1Mu7PzFTNBp/auBcw+4p8JSl90qYmtmG
Ux1Cfy5zngNrBzrTLEjZaigpTNaZ9+7Kf3bOyEeK4BBiUxoWq4AXHgPcnsjs69CN
dwpwznOS4VKGEFqhbbevSvxdwPqlHT1MUfdEa/wR2/p1Ns+bYX3MFA8urcKsNoOr
JIi/HN1ZFHSeq4oVuZkKaDUBP6vIFUJNrR44CH861sh8XIZ4NSeCs/s89/uL0YJg
S+0nnpOBQwPnZTWslV034O2CCPqkzVIw58zFnQ9rS5CeM8UVRVS08j7raQECYGqx
8IV+0QeL/MLPhNCj06lk1AbBgq5LQfYOi+5zoJPguwya0ycwOFnzh0yKDTi/aB9F
sGEmGpe6BZ6Q5ImD6T0jiuYzIOkjfvl6jwxgDmhAnX7RJsRbUL/BwHIWVcxBGg+e
0Igkrz0qhHdqPeGOYLNGWIqfphdr+TNbsEtN6whC4yV/Lv0ZSZCATVBZ5v4ak5ji
rVxTwkArKXVtbkM7hUdVWR9K/rV5vINNoN9Zh0uwzbNbyHHjwBrzuUJeC2hmRxCl
Gv/kf4LHrnS3ilvMf08n
=fMCP
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20160211165212.GF1930%40work-mutt. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic