Not long ago GPU acceleration was added to the Github project section, and after reading through it I was left with a few questions. These mostly manifesting in which graphics cards would be supported by this in development feature. This being due to the page only mentioning by name AMD and Intel leading me to speculate if Nivida would be included or not due it’s proprietary nature. If Nivida isn’t included, would the current pass through method still be the only option? Additionally, what would the security implications be for selecting this future option?
Issues · QubesOS/qubes-issues · GitHub is the list of tasks under this tag, as I understand it.
GPUs are a security nightmare, and I would expect any VMs that shared a GPU to be able to find ways to talk amongst themselves easily, or spy on each other.
As far as I understand and recall from the last QubesOS summit, the first step will be allowing the iGPU to be used in non-dom0 qubes, including in sys-gui. That’s why they reference Intel and AMD and not Nvidia.
At some later point they may add proper support for external (to the CPU) GPUs as well.
There is also:
3 Likes
the issues are very fresh, that’s seems we may see related features coming for the next release
2 Likes
Without entirely new, more secure hardware being manufactured, is it even possible to get GPU acceleration securely?
This Issue was removed from Milestone “Release 4.3”, because Milestones were deprecated. But does it mean that it’s not planned for R4.3 and we should expect it later? (I guess so, since it doesn’t have Label “affects-4.3”.)
We don’t use the affects-X labels to mean “I plan for this to be introduced in release X.” That would just be reintroducing the milestone problem in another form. (That problem is explained in further detail in the qubes-devel thread you linked.)
Rather, affects-X means, “This issue is believed to affect release X.” It applies to most bug reports, because most bugs are bugs in (a) specific Qubes release(s). It applies to only a minority of enhancement requests, because only a minority of enhancement requests are requests for enhancements in only (a) specific release(s). Instead, most enhancement requests are of the form, “I think this enhancement should be implemented in Qubes OS at some point, but it’s up to the release planner to decide in which release (if any).”
Some people want to try to use affects-X to mean, “This enhancement is to be implemented in release X” because they want their desired enhancement sooner rather than later, but that’s just abusing the label and trying to tell the release planner how to do their job. 