First, a lot of the below is probably going to sound dumb, please excuse my lack of knowledge on this matter.
Can someone explain the GPU pass through issue with Qubes like I’m a child? I’ve read a lot on this so I have tried my best to understand this before posting but I’m still having trouble wrapping my head around it.
Am I understanding correctly that Qubes VMs don’t use the GPU because leaky VRAM would allow an attacker to access Dom0 (probably super simplified)? and because Dom0 needs a GPU to run and display there’s no way to share it securely? So what GPU passthrough is trying to accomplish is if you have a device with an iGPU and a dedicated card you can have the iGPU run Dom0 and have the dedicated card pass-through to the VMs?
If that is correct can the 2nd GPU not be fully isolated from Dom0 negating the leaky VRAM issue? Or does it require many functions out of Dom0 to still function correctly? Could you in theory have a Dom0 and like “Dom1GPU” on top of that where you have everything for the 2nd GPU to function correctly that then passes graphics to the VMs? So you would have Dom0 and Dom1gpu basically running both at the same time but if an attacker is able to utilize the VRAM leakage to get in they are only able to access Dom1gpu as it’s fully isolated form the main Dom0? Maybe this is what GPU passthrough is already trying to accomplish but it sounds like the current ways people are doing it still come with security downsides?
Again like i said probably very dumb rambling but I’m just trying to understand GPU pass-through in laymen terms when it comes to Qubes and the challenges to get it working.