QSB-097 says:
“In the default Qubes OS configuration, the stubdomains for sys-net and sys-usb run in PV mode.”
I am running these default qubes and they are both HVMs.
How is it on your systems?
2 Likes
“stubdomain” != “domain”
HVMs currently require a stubdomain each. E.g. from “Standalones and HVMs” doc:
Even though we do have a small DHCP server that runs inside the HVM’s untrusted stub domain to make the manual network configuration unnecessary for many qubes, this won’t work for most modern Linux distributions, which contain Xen networking PV drivers (but not Qubes tools), which bypass the stub-domain networking. (Their net frontends connect directly to the net backend in the net qube.) In this instance, our DHCP server is not useful.
Also see the FAQ section in “Introduction”, e.g.:
Is the I/O emulation component (QEMU) part of the Trusted Computing Base (TCB)?
No. Unlike many other virtualization systems, Qubes takes special effort to keep QEMU outside of the TCB. This has been achieved thanks to the careful use of Xen’s stub domain feature. For more details about how we improved on Xen’s native stub domain use, see here (link to windows support in QubesOS).
Basically IIUC all HVMs, including default VMs with PCI devices, such as sys-net and sys-usb have a PV stub domain.
3 Likes
Thanks!
I guess I need to learn what a stub domain is.
1 Like
Yes, I asked the devs about this, and I was told that, currently, in Qubes OS, every HVM has a stub domain, and stub domains run in PV mode.
5 Likes