From ab474ee5d2f55091913273737e825ddb19777824 Mon Sep 17 00:00:00 2001
From: Andrew David Wong <adw@qubes-os.org>
Date: Thu, 16 Feb 2017 19:27:15 -0800
Subject: [PATCH] Add dev FAQ entry: QEMU is not part of the TCB

---
 basics_dev/devel-faq.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/basics_dev/devel-faq.md b/basics_dev/devel-faq.md
index eb3641f5..a3d72727 100644
--- a/basics_dev/devel-faq.md
+++ b/basics_dev/devel-faq.md
@@ -50,5 +50,12 @@ The policy is there mostly to ease maintenance, on several levels:
    Qubes-specific features - a change in one supported distribution should be
    followed also in others (including some new in the future)
 
+Is QEMU part of the TCB?
+------------------------
 
+No. Unlike many other virtualization systems, Qubes takes special effort to keep
+the I/O emulation component (QEMU) _outside_ of the TCB. This has been achieved
+thanks to the careful use of Xen's stub domain feature. For more details about
+how we improved on Xen's native stub domain use, see
+[here](https://blog.invisiblethings.org/2012/03/03/windows-support-coming-to-qubes.html).