[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Re: Running (or not) Xen during installation
From:       Andrew David Wong <adw () qubes-os ! org>
Date:       2016-11-07 3:19:44
Message-ID: 83e07971-45b6-8d83-0f65-2895e56c0151 () qubes-os ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-11-06 15:14, Chris Laprise wrote:
> On 11/05/2016 04:46 AM, Joanna Rutkowska wrote:
> > 
> > In the long term, we would like to maintain *full* isolation of most of the PCIe
> > devices (so DMA and MSI capable) from the TCB (perhaps except for the MCH pseudo
> > devs).
> > 
> > This should be maintained throughout the whole boot process, starting from the
> > reset vector. I don't think running Linux would allow us to achieve that. So, we
> > should aim at keeping Xen, and in the future, when we have better firmware to
> > work with (Coreboot?) make sure that at no point in time any of the untrusted
> > PCIe, such as your WiFi NIC, can interfere with the boot process.
> > 
> > joanna.
> 
> Speaking of long-term, it would be interesting to know if ITL could consider \
> specifying a hardware platform where Qubes or a Qubes-like OS could operate with \
> greater consistency. The Qubes community currently spends most of its time and \
> effort trying to reconcile the OS with the whims and priorities of Windows PC \
> vendors. 
> Even if its not realistic to build such a PC in the near term, having a hardware \
> (and firmware) specification that supports the objectives of Qubes could be \
> educational and garner interest from more hardware-focused people and projects. It \
> would also serve as a reminder of how (comparatively) problematic most PCs are. 
> Chris
> 

What you're describing sounds like the required specifications for Qubes-certified \
hardware beginning with R4.0:

https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/

Or did you have something different in mind?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYH/LTAAoJENtN07w5UDAw2K0QAJwJthLjxrqLew+3wTDZWgTZ
aqOgbuhzK7jLf1ORr5f12B3iy0dn8LdOcZ+168DJMlcGiJrWr6gJglFLV+STWytu
rQw0eZgbdN+srnSIf0RnshOGHowo4NLwUp02IgYyWAQ9WY2K4IbYFP+UKgX98QaT
Euhg1e3Dynjd8N1T9zeLk1034wpp8hq5rSIuKEfuq1MwN550e6CH0btUF/okR/VS
76k+TtkaZUAzfPzlKFwS61/LdA/OeP0k44xvKJKPOiNY7Jpwt+a6o9Wl59K1rrLg
7kWpn3VVmMz0v5JvailsSJ5Bie8Ijl+GQQQMA/YdTTMQqUYXGuNiIzHPNIIpzWUx
M8fMDMY0PLFDkoh2G92YhGNpsMzkRC+yOivpR8QtDGyVdYf3Pc89HdlWVrVj9wJz
imViTTiZZlod8cz3PjkhzJeOxond+2X4QJQi5h8L03KKDZf+ThB2Oy5mlKaJ1ZRx
LhxN0cmz+bM1dhuuomg/NnH/vQu31k9eGZfIrblqdXoNNU/OofqQGBqoqFGKEjp2
PodXEdatXdPmnowUrOvExONvN6OKyukOxjXcywGgimOdiX2C7Wsowl14cIMy0xJb
5LEjFCCSI2lw3etp3AFRFKKu5/CxC5SmIvqxDv7ZStV0fzWpqghUfHw403gf4IyE
hV9tdYQB0AHMygkRmtgd
=3oMw
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/83e07971-45b6-8d83-0f65-2895e56c0151%40qubes-os.org.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]