Hi,
The included patches are a small subset of a bigger patch set spanning few
projects aiming to isolate the GPU in Qubes OS to a dedicated security domain.
I'm doing this together with 3 colleagues as part of our Bachelors thesis.
Right now qemu assumes it runs in dom0 so it may grant access to
required memory regions and ioports to the target domain for the IGD to work.
This is no longer the case with linux based stubdomains as the stubdom is
not privileged. Moving some logic from qemu to libxl is necessary for
some features to work inside a stubdomain. The included patches were tested
on a few laptops(together with the linked qemu patchset) and they work
fine.
Grzegorz Uriasz (3):
tools/libxl: Grant VGA IO port permission for stubdom/target domain
tools/libxl: Grant permission for mapping opregions to the target
domain
tools/libxl: Directly map VBIOS to stubdomain
tools/libxl/libxl_pci.c | 153 +++++++++++++++++++++++++++++++++-------
1 file changed, 127 insertions(+), 26 deletions(-)
--
2.27.0