Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-02-17 21:34:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'mfc-patch-31'

Browse Source
This commit is contained in:
Andrew David Wong 2017-03-01 01:21:35 -08:00
commit 3ce93fff6a
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 76 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

183
reference/glossary.md
View File

@ -13,188 +13,157 @@ Glossary of Qubes Terminology
Qubes OS Qubes OS
-------- --------
A security-oriented operating system (OS). The main principle of Qubes OS is A security-oriented operating system (OS).
security by compartmentalization (or isolation), in which activities are The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate **qubes**.
compartmentalized (or isolated) in separate **qubes**.
* The official name is `Qubes OS` (note the capitalization and spacing). * The official name is `Qubes OS` (note the capitalization and spacing).
However, in casual conversation this is often shortened to `Qubes`, and in However, in casual conversation this is often shortened to `Qubes`, and in technical contexts where spaces are not permitted, (e.g., usernames), the space may be omitted, as in `QubesOS`.
technical contexts where spaces are not permitted, (e.g., usernames), the
space may be omitted, as in `QubesOS`.
VM VM
-- --
An abbreviation for "virtual machine." A software implementation of a machine An abbreviation for "virtual machine."
(for example, a computer) which executes programs like a physical machine. A software implementation of a machine (for example, a computer) which executes programs like a physical machine.
Qube Qube
---- ----
A user-friendly term for a [VM](#vm) in Qubes OS. A user-friendly term for a [VM](#vm) in Qubes OS.
* Example: "In Qubes OS, you do your banking in your 'banking' qube and your * Example: "In Qubes OS, you do your banking in your 'banking' qube and your web surfing in your 'untrusted' qube. That way, if your 'untrusted' qube is compromised, your banking activities will remain secure."
web surfing in your 'untrusted' qube. That way, if your 'untrusted' qube is
compromised, your banking activities will remain secure."
* "Qube" is an informal term intended to make it easier for less technical * "Qube" is an informal term intended to make it easier for less technical users to understand Qubes OS and learn how to use it. In technical discussions, the other, more precise terms defined on this page are to be preferred.
users to understand Qubes OS and learn how to use it. In technical
discussions, the other, more precise terms defined on this page are to be
preferred.
* The term "qube" should be lowercase unless it is the first word in a * The term "qube" should be lowercase unless it is the first word in a sentence. Note that starting a sentence with the plural of "qube" (i.e., "Qubes...") can be ambiguous, since it may not be clear whether the referent is a collection of qubes or [Qubes OS](#qubes-os).
sentence. Note that starting a sentence with the plural of "qube" (i.e.,
"Qubes...") can be ambiguous, since it may not be clear whether the referent
is a collection of qubes or [Qubes OS](#qubes-os).
Domain Domain
------ ------
An area or set of activities in one's digital life that has certain security An area or set of activities in one's digital life that has certain security requirements and therefore involves the use of certain [qubes](#qube).
requirements and therefore involves the use of certain [qubes](#qube). For For example, suppose your "email" domain encompasses the activity of sending PGP-encrypted email.
example, suppose your "email" domain encompasses the activity of sending This domain may include your email qube and your [Split GPG](/doc/split-gpg) qube.
PGP-encrypted email. This domain may include your email qube and your [Split Note that domains and qubes are not the same thing.
GPG](/doc/split-gpg) qube. Note that domains and qubes are not the same thing. In this example, your "email" domain includes the use of two qubes.
In this example, your "email" domain includes the use of two qubes. Furthermore, Furthermore, a qube can fall under multiple domains simultaneously.
a qube can fall under multiple domains simultaneously. For example, your Split For example, your Split GPG qube may also be part of your "software development" domain if you PGP-sign your Git commits.
GPG qube may also be part of your "software development" domain if you PGP-sign
your Git commits.
Dom0 Dom0
---- ----
Domain Zero. Also known as the **host** domain, dom0 is the initial VM Domain Zero.
started by the Xen hypervisor on boot. Dom0 runs the Xen management toolstack Also known as the **host** domain, dom0 is the initial VM started by the Xen hypervisor on boot.
and has special privileges relative to other domains, such as direct access to Dom0 runs the Xen management toolstack and has special privileges relative to other domains, such as direct access to most hardware.
most hardware. (Note that the use of "domain" for a synonym for "VM" is specific (Note that the use of "domain" for a synonym for "VM" is specific to Xen. Qubes diverges from this practice. See: [domain](#domain).)
to Xen. Qubes diverges from this practice. See: [domain](#domain).)
DomU DomU
---- ----
Unprivileged Domain. Also known as **guest** domains, domUs are the counterparts Unprivileged Domain.
to dom0. All VMs except dom0 are domUs. By default, most domUs lack direct Also known as **guest** domains, domUs are the counterparts to dom0.
hardware access. (Note that the use of "domain" for a synonym for "VM" is All VMs except dom0 are domUs.
specific to Xen. Qubes diverges from this practice. See: [domain](#domain).) By default, most domUs lack direct hardware access.
(Note that the use of "domain" for a synonym for "VM" is specific to Xen. Qubes diverges from this practice. See: [domain](#domain).)
TemplateVM TemplateVM
---------- ----------
Template Virtual Machine. Any [VM](#vm) which supplies its root filesystem to Template Virtual Machine.
another VM. TemplateVMs are intended for installing and updating software Any [VM](#vm) which supplies its root filesystem to another VM.
applications, but not for running them. TemplateVMs are intended for installing and updating software applications, but not for running them.
* Colloquially, TemplateVMs are often referred to as "templates." * Colloquially, TemplateVMs are often referred to as "templates."
TemplateBasedVM TemplateBasedVM
--------------- ---------------
Any [VM](#vm) which depends on a [TemplateVM](#templatevm) for its root Any [VM](#vm) which depends on a [TemplateVM](#templatevm) for its root filesystem.
filesystem.
Standalone(VM) Standalone(VM)
-------------- --------------
Standalone (Virtual Machine). In general terms, a [VM](#vm) is described as Standalone (Virtual Machine).
**standalone** if and only if it does not depend on any other VM for its root In general terms, a [VM](#vm) is described as **standalone** if and only if it does not depend on any other VM for its root
filesystem. (In other words, a VM is standalone if and only if it is not a filesystem.
TemplateBasedVM.) More specifically, a **StandaloneVM** is a type of VM in Qubes (In other words, a VM is standalone if and only if it is not a TemplateBasedVM.)
which is created by cloning a TemplateVM. Unlike TemplateVMs, however, More specifically, a **StandaloneVM** is a type of VM in Qubes which is created by cloning a TemplateVM.
StandaloneVMs do not supply their root filesystems to other VMs. (Therefore, Unlike TemplateVMs, however, StandaloneVMs do not supply their root filesystems to other VMs.
while a TemplateVM is a type of standalone VM, it is not a StandaloneVM.) (Therefore, while a TemplateVM is a type of standalone VM, it is not a StandaloneVM.)
AppVM AppVM
----- -----
Application Virtual Machine. A [VM](#vm) which is intended for running software Application Virtual Machine.
applications. Typically a TemplateBasedVM, but may be a StandaloneVM. Never a A [VM](#vm) which is intended for running software applications.
TemplateVM. Typically a TemplateBasedVM, but may be a StandaloneVM. Never a TemplateVM.
NetVM NetVM
----- -----
Network Virtual Machine. A type of [VM](#vm) which connects directly to a Network Virtual Machine.
network and provides access to that network to other VMs which connect to the A type of [VM](#vm) which connects directly to a network and provides access to that network to other VMs which connect to the NetVM.
NetVM. A NetVM called `sys-net` is created by default in most Qubes A NetVM called `sys-net` is created by default in most Qubes installations.
installations.
Alternatively, "NetVM" may refer to whichever VM is directly connected to a VM Alternatively, "NetVM" may refer to whichever VM is directly connected to a VM for networking purposes.
for networking purposes. For example, if `untrusted` is directly connected to For example, if `untrusted` is directly connected to `sys-firewall` for network access, then it is accurate to say, "`sys-firewall` is `untrusted`'s NetVM," even though `sys-firewall` is a ProxyVM.
`sys-firewall` for network access, then it is accurate to say, "`sys-firewall`
is `untrusted`'s NetVM," even though `sys-firewall` is a ProxyVM.
ProxyVM ProxyVM
------- -------
Proxy Virtual Machine. A type of [VM](#vm) which proxies network access for Proxy Virtual Machine.
other VMs. Typically, a ProxyVM sits between a NetVM and another VM (such as an A type of [VM](#vm) which proxies network access for other VMs.
AppVM or a TemplateVM) which requires network access. Typically, a ProxyVM sits between a NetVM and another VM (such as an AppVM or a TemplateVM) which requires network access.
FirewallVM FirewallVM
---------- ----------
Firewall Virtual Machine. A type of [ProxyVM](#proxyvm) which is used to enforce Firewall Virtual Machine.
network-level policies (a.k.a. "firewall rules"). A FirewallVM called A type of [ProxyVM](#proxyvm) which is used to enforce network-level policies (a.k.a. "firewall rules").
`sys-firewall` is created by default in most Qubes installations. A FirewallVM called `sys-firewall` is created by default in most Qubes installations.
DispVM DispVM
------ ------
[Disposable Virtual Machine]. A temporary [AppVM](#appvm) based on a [Disposable Virtual Machine]. A temporary [AppVM](#appvm) based on a [DVM Template](#dvm-template) which can quickly be created, used, and destroyed.
[DVM Template](#dvm-template) which can quickly be created, used, and destroyed.
DVM DVM
--- ---
An abbreviation of [DispVM](#dispvm), typically used to refer to An abbreviation of [DispVM](#dispvm), typically used to refer to [DVM Templates](#dvm-template).
[DVM Templates](#dvm-template).
DVM Template DVM Template
------------ ------------
TemplateBasedVMs on which [DispVMs](#dispvm) are based. By default, a TemplateBasedVMs on which [DispVMs](#dispvm) are based.
DVM Template named `fedora-XX-dvm` is created on most Qubes installations By default, a DVM Template named `fedora-XX-dvm` is created on most Qubes installations (where `XX` is the Fedora version of the default TemplateVM).
(where `XX` is the Fedora version of the default TemplateVM). DVM Templates are DVM Templates are neither [TemplateVMs](#templatevm) nor [AppVMs](#appvm).
neither [TemplateVMs](#templatevm) nor [AppVMs](#appvm). They are intended They are intended neither for installing nor running software.
neither for installing nor running software. Rather, they are intended for Rather, they are intended for *customizing* or *configuring* software that has already been installed on the TemplateVM on which the DVM Template is based (see [DispVM Customization]).
*customizing* or *configuring* software that has already been installed on the This software is then intended to be run (in its customized stated) in DispVMs that are based on the DVM Template.
TemplateVM on which the DVM Template is based (see [DispVM Customization]). This
software is then intended to be run (in its customized stated) in DispVMs that
are based on the DVM Template.
PV PV
-- --
Paravirtualization. An efficient and lightweight virtualization technique Paravirtualization.
originally introduced by the Xen Project and later adopted by other An efficient and lightweight virtualization technique originally introduced by the Xen Project and later adopted by other virtualization platforms.
virtualization platforms. Unlike HVMs, paravirtualized [VMs](#vm) do not require Unlike HVMs, paravirtualized [VMs](#vm) do not require virtualization extensions from the host CPU.
virtualization extensions from the host CPU. However, paravirtualized VMs However, paravirtualized VMs require a PV-enabled kernel and PV drivers, so the guests are aware of the hypervisor and can run efficiently without emulation or virtual emulated hardware.
require a PV-enabled kernel and PV drivers, so the guests are aware of the
hypervisor and can run efficiently without emulation or virtual emulated
hardware.
HVM HVM
--- ---
Hardware Virtual Machine. Any fully virtualized, or hardware-assisted, [VM](#vm) Hardware Virtual Machine.
utilizing the virtualization extensions of the host CPU. Although HVMs are Any fully virtualized, or hardware-assisted, [VM](#vm) utilizing the virtualization extensions of the host CPU.
typically slower than paravirtualized VMs due to the required emulation, HVMs Although HVMs are typically slower than paravirtualized VMs due to the required emulation, HVMs allow the user to create domains based on any operating system.
allow the user to create domains based on any operating system.
StandaloneHVM StandaloneHVM
------------- -------------
Any [HVM](#hvm) which is standalone (i.e., does not depend on any other VM for Any [HVM](#hvm) which is standalone (i.e., does not depend on any other VM for its root filesystem).
its root filesystem). In Qubes, StandaloneHVMs are referred to simply as In Qubes, StandaloneHVMs are referred to simply as **HVMs**.
**HVMs**.
TemplateHVM TemplateHVM
----------- -----------
Any [HVM](#hvm) which functions as a [TemplateVM](#templatevm) by supplying its Any [HVM](#hvm) which functions as a [TemplateVM](#templatevm) by supplying its root filesystem to other VMs.
root filesystem to other VMs. In Qubes, TemplateHVMs are referred to as **HVM In Qubes, TemplateHVMs are referred to as **HVM templates**.
templates**.
TemplateBasedHVM TemplateBasedHVM
---------------- ----------------
Any [HVM](#hvm) that depends on a [TemplateVM](#templatevm) for its root Any [HVM](#hvm) that depends on a [TemplateVM](#templatevm) for its root filesystem.
filesystem.
ServiceVM ServiceVM
--------- ---------
Service Virtual Machine. A [VM](#vm) the primary purpose of which is to provide Service Virtual Machine.
a service or services to other VMs. NetVMs and ProxyVMs are examples of A [VM](#vm) the primary purpose of which is to provide a service or services to other VMs.
ServiceVMs. NetVMs and ProxyVMs are examples of ServiceVMs.
PVHVM PVHVM
----- -----
[PV](#pv) on [HVM](#hvm). To boost performance, fully virtualized HVM guests can [PV](#pv) on [HVM](#hvm).
use special paravirtual device drivers (PVHVM or PV-on-HVM drivers). These To boost performance, fully virtualized HVM guests can use special paravirtual device drivers (PVHVM or PV-on-HVM drivers).
drivers are optimized PV drivers for HVM environments and bypass the emulation These drivers are optimized PV drivers for HVM environments and bypass the emulation for disk and network I/O, thus providing PV-like (or better) performance on HVM systems.
for disk and network I/O, thus providing PV-like (or better) performance on HVM This allows for optimal performance on guest operating systems such as Windows.
systems. This allows for optimal performance on guest operating systems such as
Windows.
[Disposable Virtual Machine]: /doc/dispvm/ [Disposable Virtual Machine]: /doc/dispvm/