Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-28 15:27:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

Create "What is a DMA attack?" entry (Marek's answer)

Browse Source 
https://groups.google.com/d/msg/qubes-users/u5ddOVkUN7o/PAVMwDY9BwAJ
This commit is contained in:
Andrew David Wong 2016-07-15 11:39:52 -07:00
parent d32a013301
commit 45cffd6854
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
basics_user/user-faq.md
View File

@ -38,6 +38,7 @@ Qubes Users' FAQ
* [How much memory is recommended for Qubes?](#how-much-memory-is-recommended-for-qubes)
* [Can I install Qubes on a system without VT-x?](#can-i-install-qubes-on-a-system-without-vt-x)
* [Can I install Qubes on a system without VT-d?](#can-i-install-qubes-on-a-system-without-vt-d)
* [What is a DMA attack?](#what-is-a-dma-attack)
* [Can I use AMD-v instead of VT-x?](#can-i-use-amd-v-instead-of-vt-x)
* [Can I install Qubes in a virtual machine (e.g., on VMWare)?](#can-i-install-qubes-in-a-virtual-machine-eg-on-vmware)
* [Why does my network adapter not work?](#why-does-my-network-adapter-not-work)
@ -177,6 +178,27 @@ Yes. Xen doesn't use VT-x (or AMD-v) for PV guest virtualization. (It uses ring0
Yes. You can even run a NetVM, but you will not benefit from DMA protection for driver domains. On a system without VT-d, everything should work in the same way, except there will be no real security benefit to having a separate NetVM, as an attacker could always use a simple DMA attack to go from the NetVM to Dom0. **Nonetheless, all of Qubes' other security mechanisms, such as qube separation, work without VT-d. Therefore, a system running Qubes will still be significantly more secure than one running Windows, Mac, or Linux, even if it lacks VT-d.**
### What is a DMA attack?
DMA is mechanism for PCI devices to access system memory (read/write).
Without VT-d, any PCI device can access all the memory, regardless to
which VM it is assigned (or if it is left in dom0). Most PCI devices allow the
driver to request an arbitrary DMA operation (like "put received network packets
at this address in memory", or "get this memory area and send it to the
network"). So, without VT-d, it gives unlimited access to the whole
system. Now, it is only a matter of knowing where to read/write to take
over the system, instead of just crashing. But since you can read the
whole memory, it isn't that hard.
Now, how does this apply to Qubes OS? The above attack requires access to a PCI
device, which means that it can be performed only from NetVM / UsbVM, so
someone must first break into one of those VMs. But this isn't that hard,
because there is a lot of complex code handling network traffic. Recent
bugs includes DHCP client, DNS client, etc. Most attacks on NetVM /
UsbVM (but not all!) require being somewhat close to the target system -
for example connected to the same WiFi network, or in the case of a UsbVM,
having physical acccess to a USB port.
### Can I use AMD-v instead of VT-x?
See [this message](http://groups.google.com/group/qubes-devel/msg/6412170cfbcb4cc5).