mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-09-19 04:24:53 -04:00
Refactor links in order to obey the new convention rule
This commit is contained in:
Tobias Killer
parent
2b8723b852
commit
b6cb04c297
69 changed files with 726 additions and 1467 deletions
|
|
@ -13,17 +13,17 @@ title: PCI Devices
|
|||
|
||||
# PCI Devices
|
||||
|
||||
*This page is part of [device handling in qubes].*
|
||||
*This page is part of [device handling in qubes](/doc/device-handling/).*
|
||||
|
||||
**Warning:** Only dom0 exposes PCI devices.
|
||||
Some of them are strictly required in dom0 (e.g., the host bridge).
|
||||
You may end up with an unusable system by attaching the wrong PCI device to a VM.
|
||||
PCI passthrough should be safe by default, but non-default options may be required.
|
||||
Please make sure you carefully read and understand the **[security considerations]** before deviating from default behavior.
|
||||
Please make sure you carefully read and understand the **[security considerations](/doc/device-handling-security/#pci-security)** before deviating from default behavior.
|
||||
|
||||
## Introduction
|
||||
|
||||
Unlike other devices ([USB], [block], mic), PCI devices need to be attached on VM-bootup.
|
||||
Unlike other devices ([USB](/doc/usb-devices/), [block](/doc/block-devices/), mic), PCI devices need to be attached on VM-bootup.
|
||||
Similar to how you can't attach a new sound-card after your computer booted (and expect it to work properly), attaching PCI devices to already booted VMs isn't supported.
|
||||
|
||||
The Qubes installer attaches all network class controllers to `sys-net` and all USB controllers to `sys-usb` by default, if you chose to create the network and USB qube during install.
|
||||
|
|
@ -31,7 +31,7 @@ While this covers most use cases, there are some occasions when you may want to
|
|||
|
||||
Some devices expose multiple functions with distinct BDF-numbers.
|
||||
Limits imposed by the PC and VT-d architectures may require all functions belonging to the same device to be attached to the same VM.
|
||||
This requirement can be dropped with the `no-strict-reset` option during attachment, bearing in mind the aforementioned [security considerations].
|
||||
This requirement can be dropped with the `no-strict-reset` option during attachment, bearing in mind the aforementioned [security considerations](/doc/device-handling-security/#pci-security).
|
||||
In the steps below, you can tell if this is needed if you see the BDF for the same device listed multiple times with only the number after the "." changing.
|
||||
|
||||
While PCI device can only be used by one powered on VM at a time, it *is* possible to *assign* the same device to more than one VM at a time.
|
||||
|
|
@ -45,7 +45,7 @@ There you can attach PCI-devices to a qube.
|
|||
|
||||
1. To reach the settings of any qube either
|
||||
|
||||
- Press Alt+F3 to open the application finder, type in the VM name, select the "![appmenu]\[VM-name\]: Qube Settings" menu entry and press enter or click "Launch"!
|
||||
- Press Alt+F3 to open the application finder, type in the VM name, select the "\[VM-name\]: Qube Settings" menu entry and press enter or click "Launch"!
|
||||
- Select the VM in Qube Manager and click the settings-button or right-click the VM and select `Qube settings`.
|
||||
- Click the Domain Manager, hover the VM you want to attach a device to and select "settings" in the additional menu. (only running VMs!)
|
||||
|
||||
|
|
@ -59,7 +59,7 @@ There you can attach PCI-devices to a qube.
|
|||
## `qvm-pci` Usage
|
||||
|
||||
The `qvm-pci` tool allows PCI attachment and detachment.
|
||||
It's a shortcut for [`qvm-device pci`][qvm-device].
|
||||
It's a shortcut for [`qvm-device pci`](/doc/device-handling/#general-qubes-device-widget-behavior-and-handling).
|
||||
|
||||
To figure out what device to attach, first list the available PCI devices by running (as user) in dom0:
|
||||
|
||||
|
|
@ -93,7 +93,7 @@ Attaching a PCI device through the commandline offers additional options, specif
|
|||
(Yes, confusing wording, there's an [issue for that](https://github.com/QubesOS/qubes-issues/issues/4530).)
|
||||
|
||||
`qvm-pci` exposes two additional options.
|
||||
Both are intended to fix device or driver specific issues, but both come with [heavy security implications][security considerations]! **Make sure you understand them before continuing!**
|
||||
Both are intended to fix device or driver specific issues, but both come with [heavy security implications](/doc/device-handling-security/#pci-security)! **Make sure you understand them before continuing!**
|
||||
|
||||
### no-strict-reset
|
||||
|
||||
|
|
@ -109,7 +109,7 @@ qvm-pci a work dom0:00_1a.0 --persistent -o no-strict-reset=true
|
|||
### permissive
|
||||
|
||||
Allow write access to full PCI config space instead of whitelisted registers.
|
||||
This increases attack surface and possibility of [side channel attacks].
|
||||
This increases attack surface and possibility of [side channel attacks](https://en.wikipedia.org/wiki/Side-channel_attack).
|
||||
|
||||
usage example:
|
||||
|
||||
|
|
@ -143,11 +143,3 @@ or
|
|||
|
||||
It is **strongly discouraged to reattach PCI devices to dom0**, especially if they don't support resetting!
|
||||
|
||||
[device handling in qubes]: /doc/device-handling/
|
||||
[security considerations]: /doc/device-handling-security/#pci-security
|
||||
[block]:/doc/block-devices/
|
||||
[USB]:/doc/usb-devices/
|
||||
[appmenu]: /attachment/wiki/Devices/qubes-appmenu-select.png
|
||||
[domain manager icon]: /attachment/wiki/Devices/qubes-logo-icon.png
|
||||
[qvm-device]: /doc/device-handling/#general-qubes-device-widget-behavior-and-handling
|
||||
[side channel attacks]: https://en.wikipedia.org/wiki/Side-channel_attack
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue