DevelFaq changed

Added index
This commit is contained in:
Joanna Rutkowska 2013-06-23 08:18:37 +00:00
parent 401e098c6d
commit 35118e88fc

View File

@ -7,6 +7,12 @@ permalink: /wiki/DevelFaq/
Qubes Developers FAQ Qubes Developers FAQ
==================== ====================
1. 1. [Q: Why does dom0 need to be 64-bit?](#Q:Whydoesdom0needtobe64-bit)
2. [Q: Why do you use KDE in Dom0? What is the roadmap for Gnome support?](#Q:WhydoyouuseKDEinDom0WhatistheroadmapforGnomesupport)
3. [Q: What is the recommended build environment?](#Q:Whatistherecommendedbuildenvironment)
4. [Q: How to build Qubes from sources?](#Q:HowtobuildQubesfromsources)
5. [Q: How do I submit a patch?](#Q:HowdoIsubmitapatch)
### Q: Why does dom0 need to be 64-bit? ### Q: Why does dom0 need to be 64-bit?
Often it is more difficult to exploit a bug on the x64 Linux than it is on x86 Linux (e.g. ASLR is sometimes harder to get around). While we designed Qubes with the emphasis on limiting any potential attack vectors in the first place, still we realize that some of the code running in Dom0, e.g. our GUI daemon or xen-store daemon, even though it is very simple code, might contain some bugs. Plus currently we haven't implemented a separate storage domain (which is planned only for Release 2), so also the disk backends are in Dom0 and are "reachable" from the VMs, which adds up to the potential attack surface. So, having faced a choice between 32-bit and 64-bit OS for Dom0, it was almost a no-brainer, as the 64-bit option provides some (little perhaps, but still) more protection against some classes of attacks, and at the same time do not have any disadvantages (except that it requires a 64-bit processor, but all systems on which it makes sense to run Qubes, e.g. that have at least 3-4GB memory, they do have 64-bit CPUs anyway). Often it is more difficult to exploit a bug on the x64 Linux than it is on x86 Linux (e.g. ASLR is sometimes harder to get around). While we designed Qubes with the emphasis on limiting any potential attack vectors in the first place, still we realize that some of the code running in Dom0, e.g. our GUI daemon or xen-store daemon, even though it is very simple code, might contain some bugs. Plus currently we haven't implemented a separate storage domain (which is planned only for Release 2), so also the disk backends are in Dom0 and are "reachable" from the VMs, which adds up to the potential attack surface. So, having faced a choice between 32-bit and 64-bit OS for Dom0, it was almost a no-brainer, as the 64-bit option provides some (little perhaps, but still) more protection against some classes of attacks, and at the same time do not have any disadvantages (except that it requires a 64-bit processor, but all systems on which it makes sense to run Qubes, e.g. that have at least 3-4GB memory, they do have 64-bit CPUs anyway).