diff --git a/reference/glossary.md b/reference/glossary.md index d5b83f42..53dc5bad 100644 --- a/reference/glossary.md +++ b/reference/glossary.md @@ -22,9 +22,14 @@ compartmentalized (or isolated) in separate **qubes**. technical contexts where spaces are not permitted, (e.g., usernames), the space may be omitted, as in `QubesOS`. +VM +-- +An abbreviation for "virtual machine." A software implementation of a machine +(for example, a computer) which executes programs like a physical machine. + Qube ---- -A user-friendly term for a **domain** (i.e., a VM) in Qubes OS. +A user-friendly term for a [VM](#vm) in Qubes OS. * Example: "In Qubes OS, you do your banking in your 'banking' qube and your web surfing in your 'untrusted' qube. That way, if your 'untrusted' qube is @@ -38,41 +43,50 @@ A user-friendly term for a **domain** (i.e., a VM) in Qubes OS. * The term "qube" should be lowercase unless it is the first word in a sentence. Note that starting a sentence with the plural of "qube" (i.e., "Qubes...") can be ambiguous, since it may not be clear whether the referent - is a collection of qubes or Qubes OS. + is a collection of qubes or [Qubes OS](#qubes-os). Domain ------ -A synonym for **virtual machine (VM)**. A software implementation of a machine -(for example, a computer) which executes programs like a physical machine. +An area or set of activities in one's digital life that has certain security +requirements and therefore involves the use of certain [qubes](#qube). For +example, suppose your "email" domain encompasses the activity of sending +PGP-encrypted email. This domain may include your email qube and your [Split +GPG](/doc/split-gpg) qube. Note that domains and qubes are not the same thing. +In this example, your "email" domain includes the use of two qubes. Furthermore, +a qube can fall under multiple domains simultaneously. For example, your Split +GPG qube may also be part of your "software development" domain if you PGP-sign +your Git commits. Dom0 ---- -Domain Zero. Also known as the **host** domain, dom0 is the initial domain +Domain Zero. Also known as the **host** domain, dom0 is the initial VM started by the Xen hypervisor on boot. Dom0 runs the Xen management toolstack and has special privileges relative to other domains, such as direct access to -most hardware. +most hardware. (Note that the use of "domain" for a synonym for "VM" is specific +to Xen. Qubes diverges from this practice. See: [domain](#domain).) DomU ---- Unprivileged Domain. Also known as **guest** domains, domUs are the counterparts -to dom0. All domains except dom0 are domUs. By default, most domUs lack direct -hardware access. +to dom0. All VMs except dom0 are domUs. By default, most domUs lack direct +hardware access. (Note that the use of "domain" for a synonym for "VM" is +specific to Xen. Qubes diverges from this practice. See: [domain](#domain).) TemplateVM ---------- -Template Virtual Machine. Any VM which supplies its root filesystem to another -VM. TemplateVMs are intended for installing and updating software applications, -but not for running them. +Template Virtual Machine. Any [VM](#vm) which supplies its root filesystem to +another VM. TemplateVMs are intended for installing and updating software +applications, but not for running them. * Colloquially, TemplateVMs are often referred to as "templates." TemplateBasedVM --------------- -Any VM which depends on a TemplateVM for its root filesystem. +Any [VM](#vm) which depends on a TemplateVM for its root filesystem. Standalone(VM) -------------- -Standalone (Virtual Machine). In general terms, a VM is described as +Standalone (Virtual Machine). In general terms, a [VM](#vm) is described as **standalone** if and only if it does not depend on any other VM for its root filesystem. (In other words, a VM is standalone if and only if it is not a TemplateBasedVM.) More specifically, a **StandaloneVM** is a type of VM in Qubes @@ -82,15 +96,16 @@ while a TemplateVM is a type of standalone VM, it is not a StandaloneVM.) AppVM ----- -Application Virtual Machine. A VM which is intended for running software +Application Virtual Machine. A [VM](#vm) which is intended for running software applications. Typically a TemplateBasedVM, but may be a StandaloneVM. Never a TemplateVM. NetVM ----- -Network Virtual Machine. A type of VM which connects directly to a network and -provides access to that network to other VMs which connect to the NetVM. A NetVM -called `sys-net` is created by default in most Qubes installations. +Network Virtual Machine. A type of [VM](#vm) which connects directly to a +network and provides access to that network to other VMs which connect to the +NetVM. A NetVM called `sys-net` is created by default in most Qubes +installations. Alternatively, "NetVM" may refer to whichever VM is directly connected to a VM for networking purposes. For example, if `untrusted` is directly connected to @@ -99,32 +114,32 @@ is `untrusted`'s NetVM," even though `sys-firewall` is a ProxyVM. ProxyVM ------- -Proxy Virtual Machine. A type of VM which proxies network access for other VMs. -Typically, a ProxyVM sits between a NetVM and another VM (such as an AppVM or a -TemplateVM) which requires network access. +Proxy Virtual Machine. A type of [VM](#vm) which proxies network access for +other VMs. Typically, a ProxyVM sits between a NetVM and another VM (such as an +AppVM or a TemplateVM) which requires network access. FirewallVM ---------- -Firewall Virtual Machine. A type of ProxyVM which is used to enforce +Firewall Virtual Machine. A type of [ProxyVM](#proxyvm) which is used to enforce network-level policies (a.k.a. "firewall rules"). A FirewallVM called `sys-firewall` is created by default in most Qubes installations. DispVM ------ -Disposable Virtual Machine. A temporary AppVM which can quickly be created, -used, and destroyed. +Disposable Virtual Machine. A temporary [AppVM](#appvm) which can quickly be +created, used, and destroyed. DVM --- -An abbreviation of **DispVM**, typically used to refer to the TemplateVM on -which DispVMs are based. By default, a VM named `fedora-XX-dvm` is created on +An abbreviation of [DispVM](#dispvm), typically used to refer to the TemplateVM +on which DispVMs are based. By default, a VM named `fedora-XX-dvm` is created on most Qubes installations (where `XX` is the current Fedora version). PV -- Paravirtualization. An efficient and lightweight virtualization technique originally introduced by the Xen Project and later adopted by other -virtualization platforms. Unlike HVMs, paravirtualized VMs do not require +virtualization platforms. Unlike HVMs, paravirtualized [VMs](#vm) do not require virtualization extensions from the host CPU. However, paravirtualized VMs require a PV-enabled kernel and PV drivers, so the guests are aware of the hypervisor and can run efficiently without emulation or virtual emulated @@ -132,26 +147,29 @@ hardware. HVM --- -Hardware Virtual Machine. Any fully virtualized, or hardware-assisted, VM +Hardware Virtual Machine. Any fully virtualized, or hardware-assisted, [VM](#vm) utilizing the virtualization extensions of the host CPU. Although HVMs are typically slower than paravirtualized VMs due to the required emulation, HVMs allow the user to create domains based on any operating system. StandaloneHVM ------------- -Any HVM which is standalone (i.e., does not depend on any other VM for its root -filesystem). In Qubes, StandaloneHVMs are referred to simply as **HVMs**. +Any [HVM](#hvm) which is standalone (i.e., does not depend on any other VM for +its root filesystem). In Qubes, StandaloneHVMs are referred to simply as +**HVMs**. TemplateHVM ----------- -Any HVM which functions as a TemplateVM by supplying its root filesystem to -other VMs. In Qubes, TemplateHVMs are referred to as **HVM templates**. +Any [HVM](#hvm) which functions as a [TemplateVM](#templatevm) by supplying its +root filesystem to other VMs. In Qubes, TemplateHVMs are referred to as **HVM +templates**. PVH --- -PV on HVM. To boost performance, fully virtualized HVM guests can use special -paravirtual device drivers (PVHVM or PV-on-HVM drivers). These drivers are -optimized PV drivers for HVM environments and bypass the emulation for disk and -network I/O, thus providing PV-like (or better) performance on HVM systems. This -allows for optimal performance on guest operating systems such as Windows. +[PV](#pv) on [HVM](#hvm). To boost performance, fully virtualized HVM guests can +use special paravirtual device drivers (PVHVM or PV-on-HVM drivers). These +drivers are optimized PV drivers for HVM environments and bypass the emulation +for disk and network I/O, thus providing PV-like (or better) performance on HVM +systems. This allows for optimal performance on guest operating systems such as +Windows.