Qubes 4.1 introduces the Graphical User Interface (GUI) domain. The Graphical Processing Unit (GPU) is passed to the GUI domain so the GUI is separated from the AdminVM (dom0).
My dream is to play games with 3D acceleration in an untrusted domain. Let’s say I have two GPUs and I make two GUI domains A and B. I pass one GPU to A and another to B. A is kept clean. The window manager in A can be trusted to see, display and interact with sensitive content running in AppVMs. B is the untrusted GUI domain where new software is to be installed. The software (and games) in B runs on a dedicated GPU with 3D acceleration.
Is this possible to implement? What are the security issues if the untrusted GUI domain B is compromised?
Disclaimer: I’m a newb