Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Separate GPU acceleration toggle for Whonix VMs #8970

Open
DemiMarie opened this issue Feb 25, 2024 · 2 comments
Open

Separate GPU acceleration toggle for Whonix VMs #8970

DemiMarie opened this issue Feb 25, 2024 · 2 comments
Labels
C: GPU acceleration C: Whonix This issue impacts Qubes-Whonix P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@DemiMarie
Copy link

GPU acceleration can be used to compromise anonymity. Whonix VMs should never have access to it, and attempting to enable GPU acceleration for a Whonix VM should fail.
@DemiMarie DemiMarie added T: task Type: task. An action item that is neither a bug nor an enhancement. C: GPU acceleration T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. C: Whonix This issue impacts Qubes-Whonix and removed T: task Type: task. An action item that is neither a bug nor an enhancement. labels Feb 25, 2024
@DemiMarie DemiMarie self-assigned this Feb 25, 2024
@DemiMarie DemiMarie added the P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. label Feb 25, 2024
@DemiMarie
Copy link
Author

@adrelanos can you confirm (or refute) this?

@adrelanos
Copy link
Member

I don't recall such an argument. Only System Identity Camouflage and Virtual Machine Cloaking comes to mind.

In Hardware-accelerated Graphics wiki says it is discouraged for security reasons.

To put it into perspective:
Tor Browser (or any torified application) running on real Debian (non-Qubes) would also have access to GPU acceleration.

Suggested change:

  • Not a hard denial.
  • Default checkbox enabled:
    • Prohibit GPU acceleration for better security
  • A button different from:
  • GPU acceleration

Related issues:

@DemiMarie DemiMarie changed the title Ensure that GPU acceleration cannot be enabled in Whonix VMs Separate GPU acceleration toggle for Whonix VMs Mar 4, 2024
@DemiMarie DemiMarie removed their assignment Mar 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: GPU acceleration C: Whonix This issue impacts Qubes-Whonix P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
GPU acceleration
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adrelanos @DemiMarie @andrewdavidwong