Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-13 16:29:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

UserFaq changed

Browse Source 
Clarification that VT-d is really not oligatory for Qubes
This commit is contained in:
Joanna Rutkowska 2010-10-14 08:22:02 +00:00
parent f087fd8b7d
commit cdc21ca018
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
UserFaq.md
View File

@ -19,6 +19,8 @@ Yes. Xen doesn't use VT-x (nor AMD-v) for PV guests virtualization (it uses ring
Yes you can. You can even run a netvm but, of course, you will not benefit from DMA protection for driver domains. So, on a system without VT-d, everything should work the same, but there is no real security benefit of having a separate netvm, as the attacker can always use a simple DMA attack to go from netvm to Dom0. Yes you can. You can even run a netvm but, of course, you will not benefit from DMA protection for driver domains. So, on a system without VT-d, everything should work the same, but there is no real security benefit of having a separate netvm, as the attacker can always use a simple DMA attack to go from netvm to Dom0.
**But still, all the other Qubes security mechanisms, such as AppVM separation, work as usual, and you still end up with a significantly secure OS, much more secure then Windows, Mac, or Linux, even if you don't have VT-d'''**
The above is in theory -- in practice, if you have a broken network card driver and try to run it in a netvm on a system without VT-d, it might crash your system. This might happen e.g. if the driver is not properly using DMA-API. The above is in theory -- in practice, if you have a broken network card driver and try to run it in a netvm on a system without VT-d, it might crash your system. This might happen e.g. if the driver is not properly using DMA-API.
### Q: Can I use AMD-v instead of VT-x? ### Q: Can I use AMD-v instead of VT-x?