Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-12-26 15:59:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add Marek's note regarding virt_mode=hvm (#693)

Browse Source
This commit is contained in:
Andrew David Wong 2018-09-03 14:50:51 -05:00
parent e54ff74fb0
commit 929b396eba
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
common-tasks/software-update-vm.md
View File

@ -168,6 +168,7 @@ However, a compromise of a template affects only a subset of all your AppVMs (in
Also, if your AppVMs are network disconnected, even though their filesystems might get compromised due to the corresponding template compromise, it still would be difficult for the attacker to actually leak out the data stolen in an AppVM.
Not impossible (due to existence of cover channels between VMs on x86 architecture), but difficult and slow.
Standalone VMs (R4.0 and later)
--------------
Standalone VMs have their own copy of the whole filesystem, and thus can be updated and managed on their own.
@ -190,6 +191,9 @@ qvm-create --class StandaloneVM --label <label> --property virt_mode=hvm <vmname
... or click appropriate options in the Qubes Manager's Create VM window.
(Note: Technically, `virt_mode=hvm` is not necessary for every StandaloneVM. However, it makes sense if you want to use a kernel from within the VM.)
Standalone VMs (R3.2 and earlier)
--------------