Separate GPU acceleration toggle for Whonix VMs

[DemiMarie]

GPU acceleration can be used to compromise anonymity. Whonix VMs should never have access to it, and attempting to enable GPU acceleration for a Whonix VM should fail.

[DemiMarie]

@adrelanos can you confirm (or refute) this?

[adrelanos]

I don't recall such an argument. Only System Identity Camouflage and Virtual Machine Cloaking comes to mind.

In Hardware-accelerated Graphics wiki says it is discouraged for security reasons.

To put it into perspective: Tor Browser (or any torified application) running on real Debian (non-Qubes) would also have access to GPU acceleration.

Suggested change:

• Not a hard denial.
• Default checkbox enabled:
  • Prohibit GPU acceleration for better security
• A button different from:
  • GPU acceleration

Related issues:

• Related because these would preconfigure different settings for Whonix VMs and these would prevent QVMM (Qubes VM Manager) for users to easily/accidentally (no hard denial) make changes such as:
• https://github.com/QubesOS/qubes-issues/issues/3994
• https://github.com/QubesOS/qubes-issues/issues/7614
• https://github.com/QubesOS/qubes-issues/issues/1856
• https://github.com/QubesOS/qubes-issues/issues/8381
• https://github.com/QubesOS/qubes-issues/issues/2724