Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-04-01 19:25:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Trusted_parts changed

Browse Source
This commit is contained in:
Rafal Wojtczuk 2011-09-16 15:29:19 +00:00
parent bcc214e56c
commit a5e24f2cc2
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Trusted_parts.md
View File

@ -23,7 +23,10 @@ Trusted non-Qubes-specific components
- Xen hypervisor
- xenstore
- network PV frontends (exposed to potentially compromised netvm) and backends
- VMs networking stack. Note that in order to take control over VM without its cooperation (e.g. enticing user to visit a malicious web page) the attacker would have to compromise two firewalls first. Also, dom0 has no network connectivity, thus it is not exposed.
- VMs networking stack. Some notes:
1. Only NetVM uses real hardware drivers; the rest use just the simple and small PV frontend. Thus, attacker would need a code execution bug in core TCP/IP to reach AppVM.
2. In order to take control via network over AppVM without its cooperation (e.g. enticing user to visit a malicious web page) the attacker would have to compromise two firewalls first.
3. Dom0 has no network connectivity, thus it is not exposed.
- block backend implemented in dom0 kernel
- integrity of Fedora packages (meaning, they are not trojaned)
- rpm and yum (both in dom0 and in VMs) must correctly verify signatures of the packages