Increasing GPU security using GPU API sandboxes.

[ILOVEPIE]

The problem you're addressing (if any)

So, I saw that you guys were working on getting GPU acceleration working in the VMs. I had an idea on potentially how to make this more secure and make GPU-based VM escapes and other GPU based attacks more difficult.

The solution you'd like

You could run the GPU API calls through a GPU call sandbox such as the ANGLE library (you might have to tweak it a bit), which validates them and ensures that GPU API calls will not result in undefined or malicious behavior.

The value to a user, and who that user might be

This would provide an additional protection for virtual machines that you want to use GPU acceleration for, but may not trust 100%.

Completion criteria checklist

(This section is for developer use only. Please do not modify it.)

[ILOVEPIE]

I tried to add the GPU acceleration tag, but it didn't let me.

[DemiMarie]

Qubes OS isn’t willing to settle for being as secure as a web browser with WebGL and WebGPU enabled. Therefore, Qubes OS will be using native contexts, which already are a form of API sandboxing. The difference is that native contexts proxy the hardware-dependent kernel driver API, which is where the security boundary is. This means that they have vastly less attack surface and as a bonus are faster as well.

Duplicate of #8552.

[DemiMarie]

Duplicate of #8552

[github-actions[bot]]

This issue has been closed as a "duplicate." This means that another issue exists that is very similar to or subsumes this one. If any useful information on this issue is not already present on the other issue, please add it in a comment on the other issue. Here are some common cases of duplicate issues:

• The other issue is closed. The other issue being closed does not prevent this issue from duplicating it. We will examine the closed issue and, if appropriate, reopen it.
• The other issue is for a different Qubes release. We usually maintain only one issue for all affected Qubes releases.
• The other issue is very old. The mere age of an issue is not, by itself, a relevant factor when determining duplicates.

By default, the newer issue will be closed in favor of the older issue. However, we make exceptions when we determine that it would be significantly more useful to keep the newer issue open instead of the older one.

We respect the time and effort you have taken to file this issue, and we understand that this outcome may be unsatisfying. Please accept our sincere apologies and know that we greatly value your participation and membership in the Qubes community.

If anyone reading this believes that this issue was closed in error or that the resolution of "duplicate" is not accurate, please leave a comment below saying so, and we will review this issue again. For more information, see How issues get closed.