search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
543 stars 48 forks source link

Increasing GPU security using GPU API sandboxes. #9521

Open ILOVEPIE opened 1 month ago

ILOVEPIE commented 1 month ago

The problem you're addressing (if any)

So, I saw that you guys were working on getting GPU acceleration working in the VMs. I had an idea on potentially how to make this more secure and make GPU-based VM escapes and other GPU based attacks more difficult.

The solution you'd like

You could run the GPU API calls through a GPU call sandbox such as the ANGLE library (you might have to tweak it a bit), which validates them and ensures that GPU API calls will not result in undefined or malicious behavior.

The value to a user, and who that user might be

This would provide an additional protection for virtual machines that you want to use GPU acceleration for, but may not trust 100%.

Completion criteria checklist

(This section is for developer use only. Please do not modify it.)

ILOVEPIE commented 1 month ago

I tried to add the GPU acceleration tag, but it didn't let me.