suzanne.soy/qubes-doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add dev FAQ entry: QEMU is not part of the TCB

Browse Source
This commit is contained in:
Andrew David Wong 2017-02-16 19:27:15 -08:00
parent 764cbe1946
commit ab474ee5d2
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
basics_dev/devel-faq.md
View File

@ -50,5 +50,12 @@ The policy is there mostly to ease maintenance, on several levels:
Qubes-specific features - a change in one supported distribution should be Qubes-specific features - a change in one supported distribution should be
followed also in others (including some new in the future) followed also in others (including some new in the future)
Is QEMU part of the TCB?
------------------------
No. Unlike many other virtualization systems, Qubes takes special effort to keep
the I/O emulation component (QEMU) _outside_ of the TCB. This has been achieved
thanks to the careful use of Xen's stub domain feature. For more details about
how we improved on Xen's native stub domain use, see
[here](https://blog.invisiblethings.org/2012/03/03/windows-support-coming-to-qubes.html).