I have been reluctant to ask this question for quite a while, especially from third perspective security, which actually goes hand-in-hand with the second.
Jan schrieb am Montag, 20. Juli 2020 um 23:27:54 UTC+2: > On 20.07.20 09:57, Rick Xu wrote: > > For 3 reasons, first, it uses a LINUX as a host OS and then changes it > > to a guest OS, so a running host OS was saved. > > Second, less virtualization and more real-time. > > Third, it's easy to use. > > [..] > > And if it has not been used for products, why? > >From my last months' view of setting up an academical use-case of a mixed criticality/mixed security-level system, from the perspective of an application-oriented engineer, I would not agree on the term 'easy'. I have also setup my use-case using other hypervisors, which I would consider 'easier', but I hit other barriers. Though, everything has pros and cons and I may be comparing apples with chocolate cheesecake, not blaming anyone. It is really cool to see the improved features and the HW support growing on ARM systems. At this point, I find Jailhouse being quite tightly interwoven with its underlying HW, in other words, without excellent knowledge of the HW, setting up JH is really hard. If I had only one wish, it would be improving the documentation for Jailhouse integrators. Jailhouse is primarily useful in two application areas. [...] > > The second, still more research-like area is functional safety. This is > our (Siemens) primary focus with Jailhouse. And while we are still > waiting for and even collaborating on developing [3] a certifiable [...] > The Selene Project sounds interesting, all the best with that! I am/was working on a project on mixed-criticality security certification and certifiable HW really is still a blind spot. (what about, "we just _trust_ Intel processors to do the right thing"?!) I believe, in the not so far future a good portion of mixed-criticality systems will also require security certification (to prove integrity of the safety function). Nothing can function in a void. Any (modern) critical functionality requires some sort of networking / data exchange and it is quite wise to split that off into different cells, so there are different certification levels - both in terms of safety (thorough, long-term) and of security (quick update/patches). Jailhouse really shows how much we trust in the underlying HW for these separation guarantees. There are evolving security standards like ISO62443, or, e.g., its derivative EN 50701 for railway. However, from my current understanding Jailhouse is still too "low-level" and would require more tooling and documentation to enable "easy" product certification. And this could become a professional/commercial service beyond the open-source initiative or requires additional forces in the product development. cheers, Thorsten -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/526c5075-2422-4c20-9563-08e2b166d60fn%40googlegroups.com.
