Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port Qubes OS to KVM #7051

Open
fepitre opened this issue Nov 12, 2021 · 9 comments
Open

Port Qubes OS to KVM #7051

fepitre opened this issue Nov 12, 2021 · 9 comments
Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@fepitre
Copy link
Member

fepitre commented Nov 12, 2021

This issue tracks the work done for KVM development and integration.

This is a subset of tasks for #4318.

References:
@fepitre fepitre added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Nov 12, 2021
fepitre added a commit to fepitre/qubes-core-vchan-xen that referenced this issue Nov 12, 2021
@fepitre
Makefile.builder: restrict build for BACKEND_VMM=xen
be3453b 
QubesOS/qubes-issues#7051
fepitre added a commit to fepitre/qubes-vmm-xen that referenced this issue Nov 12, 2021
@fepitre
Makefile.builder: restrict build for BACKEND_VMM=xen
cde5569 
QubesOS/qubes-issues#7051
This was referenced Nov 12, 2021
Merged
Merged
Draft
Draft
@andrewdavidwong andrewdavidwong added this to the Release TBD milestone Nov 13, 2021
@iamahuman iamahuman mentioned this issue Nov 13, 2021
Open
@DemiMarie DemiMarie mentioned this issue Nov 13, 2021
Open
@DemiMarie
Copy link

I wonder what version of KVM is used by Google Compute Engine. That version has a fantastic security record, IIRC.

@iamahuman
Copy link

iamahuman commented Nov 13, 2021
edited
Loading

Does this mean that any future projects (that are esp. VMM-sensitive) on Qubes OS shall not rely on Xen being available as an option for backend VMM?

@fepitre
Copy link
Member Author

fepitre commented Nov 13, 2021

Does this mean that any future projects (that are esp. VMM-sensitive) on Qubes OS shall not rely on Xen being available as an option for backend VMM?

I'm not sure to understand your point. Currently, it's only a matter to allow running Qubes OS on KVM.

This was referenced Nov 22, 2021
Draft
Draft
Draft
Draft
Draft
Draft
Draft
@jonathancross
Copy link

I wonder what version of KVM is used by Google Compute Engine

According to this guy (and suggested in blog posts by Google) - "GCE is built with a forked version of KVM. Google even created their own qemu replacement among many other things in that space."

I haven't found any other details though.

@adrelanos
Copy link
Member

Out of curiosity, is Qubes planning to deprecate Xen?

@mutablescutoid
Copy link

I don't believe so; they have wanted it to be VMM independent for a long time and are porting it to KVM for a variety of reasons(PPC64, better GUI passthrough, etc.). See here, here, and here

@DemiMarie
Copy link

Xen will remain the default, at least for now, due to being significantly more secure.

@Geblaat
Copy link

Geblaat commented Mar 13, 2022
edited
Loading

Not sure if this is the right place to post this, but crosvm may be more interesting than KVM for a Qubes port. One of the disadvantages of KVM over Xen is that it is significantly less secure. Crosvm is based on KVM so theoretically has the same advantages as KVM, but it is written in Rust and it allows sandboxing virtual devices making it more secure than KVM. It is also designed for desktop use(as opposed to Firecracker), which is why it is also used by SpectrumOS.
Spectrum has also improved on crosvm to run devices completely separate: https://alyssa.is/working-on-crosvm/

@andrewdavidwong andrewdavidwong changed the title Port Qubes OS on KVM Port Qubes OS to KVM Mar 13, 2022
@qubesos-bot qubesos-bot mentioned this issue Aug 24, 2022
Closed
Open
@qubesos-bot qubesos-bot mentioned this issue Aug 31, 2022
Closed
@qubesos-bot qubesos-bot mentioned this issue Oct 6, 2022
Closed
@andrewdavidwong andrewdavidwong removed this from the Release TBD milestone Aug 13, 2023
@brunocek
Copy link

The community is documenting pros and cons in an architectural discussion on the qubes forum here:
https://forum.qubes-os.org/t/porting-qubes-to-hypervisors-other-than-xen-abstracting-the-functionality-early-stage/23478/8

@flflover mentioned this thread there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@adrelanos @jonathancross @DemiMarie @andrewdavidwong @Geblaat @iamahuman @fepitre @mutablescutoid @brunocek