On 11/06/2016 10:19 PM, Andrew David Wong wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-11-06 15:14, Chris Laprise wrote:
On 11/05/2016 04:46 AM, Joanna Rutkowska wrote:
In the long term, we would like to maintain *full* isolation of most of the PCIe
devices (so DMA and MSI capable) from the TCB (perhaps except for the MCH pseudo
devs).
This should be maintained throughout the whole boot process, starting from the
reset vector. I don't think running Linux would allow us to achieve that. So, we
should aim at keeping Xen, and in the future, when we have better firmware to
work with (Coreboot?) make sure that at no point in time any of the untrusted
PCIe, such as your WiFi NIC, can interfere with the boot process.
joanna.
Speaking of long-term, it would be interesting to know if ITL could consider
specifying a hardware platform where Qubes or a Qubes-like OS could operate
with greater consistency. The Qubes community currently spends most of its time
and effort trying to reconcile the OS with the whims and priorities of Windows
PC vendors.
Even if its not realistic to build such a PC in the near term, having a
hardware (and firmware) specification that supports the objectives of Qubes
could be educational and garner interest from more hardware-focused people and
projects. It would also serve as a reminder of how (comparatively) problematic
most PCs are.
Chris
What you're describing sounds like the required specifications for
Qubes-certified hardware beginning with R4.0:
https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/
Or did you have something different in mind?
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
Something else entirely... Like specifying CPU features, instruction
sets, bus characteristics, etc. using currently available open hardware
designs as a starting point. I think Joanna would be able to do or at
least oversee much of this planning. It would have a high-level aspect
stating the minimal hardware features at a macro level, but more
importantly it would drill way down to the hardware logic and would
serve as a guide for specific implementation plans used to fabricate
chips and motherboards.
So, ultimately, systems built for non-x86 Qubes could be planned openly
down to the last logic gate.
There would also have to be an establishment of procedures to serve as a
"reasonable" guide for auditing manufacturing processes (e.g. help
ensure chip fabrication delivers product without surprises).
An opportunity exists here to introduce a truly proper replacement for
"regular PCs", which I think are a poor match for the kind of security
Qubes is trying to deliver. Currently its like taking an old hotel
building and trying to turn it into a rocket gantry.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/e678606b-d3b3-f631-6a70-b168f04a9098%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
