Hi Jookia, thanks for explaining your background. Now the picture becomes much clearer.
> I'm also a big fan of Qubes and security through isolation. Unfortunately, the > Novena uses the i.MX6 chipset which has an ARM Cortex-A9 CPU which means > there's > no capacity for hardware-based virtualization or isolation. So I'm left with > three choices: Don't isolate my environment and use a single GNU/Linux > desktop, > try porting Qubes to LXC and have a monolithic kernel as a hypervisor, or go > down the road of using the wrong tool for the job: TrustZone. For a setup like the Turmvilla scenario where we have just a single "rich" Linux instance and a growing number of native Genode components, TrustZone would work well. If you decide to go this route, you may benefit from Martin's current line of work on providing a virtual block device to the normal world. The secure world retains the exclusive access to the real device and can make a partition available to the normal world. For the Turmvilla scenario, however, we need to complement this with something similar for the framebuffer and input devices. I just remember that we started our discussion exactly with this topic. :-) If you decide to give it a go, this would be very cool. >>From what I know TrustZone is ideally used to host a small secure operating > system alongside a regular operating system. I'd like to be able to use the > TrustZone as my normal operating system and use the normal world for untrusted > hardware like network adapters or USB sticks. Combining this with L4Linux I'm > hoping I'll be able to have some virtual machines spread out in a Qubes > fashion > with some hardware protection. You can actually run a fully-fledged Genode system in the secure world (as your future "normal" OS) and use the normal world for the "rich Linux VM". Instead of going the Qubes route of using multiple Linux VMs as appliances, I would prefer to enable functionality natively on Genode without relying on virtual machines. There are two motivations behind this direction. First, native components are much lighter (with respect to resources, startup times, and the ease of configuration). Second, only by following this way, Genode will eventually become a self-sustainable system. If we keep on relying on the Linux kernel as application runtime, this will possibly never happen. Cheers Norman -- Dr.-Ing. Norman Feske Genode Labs http://www.genode-labs.com · http://genode.org Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth ------------------------------------------------------------------------------ _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
