vga passthrough kvm is security risk?


will be good for performance , for example is the only way to see fullscreen streaming in whonix with fps like in physicaly pc. But i thing can’t use the gpu at the same time in host and guest , must ‘‘mount’’ it on guest,
then maximize guest , in the midle if need to use host , must unmount gpu from guest and minimize guest for using host , but that may can do , imagine here all that we do for the ‘‘sacrifice’’ for the anonymity , so litle bit more clicks , but at the end , it will security risk?
*If is not need just to unmount the gpu but shut down the guest , that will be problem but how then we can use vga passthrough?


Good day,

first of all, GPU passtrough in general is only to be used on a system with more then one GPU. This could be two PCIe-GPUs or an IGPU and a PCIe-GPU. For the reasons you already mentioned, it is in general not possible to use GPU passthrough on a system with only one GPU. This however, is both not a Whonix problem and in general not a real problem, as it is the only way to use a GPU in a virtualized machine.

Regarding security implications, there isn’t really much I can say here, as this isn’t really a Whonix, but more a KVM specific question. There really isn’t any documentation (at least I didn’t find any) which focuses on the security of GPU passthrough or PCIe in general…

Have a nice day,



Qubes by design does not expose real hardware to AppVMs for security
reasons. And I think they are right in doing so. For example, network
hardware is only exposed to NetVM. So any network hardware compromise
would always be contained in NetVM only. Graphic cards should for the
same security reason not be exposed to anything other than the host. [Or
in future, a GuiVM.]

Some more development / theoretic speculation:
If you have have multiple graphic cards, then theoretically you could
connect the trusted/important[/slow] one to the host or GuiVM only. And
a less trusted one you could assign to specific AppVMs as you need more
performance there. Should that AppVM and graphic card [firmware] be
[permanently] compromised, then other VMs and the host could not be
compromised also by that compromised graphic card. But this is difficult
to implement and to always enforce. Since such a maybe-compromised
graphic card should never be reconnected to the host or GuiVM.


Thanks a lot , i got it.