GPU passthough *for compute* not gaming

I’ve read about the security risks in using the GPU, but they all seem to assume we’re connecting it to dom0 or giving it access to the monitor. I’d like to use it for compute only (e.g., numba, tensoflow, not for gaming). Is it still a security nightmare? Does is still have access to the monitor? Does access to the GPU compromise the computer otherwise?
I also understand that there is a virtualization issue, but I’m willing to assign it to a single VM while that VM is working. Does that solve the need to connect it to dom0?

Next step: does the GPU support being tested in Qubes 4.1 allow using the GPU for compute? Alternatively, if I have intel iris + NVIDIA GPUs, can the GPU support be step to use iris for the monitors and nVIdIA for compute?

1 Like

if you don’t connect it to anything and place in the place were no one could maliciously plug something in, it safe
better to have a gpu specifically designed for for compute

I’m actually thinking about this for a laptop - I should have mentioned it as the connectivity might be a little different. Does that change your answer?

oh, yes, a laptop would make securing it more difficult in this case
why you use a laptop gpu for compute

I like to run code locally for preliminary testing before running on on the server.


I like to write code locally, check it out, and then run it on a cloud node. So, it’s very convenient for me to have a GPU to use for “compute” just to see that all the CUDA stuff is set up properly. The actual compute happens on a node after I run some tests locally.
Right now it means that I carry around another computer for writing code. But it would be wonderful to do everything one 1-1.5kg laptop with a basic NVIDIA GPU. At least in terms of back pain.

I was thinking that I could use the NVIDIA GPU only for my development qube, and everything else without the GPU (or intel iris). But my understanding of how everything is connected and how the actual monitor is connected is limited.
A development qube is probably relatively vulnerable in theory, because who knows what all these packages I play with have in them. I doubt they have anything too malicious, but who knows.

I’m not a value target for spying, so I can probably afford some theoretical vectors. But, I would love to use qubes right, and I would love to leave my second computer at home :slight_smile:

i know some of it
there many type of connecting depending on type and price of that laptop
some laptop gpu got their own port, some routing gpu signal through integrated one, some have a signal switch

Thank you for the patience with me @ppc :slight_smile:
I was thinking about Tuxedo InfinityBook Pro 14 Gen6 because it’s very light (but not married to it). I doubt this kind of information is in the regular specs, and I doubt even Tuxedo would customize the computer that much for me. Is there anything you would suggest to ask the manufacture to clarify if I can do what I want securely?

no, their website is enough

All display ports are connected to the iGPU of the main processor.

Wow, thanks for looking into this! So I can use all the display ports! does it also mean I can use the NVIDIA GPU for compute relatevely safely?

I’d say so, external monitors won’t be as easily spoofed as with different setups, the iGPU will handle everything related to that. I don’t exactly know how Xen will handle the second GPU but I’d assume it will me made available as a pcie device. The concerns about the gpu attached to a qube being maliciously modified in this qube are still valid so I’d say you should never attach the 2nd GPU to any important qube (vault, personal, sensitive work files etc.) and strictly keep it in your dev environment. But there have been issues in the past with passing through nvidia gpu’s, so I’d rather ask myself if it will work at all.

you need to understand
this is the diagram of this

                                  --------------==|display ports|
                                 /                ---------------
                --------------- /              _________________
                |                             |                 |
                |                             |                 |
          ______________              ------==|      dGPU       |
         |              |            |        |                 |
         |     iGPU     |===----------        |                 |
         |              |                      -----------------

so you need to tamper hardware to make it secure

I get the general idea. I’m very comfortable voiding warranties, but this seems a little beyond my abilities. Is this operation realistic?

not so because you need to know what to disconnect

Thanks @ppc and @S9qPsAMNuW4ax5EF5 !

Perhaps relevant: Streaming OpenGL/Vulkan calls to sys-gui-gpu.

1 Like

Well, not yet, but hopefully will one day :wink:

1 Like

@fsflover @yann : that project is awesome, and I can’t wait to see it finished for graphics.
Excuse my ignorance, but I’m not sure if it would apply for compute applications. I don’t think it gives access to the CUDA libraries, does it? It’s a higher level of abstraction, isn’t it?

It would require explicit support for CUDA (with which I’m not familiar at all), but I think it could be doable.
But I was thinking more about Vulkan Compute, which will probably be easy to support once Vulkan support is in place.

1 Like