Skip to main content

View Diary: An NSA-proof operating system. Yes, for real. (171 comments)

Comment Preferences

  •  Ok, found some links... (4+ / 0-)
    Recommended by:
    subtropolis, duhban, CroneWit, StrayCat

    http://virt-tools.org/...
    http://wiki.xen.org/...

    The latter of these sites has a link to a list of VT-d enabled Intel cpus.  Looks like laptops from even a few years old don't have it, but from the Qubes FAQ...

    Can I install Qubes on a system without VT-x?

    Yes. Xen doesn't use VT-x (nor AMD-v) for PV guests virtualization (it uses ring0/3 separation instead). But, of course, without VT-x, you will also not have VT-d -- see the next question.

    Also, without VT-x you won't be able to use fully virtualized VMs (e.g. Windows-based AppVMs) that are to be introduced in Qubes 2.
    Can I install Qubes on a system without VT-d?

    Yes you can. You can even run a netvm but, of course, you will not benefit from DMA protection for driver domains. So, on a system without VT-d, everything should work the same, but there is no real security benefit of having a separate netvm, as the attacker can always use a simple DMA attack to go from netvm to Dom0.

    But still, all the other Qubes security mechanisms, such as AppVM separation, work as usual, and you still end up with a significantly secure OS, much more secure then Windows, Mac, or Linux, even if you don't have VT-d'''

    I'm sorry, but your reality simply doesn't fit my economic model.

    by Reframing the Debate on Fri Jul 12, 2013 at 10:03:39 PM PDT

    [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site