Skip to main content

View Diary: An NSA-proof operating system. Yes, for real. (171 comments)

Comment Preferences

  •  How do you know if your hardware (4+ / 0-)

    supports VT-x and VT-d?

    I'm sorry, but your reality simply doesn't fit my economic model.

    by Reframing the Debate on Fri Jul 12, 2013 at 09:47:17 PM PDT

    •  Good question. (7+ / 0-)

      The HCL list I linked to on the Qubes site is mostly notebooks.

      If you're into building up your own desktops with motherboards, it's the chipset that determines VT-d or VT-x (also called Intel® Virtualization Technology for Directed I/O) compatibility.

      Here's a list of Intel Chipsets, and which they support:

      http://www.intel.com/...

      Keep in mind that along with VT-x, you want a motherboard with Intel video on board - and a CPU that will support that.

      If you prefer AMD processors (I generally do - but not for this), you're looking for IOMMU support:  same thing, different name.  I got one working once, with an AMD video card - but it was a major PITA.  I don't recommend it.

      It ain't called paranoia - when they're really out to get you. 6 points.

      by Jaime Frontero on Fri Jul 12, 2013 at 09:58:10 PM PDT

      [ Parent ]

      •  so what if I want to use this on an existing syste (1+ / 0-)
        Recommended by:
        Jaime Frontero

        m?

        I have an (old) AMD powered desktop...

        LBJ, Van Cliburn, Ike, Wendy Davis, Lady Bird, Ann Richards, Barbara Jordan, Molly Ivins, Sully Sullenburger, Drew Brees: Texas is NO Bush League!

        by BlackSheep1 on Fri Jul 12, 2013 at 11:32:12 PM PDT

        [ Parent ]

        •  Dunno. 4Gig RAM... (0+ / 0-)

          64-bit CPU.  That's minimum.  See the hardware link in the diary.

          You probably would get the VT-x advantage.

          Might not be too effective for you, realistically.  Sorry.

          It ain't called paranoia - when they're really out to get you. 6 points.

          by Jaime Frontero on Sat Jul 13, 2013 at 12:45:45 AM PDT

          [ Parent ]

          •  Sorry - (0+ / 0-)
            You probably would get the VT-x advantage.
            wouldn't!

            It ain't called paranoia - when they're really out to get you. 6 points.

            by Jaime Frontero on Sat Jul 13, 2013 at 12:49:11 AM PDT

            [ Parent ]

            •  yeah, just on the RAM, I'm (0+ / 0-)

              screwed ... dammit. Too broke to fix / replace (the video card drivers won't update. Can't play Flash, among other gewgaws this puppy won't run; and they don't make the RAM that fits this motherboard anymore).

              LBJ, Van Cliburn, Ike, Wendy Davis, Lady Bird, Ann Richards, Barbara Jordan, Molly Ivins, Sully Sullenburger, Drew Brees: Texas is NO Bush League!

              by BlackSheep1 on Sat Jul 13, 2013 at 11:38:49 AM PDT

              [ Parent ]

    •  Ok, found some links... (4+ / 0-)
      Recommended by:
      subtropolis, duhban, CroneWit, StrayCat

      http://virt-tools.org/...
      http://wiki.xen.org/...

      The latter of these sites has a link to a list of VT-d enabled Intel cpus.  Looks like laptops from even a few years old don't have it, but from the Qubes FAQ...

      Can I install Qubes on a system without VT-x?

      Yes. Xen doesn't use VT-x (nor AMD-v) for PV guests virtualization (it uses ring0/3 separation instead). But, of course, without VT-x, you will also not have VT-d -- see the next question.

      Also, without VT-x you won't be able to use fully virtualized VMs (e.g. Windows-based AppVMs) that are to be introduced in Qubes 2.
      Can I install Qubes on a system without VT-d?

      Yes you can. You can even run a netvm but, of course, you will not benefit from DMA protection for driver domains. So, on a system without VT-d, everything should work the same, but there is no real security benefit of having a separate netvm, as the attacker can always use a simple DMA attack to go from netvm to Dom0.

      But still, all the other Qubes security mechanisms, such as AppVM separation, work as usual, and you still end up with a significantly secure OS, much more secure then Windows, Mac, or Linux, even if you don't have VT-d'''

      I'm sorry, but your reality simply doesn't fit my economic model.

      by Reframing the Debate on Fri Jul 12, 2013 at 10:03:39 PM PDT

      [ Parent ]

    •  virtualization thin protection against pros (0+ / 0-)

      where does it originate - this impression that virtualization is any significant guard against intrusion?

      It's no protection at all - because once the hypervisor is hacked (and no, these things are not impenetrable by any standards - the hacker as open-season on every hosted virtual instance - including total compromise and/or deletion.

      Someone is out of their depth on this one. Top grades for enthusiasm, but that's only a small piece of the puzzle.

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site