Are there any articles, documentation, etc. on this? I'm looking around but having trouble finding answers. Is the trusted WM proprietary or something? Edit: to elaborate, I'm interested in whether the trusted WM could be used on top of a different virtualization technology, or even a more typical mandatory access control framework like AppArmor.
I recall Joanna talking about having a choice of WM in future, my understanding was that it is was standard. Can't recall the reference right now, believe it was in one of her blogs.
@mirimir: I haven't. I'm not much for mailing lists... @deBoetie: from the way it color-codes VMs, I don't think it's standard. Edit: actually, from this https://qubes-os.org/ticket/84 It looks like the WM is at least not from scratch. I'm very confused. How can a bog-standard WM do any kind of sensible, trustworthy arbitration between virtual machines on the same X display?
Lots of assumptions going on here... There could be an underlying manager that passes colour coding config to each of the VM's and it could also be used to pass input between the VM's without using X.
From the FAQ at : https://qubes-os.org/wiki/UserFaq#WhatssospecialaboutQubesGUIvirtualization "What's so special about Qubes' GUI virtualization? We have designed the GUI virtualization subsystem with two primary goals: security and performance. Our GUI infrastructure introduces only about 2,500 lines of C code (LOC) into the privileged domain (Dom0), which is very little, and thus leaves little space for bugs and potential attacks. At the same time, due to the smart use of Xen shared memory, our GUI implementation is very efficient, so most virtualized applications really feel as if they were executed natively." I suspect this is what does the color coding on the windows, and seems to imply that the WM is native to each VM? I also remember reading that they had decided against full-screening anything because that would allow rogue apps to emulate the "real" system and fool the user into dangerous actions.