From cdc21ca01893f098c480494432ac786c046f5092 Mon Sep 17 00:00:00 2001
From: Joanna Rutkowska <joanna@invisiblethingslab.com>
Date: Thu, 14 Oct 2010 08:22:02 +0000
Subject: [PATCH] UserFaq changed

Clarification that VT-d is really not oligatory for Qubes
---
 UserFaq.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/UserFaq.md b/UserFaq.md
index 27866da3..c97f066c 100644
--- a/UserFaq.md
+++ b/UserFaq.md
@@ -19,6 +19,8 @@ Yes. Xen doesn't use VT-x (nor AMD-v) for PV guests virtualization (it uses ring
 
 Yes you can. You can even run a netvm but, of course, you will not benefit from DMA protection for driver domains. So, on a system without VT-d, everything should work the same, but there is no real security benefit of having a separate netvm, as the attacker can always use a simple DMA attack to go from netvm to Dom0.
 
+**But still, all the other Qubes security mechanisms, such as AppVM separation, work as usual, and you still end up with a significantly secure OS, much more secure then Windows, Mac, or Linux, even if you don't have VT-d'''**
+
 The above is in theory -- in practice, if you have a broken network card driver and try to run it in a netvm on a system without VT-d, it might crash your system. This might happen e.g. if the driver is not properly using DMA-API.
 
 ### Q: Can I use AMD-v instead of VT-x?