On 11/10/23 05:07, Hugo V.C. wrote: > "If people want to improve the hardware, focussing on generic mechanisms > such as support for partitioning L2-LL caches would be far more beneficial > than point-solutions that will be defeated by the next class of attacks." > > The path of partitioning some hardware resourse ends up in full > partitioning of the computing platform including power supply. It is > simpler (almost zero design effort) and the only "reasonably" secure > solution. Whenever you share hardware resources, you open the path to side > channels.
At this point one just has multiple separate systems. > On the other hand, PLUS full computing platform partitioning time > protection is a must on each isolated computing platform. So here we have > two problems that need to be addressed by different vendors: > > 1) Time protection, CPU/SoC vendors > 2) Computing platform isolation (laptop/servers vendors). > > Figure out how wonderful would be to have a laptop with X full independent > computing platforms inside (fun/work/banking...) and each one based on > CPU/SoC solutions with Time Protection. That works until one needs to use all of the cores on the system for a parallel VM kernel build or for non-accelerated video encoding. > On top of each of those platforms some verified hypervisor/kernel (seL4?). > > BTW, the step 2 is straight forward, just make laptops a bit bigger and add > a screen swich to switch each isolated computing platform. One might as well just buy multiple laptops and be able to use them at the same time. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems
