On 05/14/2010 01:29 PM, Keir Fraser wrote:
> On 14/05/2010 11:58, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
>> Well, we don't do graphics passthrough in Qubes, mostly for two reasons:
>> 1) We believe users prefer seamless integration of all apps onto one
>> desktop (and that requires only one domain, e.g. Dom0, to have access to
>> the graphics card),
>> 2) Giving a potentially untrusted domain full access to the graphics
>> device creates a potential security risk. In fact, you cannot make such
>> an architecture secure without using TXT (yes, TXT in addition to VT-d).
>> Do you do IGD passthrough in Xen Client?
> Yes, particularly necessary to get decent 3D performance (e.g., Windows
> Aero). There are tricks to get security and performance (doing a mix of
> emulation and passthrough).
It's good to distinguish 3D acceleration for the *Window Manager* vs. 3D
acceleration for the *apps*. In Qubes we keep the Window Manager in
Dom0, so, as long as the graphics driver is not broken, the Window
Manager gets all the fancy 3D effects, just like on the native.
The only(?) advantage you gain by using graphics passthorugh is for the
apps. But is it really worth it? How many 3D-capable apps business users
use today? Google Earth? Anything else? So, in order to support Google
Earth, is it really worth to introduce potential VM escape attacks?
Description: OpenPGP digital signature
Xen-devel mailing list