ProHoster > Kushandisa QubesOS kushanda nayo Windows 7

Kushandisa QubesOS kushanda nayo Windows 7

Iko hakuna zvinyorwa zvakawanda pamusoro peHabré yakazvipira kuQubes inoshanda sisitimu, uye izvo zvandaona hazvitsanangure zvakawanda zvechiitiko chekuishandisa. Pasi pekuchekwa, ndinotarisira kugadzirisa izvi ndichishandisa muenzaniso wekushandisa Qubes senzira yekudzivirira (kupikisa) nharaunda yeWindows uye, panguva imwe chete, inofungidzira nhamba yevashandisi vanotaura chiRussia chegadziriro.

Kushandisa QubesOS kushanda nayo Windows 7

Sei Qubes?

Nyaya yekupera kwekutsigirwa kwehunyanzvi Windows 7 uye kuwedzera kunetseka kwevashandisi kwakatungamira kudikanwa kwekuronga basa reiyi OS, tichifunga zvinotevera zvinodiwa:

  • chengetedza kushandiswa kweyakagadziriswa zvizere Windows 7 nekugona kwemushandisi kuisa zvigadziriso uye akasiyana maapplication (kusanganisira kuburikidza neInternet);
  • shandisa kubviswa kwakakwana kana kusarudzwa kwekubatana kwetiweki zvichienderana nemamiriro ezvinhu (autonomous operation uye traffic filtering modes);
  • kupa kugona kusarudza kubatanidza zvinobviswa midhiya nemidziyo.

Iyi seti yezvirambidzo inofungidzira mushandisi akagadzirirwa zvakajeka, sezvo kutonga kwakazvimirira kunobvumidzwa, uye zvirambidzo hazvinei nekuvharira zvaanogona kuita, asi nekusabatanidzwa kwezvikanganiso zvingangoitika kana zvinoparadza software mhedzisiro. Avo. Iko hakuna mutadzi wemukati mumuenzaniso.

Mukutsvaga kwedu mhinduro, takakurumidza kusiya zano rekuita zvirambidzo tichishandisa akavakirwa-mukati kana ekuwedzera maWindows maturusi, sezvo zvakanyanya kuoma kudzikamisa mushandisi nekodzero dzemaneja, zvichimusiya kugona kuisa maapplication.

Mhinduro inotevera yaive yekuzviparadzanisa nevamwe uchishandisa virtualization. Zvishandiso zvinonyatsozivikanwa zvedesktop virtualization (semuenzaniso, senge virtualbox) hazvina kukodzera kugadzirisa matambudziko ekuchengetedza uye zvirambidzo zvakanyorwa zvinofanirwa kuitwa nemushandisi nekugara uchichinja kana kugadzirisa zvivakwa zvemuenzi virtual muchina (zvino zvinorehwa. seVM), izvo zvinowedzera njodzi yekukanganisa.

Panguva imwecheteyo, takanga tine ruzivo rwekushandisa Qubes sedhisiki remushandisi, asi taive nekusahadzika nezve kugadzikana kwekushanda nemuenzi Windows. Zvakasarudzwa kuti zvitarise iyo yazvino vhezheni yeQubes, sezvo izvo zvataurwa zvinokodzera chaizvo paradigm yehurongwa uhu, kunyanya kuisirwa kwechokwadi muchina matemplate uye kubatanidzwa kwekuona. Zvadaro, ndichaedza kutaura muchidimbu pamusoro pemafungiro uye zvishandiso zveQubes, ndichishandisa muenzaniso wekugadzirisa dambudziko.

Mhando dzeXen virtualization

Qubes yakavakirwa paXen hypervisor, iyo inoderedza mabasa ekugadzirisa processor zviwanikwa, ndangariro uye chaiwo michina. Mamwe mabasa ese ane zvishandiso akaiswa mu dom0 zvichibva paLinux kernel (Qubes for dom0 inoshandisa iyo Fedora kugovera).

Kushandisa QubesOS kushanda nayo Windows 7

Xen inotsigira akati wandei marudzi ekuona (ini ndichapa mienzaniso yeIntel architecture, kunyangwe Xen ichitsigira vamwe):

  • paravirtualization (PV) - a virtualization mode pasina kushandiswa kwerutsigiro rwehardware, chiyeuchidzo chemudziyo virtualization, inogona kushandiswa kune masisitimu ane yakagadziridzwa kernel (dom0 inoshanda mune iyi modhi);
  • yakazara virtualization (HVM) - mune iyi modhi, tsigiro yehardware inoshandiswa kune processor zviwanikwa, uye zvimwe zvese zvinoshandiswa zvinoteedzerwa uchishandisa QEMU. Iyi ndiyo nzira yepasirese yekumhanyisa akasiyana masisitimu ekushandisa;
  • paravirtualization yehardware (PVH - ParaVirtualized Hardware) - a virtualization mode uchishandisa hardware tsigiro apo, kushanda nehardware, iyo yevaenzi system kernel inoshandisa madhiraivha akachinjirwa kune kugona kweiyo hypervisor (semuenzaniso, yakagovaniswa ndangariro), kubvisa kudiwa kwekutevedzera QEMU. uye kuwedzera I/O kuita. Iyo Linux kernel kutanga kubva 4.11 inogona kushanda mune iyi modhi.

Kushandisa QubesOS kushanda nayo Windows 7

Kutanga neQubes 4.0, nekuda kwezvikonzero zvekuchengetedza, kushandiswa kweparavirtualization modhi inosiiwa (kusanganisira nekuda kwekusagadzikana kunozivikanwa muIntel architecture, iyo inodzikiswa zvishoma nekushandiswa kweakazara virtualization); PVH modhi inoshandiswa nekukasira.

Paunenge uchishandisa emulation (HVM mode), QEMU inotangwa mune imwe yega VM inonzi stubdomain, nokudaro ichideredza njodzi dzekushandisa zvikanganiso zvinogona kuitika mukuita (iyo QEMU chirongwa chine yakawanda kodhi, kusanganisira yekuenderana).
Muchiitiko chedu, iyi modhi inofanira kushandiswa kuWindows.

Service virtual machines

MuQubes kuchengetedza architecture, imwe yeakakosha kugona kweiyo hypervisor kuendeswa kwePCI zvishandiso kune nharaunda yevaenzi. Kusarudzika Hardware inobvumidza iwe kuparadzanisa iyo inotambira chikamu cheiyo sisitimu kubva kunze kwekurwiswa. Xen inotsigira izvi zvePV neHVM modhi, mune yechipiri kesi inoda rutsigiro rweIOMMU (Intel VT-d) - hardware memory manejimendi ezvishandiso zvinogoneka.

Izvi zvinogadzira akati wandei system virtual muchina:

  • sys-net, kune zvigadziriso zvetiweki zvinotamiswa uye izvo zvinoshandiswa sebhiriji kune mamwe maVM, semuenzaniso, iwo anoita mabasa efirewall kana VPN mutengi;
  • sys-usb, uko USB uye mamwe madhizaini edhizaini anotamirwa;
  • sys-firewall, iyo isingashandisi zvishandiso, asi inoshanda sefirewall yeVM yakabatana.

Kushanda nemidziyo ye USB, masevhisi eproxy anoshandiswa, ayo anopa, pakati pezvimwe zvinhu:

  • yeHID (chishandiso chemunhu) kirasi yemudziyo, kutumira mirairo ku dom0;
  • kune midhiya inobvisika, kudzokororwa kwevhoriyamu yemidziyo kune mamwe maVM (kunze kwedom0);
  • kutungamira zvakananga kune USB mudziyo (uchishandisa USBIP uye maturusi ekubatanidza).

Mukugadzirisa kwakadai, kurwiswa kwakabudirira kuburikidza netiweki stack kana zvishandiso zvakabatana zvinogona kutungamira mukukanganisika kweiyo chete yekumhanya sevhisi VM, uye kwete iyo yese system seyakazara. Uye mushure mekutangazve sevhisi VM, ichaiswa mune yayo yekutanga.

VM yekubatanidza zvishandiso

Pane nzira dzinoverengeka dzekudyidzana nedesktop yemuchina chaiwo - kuisa maapplication musystem yevaenzi kana kutevedzera vhidhiyo uchishandisa virtualization maturusi. Zvishandiso zvevaenzi zvinogona kunge zvakasiyana-siyana zvepasirese zvekusvika maturusi (RDP, VNC, Spice, nezvimwewo) kana kuchinjirwa kune chaiyo hypervisor (maturusi akadai anowanzo kunzi zvishandiso zvevaenzi). Sarudzo yakasanganiswa inogonawo kushandiswa, kana iyo hypervisor inotevedzera I / O yevaenzi system, uye kunze inopa kugona kushandisa protocol inosanganisa I / O, semuenzaniso, seSpice. Panguva imwecheteyo, maturusi ekusvika kure anowanzo optimize chifananidzo, sezvo zvinosanganisira kushanda kuburikidza netiweki, iyo isina mhedzisiro yakanaka pamhando yemufananidzo.

Qubes inopa zvishandiso zvayo zvekubatanidza VM. Chekutanga pane zvese, iyi giraidhi subsystem - windows kubva kune akasiyana maVM anoratidzwa pane imwechete desktop ine yavo yemavara furemu. Kazhinji, maturusi ekubatanidza anoenderana nekugona kweiyo hypervisor - yakagovaniswa ndangariro (Xen tafura yerubatsiro), maturusi ekuzivisa (Xen chiitiko chiteshi), yakagovaniswa yekuchengetedza xenstore uye vchan yekutaurirana protocol. Nerubatsiro rwavo, izvo zvakakosha zvikamu qrexec uye qubes-rpc, uye masevhisi ekushandisa anoitwa - odhiyo kana USB redirection, kuendesa mafaera kana clipboard zvirimo, kuita mirairo uye kutanga maapplication. Zvinogoneka kuseta marongero anobvumidza iwe kudzikamisa masevhisi aripo paVM. Nhamba iri pasi apa muenzaniso wemaitiro ekutanga kupindirana kwemaVM maviri.

Kushandisa QubesOS kushanda nayo Windows 7

Nokudaro, basa muVM rinoitwa pasina kushandisa network, iyo inobvumira kushandiswa kwakazara kweVMs vanozvimirira kudzivirira kubuda kwemashoko. Semuenzaniso, iyi ndiyo nzira iyo kupatsanurwa kwecryptographic mashandiro (PGP/SSH) kunoitwa, kana makiyi epachivande achishandiswa mumaVM ari ega uye asingaendi kupfuura iwo.

Matemplate, application uye imwe-nguva maVM

Basa rese remushandisi muQubes rinoitwa mumashini chaiwo. Iyo main host system inoshandiswa kudzora nekuona iwo. Iyo OS inoiswa pamwe chete neyekutanga seti yetemplate-yakavakirwa virtual michina (TemplateVM). Iyi template ndeye Linux VM yakavakirwa pakugovera kweFedora kana Debian, ine maturusi ekubatanidza akaiswa uye akagadziridzwa, uye yakatsaurirwa sisitimu uye zvikamu zvevashandisi. Kuiswa uye kugadziridzwa kwesoftware kunoitwa neakajairwa pasuru maneja (dnf kana apt) kubva kumisikidzwa repositori ine inosungirwa yedhijitari siginecha verification (GnuPG). Chinangwa chemaVM akadaro ndechekuona kuvimba mukushandisa maVM kwakatangwa pahwaro hwavo.

Pakutanga, application VM (AppVM) inoshandisa mufananidzo weiyo system partition yeinowirirana VM template, uye kana yapedza inodzima iyi snapshot pasina kuchengetedza shanduko. Iyo data inodiwa nemushandisi inochengetwa muchikamu chemushandisi chakasarudzika kune yega yega application VM, iyo yakaiswa mudhairekitori repamba.

Kushandisa QubesOS kushanda nayo Windows 7

Kushandisa maVM anoraswa (disposableVM) anogona kubatsira kubva pakuchengetedza maonero. VM yakadaro inogadzirwa zvichibva pane template panguva yekutanga uye inotangwa kune chimwe chinangwa - kuita imwe application, kupedzisa basa mushure mekuvharwa. MaVM anoraswa anogona kushandiswa kuvhura mafaera anofungidzirwa ane zviri mukati anogona kutungamira mukushandiswa kwekusagadzikana kwechishandiso. Iko kugona kumhanya imwe-nguva VM inosanganiswa mune faira maneja (Nautilus) uye email mutengi (Thunderbird).

Windows VM inogona zvakare kushandiswa kugadzira template uye imwe-nguva VM nekufambisa iyo mushandisi chimiro kune yakaparadzana chikamu. Mune yedu vhezheni, template yakadaro ichashandiswa nemushandisi kune manejimendi mabasa uye kuisa application. Zvichienderana netemplate, akati wandei maVM ekushandisa achagadzirwa - aine mashoma kuwana kunetiweki (yakajairwa sys-firewall kugona) uye pasina mukana kunetiweki zvachose (chaiyo network network haina kugadzirwa). Yese shanduko uye mashandisirwo akaiswa mutemplate achave aripo kuti ashande mune aya maVM, uye kunyangwe kana zvirongwa zvebhukimaka zvikaunzwa, havazove netiweki yekuwana yekukanganisa.

Kurwira Windows

Iwo maficha anotsanangurwa pamusoro ndiwo hwaro hweQubes uye anoshanda zvakatsiga; matambudziko anotanga neWindows. Kuti ubatanidze Windows, unofanirwa kushandisa seti yezvishandiso zvevaenzi Qubes Windows Tools (QWT), iyo inosanganisira vatyairi vekushanda neXen, qvideo mutyairi uye seti yezvishandiso zvekutsinhana ruzivo (kufambisa faira, clipboard). Iyo yekuisa uye yekumisikidza maitiro akanyorwa zvakadzama pane webhusaiti yeprojekiti, saka isu tichagovana ruzivo rwedu rwekushandisa.

Chinetso chikuru ndechekushaya rutsigiro rwezvishandiso zvakagadziridzwa. Key Developers (QWT) inoita kunge isiri kuwanikwa uye iyo Windows yekubatanidza purojekiti yakamirira anotungamira mugadziri. Nokudaro, kutanga kwezvose, zvaive zvakakodzera kuongorora kushanda kwayo uye kuumba kunzwisisa kwekugona kuitsigira kwakasununguka, kana zvichidiwa. Iyo yakanyanya kuoma kukudziridza uye kugadzirisa ndeye giraidhi mutyairi, iyo inoteedzera vhidhiyo adapta uye kuratidza kuti ibudise mufananidzo mune yakagovaniswa ndangariro, ichikubvumidza iwe kuratidza iyo desktop yese kana hwindo rekushandisa zvakananga muhwindo rehost system. Munguva yekuongorora mashandiro emutyairi, isu takagadzirisa kodhi yekuungana munzvimbo yeLinux uye takagadzira chirongwa chekugadzirisa pakati pemaWindows evashanyi masisitimu. Padanho rekuvaka, takaita shanduko dzinoverengeka dzakarerutsira zvinhu kwatiri, kunyanya maererano ne "chinyararire" kuisirwa kwezvishandiso, uye zvakare kubvisa kushatirisa kwekuita kana uchishanda muVM kwenguva yakareba. Takapa miuyo yebasa iri murutivi rwakaparadzana repositories, nokudaro kwete kwenguva refu zvinokurudzira Tungamira Qubes Developer.

Iyo yakanyanya kuomesesa nhanho maererano nekugadzikana kwevaenzi system ndiko kutanga kweWindows, pano iwe unogona kuona yakajairika yebhuruu skrini (kana kusatomboiona). Kune akawanda ezvikanganiso zvakaonekwa, pakanga paine akasiyana maworkaround - kubvisa Xen block mudziyo madhiraivha, kudzima VM memory kuenzanisa, kugadzirisa network marongero, uye kudzikisa huwandu hwemacores. Zvishandiso zvedu zvevaenzi zvinovaka zvimisikidzo uye zvinomhanya pane zvakagadziridzwa zvizere Windows 7 uye Windows 10 (kunze kweqvideo).

Kana uchifamba kubva kunharaunda chaiyo kuenda kune chaiyo, dambudziko rinomuka ne activating Windows kana pre-yakaiswa OEM mavhezheni akashandiswa. Masisitimu akadaro anoshandisa activation zvichibva pamarezinesi akatsanangurwa muUEFI yemuchina. Kuti unyatso gadzirisa activation, zvinodikanwa kushandura chimwe chese chikamu cheACPI cheiyo host system (SLIC tafura) kune yevaenzi system uye zvishoma kugadzirisa vamwe, kunyoresa mugadziri. Xen inobvumidza iwe kugadzirisa iyo ACPI yemukati yemamwe matafura, asi pasina kugadzirisa iwo makuru. Chigamba kubva kune yakafanana OpenXT purojekiti, iyo yakagadziridzwa kuQubes, yakabatsira nemhinduro. Izvo zvigadziriso zvaiita sezvinobatsira kwete isu chete uye zvakashandurirwa muQubes repository uye Libvirt raibhurari.

Izvo zviri pachena zvakashata zveWindows yekubatanidza zvishandiso zvinosanganisira kushomeka kwerutsigiro rweodhiyo, USB zvishandiso, uye kuoma kwekushanda nenhau, sezvo pasina tsigiro yehardware yeGPU. Asi zviri pamusoro hazvidziviriri kushandiswa kweVM yekushanda nemagwaro ehofisi, uye hazvidziviriri kutangwa kwezvikumbiro zvekambani.

Chinodiwa chekuchinja kune inoshanda modhi isina network kana ine network shoma mushure mekugadzira Windows VM template yakazadzikiswa nekugadzira magadzirirwo akakodzera ekushandisa maVM, uye mukana wekusarudza kubatanidza zvinobviswa midhiya yakagadziriswawo neyakajairwa OS maturusi - kana akabatana. , anowanikwa muhurongwa VM sys-usb, kubva kwaanogona "kuendeswa" kune inodiwa VM. Desktop yemushandisi inotaridzika seizvi.

Kushandisa QubesOS kushanda nayo Windows 7

Yekupedzisira vhezheni yehurongwa yaive yakanaka (sekusvika sekunge mhinduro yakazara inobvumira) yakagamuchirwa nevashandisi, uye maturusi akajairwa ehurongwa akaita kuti zvikwanisike kuwedzera application kune nharembozha yemushandisi nekuwana kuburikidza neVPN.

Pane mhedziso

Virtualization kazhinji inobvumidza iwe kudzikisa njodzi dzekushandisa Windows masisitimu akasiiwa asina tsigiro - haimanikidze kuenderana nehardware nyowani, inobvumidza iwe kusabvisa kana kudzora kupinda kune system kuburikidza netiweki kana kuburikidza nemidziyo yakabatana, uye inobvumidza iwe shandisa imwe-nguva yekutanga nharaunda.

Zvichienderana nepfungwa yekuzviparadzanisa nevamwe kuburikidza nekuona, Qubes OS inokubatsira kukwidziridza idzi nedzimwe nzira dzekuchengetedza. Kubva kunze, vanhu vazhinji vanoona Qubes zvakanyanya sechishuwo chekusazivikanwa, asi iyo inobatsira sisitimu kune mainjiniya, anowanzo juggle mapurojekiti, zvivakwa, uye zvakavanzika kuti vazviwane, uye kune vekuchengetedza vaongorori. Kupatsanurwa kwemashandisirwo, data uye kugadzirwa kwekudyidzana kwavo ndiwo matanho ekutanga ekutyisidzira kuongororwa uye kuchengetedza system dhizaini. Kuparadzaniswa uku kunobatsira kugadzira ruzivo uye kuderedza mukana wekukanganisa nekuda kwechinhu chemunhu - kukurumidza, kuneta, nezvimwe.

Parizvino, kukoshesa kukuru mukusimudzira kuri kuwedzera kushanda kwenzvimbo dzeLinux. Shanduro 4.1 iri kugadzirirwa kusunungurwa, iyo ichave yakavakirwa paFedora 31 uye inosanganisira shanduro dzemazuva ano dzezvinhu zvakakosha Xen uye Libvirt. Zvakakosha kucherechedza kuti Qubes inogadzirwa nenyanzvi dzekuchengetedza ruzivo dzinogara dzichiburitsa zvigadziriso kana kutyisidzira kutsva kana zvikanganiso zvikaonekwa.

Afterword

Imwe yehunyanzvi hwekuyedza yatiri kugadzira inotibvumira kugadzira maVM nerutsigiro rwekupinda muenzi kuGPU zvichibva paIntel GVT-g tekinoroji, iyo inotibvumira kushandisa kugona kweiyo giraidhi adapta uye kuwedzera zvakanyanya chiyero chehurongwa. Panguva yekunyora, mashandiro aya anoshanda bvunzo kuvaka kweQubes 4.1, uye inowanikwa pa github.

Source: www.habr.com

Voeg