[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Host CPU Passthrough WS


#1

A Libvirt lead dev recommends passing thru the host CPU config to enable meltdown and spectre mitigations for guests (They are already mitigated on patched hosts). I think this is very important.

I already allow the GW full passthrough since its trusted. I would like to do the same for WS since hiding host CPU info is ineffective since it can be easily discovered by benchmarking. With this config change it should be no different than the state of Xen guests currently. I can still blacklist problematic instructions like tsc with this too.

https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/


#2

Done. @Patrick please merge ship these changes for the next RC because they are important.


#3

Merged.

For Non-Qubes-Whonix 14 there is no more RC. The current RC release will most likely be blessed stable.


#4

1 pull remaining for the custom ws. Can you please also merge it?


#5

Sure, done.