Information
ID: 389
PHID: PHID-TASK-cymgtiquumth62et3jel
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal
Description
cat /sys/devices/system/clocksource/clocksource0/current_clocksource
xen
Bad. Should not be set to xen. (–> Clock Correlation Attack)
cat /sys/devices/system/clocksource/clocksource0/available_clocksource
xen tsc
Probably bad. We don’t want compromised VMs being able to access dom0’s or any other VMs clock. I.e we probably don’t want clocksource xen.
Questions:
- What does clocksource=xen do? Is there documentation on clocksource xen? → sys-whonix doesn't connect to Tor after system suspend · Issue #1764 · QubesOS/qubes-issues · GitHub (w)
- this: sys-whonix doesn't connect to Tor after system suspend · Issue #1764 · QubesOS/qubes-issues · GitHub
- Can we make clocksource=xen unavailable to Qubes-Whonix VMs?
Related Qubes upstream bug:
libvirt domain validation error; virsh edit issue
Comments
Patrick
2015-08-05 18:30:57 UTC
Patrick
2015-08-05 18:55:35 UTC
Patrick
2015-08-06 00:38:25 UTC
Patrick
2015-08-06 12:39:34 UTC
Patrick
2015-08-06 19:13:40 UTC
Patrick
2015-08-10 12:59:17 UTC
Patrick
2015-08-12 14:54:22 UTC
Patrick
2015-11-15 19:25:48 UTC
Patrick
2015-11-24 23:32:17 UTC
Patrick
2015-11-25 14:49:29 UTC
Patrick
2016-02-17 00:47:57 UTC
Patrick
2016-09-29 18:47:22 UTC