qubes_security_level service

[joanna]

...and display a warning to the user, that e.g. without IOMMU/VT-d there is no point of having a NetVM, as it cannot be securely isolated on a system without VT-d.

[joanna]

Also present an option to enable VT-d.

Also, our installer should generate two grub entries:

• Qubes
• Qubes (IOMMU/VT-d enabled)

By default we should be booting without iommu (because it often causes problems with incompatible GPUs), but always display a warning when we figure out IOMMU is not supported or not enabled.

[joanna]

We should have a service called qubes_security_level that would be the last init.d service started in Dom0. This service's task would be to evaluate the level of security based on current platform config. Currently this would be just the availability of the VT-d. In the future we would add more criteria, such as:

• is also Interrupt Remapping enabled?
• is full screen for AppVMs allowed by guid or not?
• has the system been started using TPM-based trusted boot (Anti Evil Maid) or not?
• is the whole filesystem encrypted or not?
• etc...

Also, we should have a little app (or part of the qubes manager) that would be displaying an icon in the tray that would be representing the current security level (a number from 1-5, coloured from red to green/blue). When user clicks on the icon we should display a quick explanation what factors contributed to given security level.

[joanna]

This is currently tricky to implement, because we don't know how to implement "stickiness" of the variable that holds the level -- it should be possible to ensure that once the user "lowers" the security level, e.g. by booting the system with VT-d disabled, then the level will never get back to the previously high level.

So, currently we can just add some trivial indicator e.g. to Qubes Manager -- TBD.