[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Re: Running (or not) Xen during installation
From:       Chris Laprise <tasket () openmailbox ! org>
Date:       2016-11-07 17:43:51
Message-ID: e678606b-d3b3-f631-6a70-b168f04a9098 () openmailbox ! org
[Download RAW message or body]

On 11/06/2016 10:19 PM, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 2016-11-06 15:14, Chris Laprise wrote:
> > On 11/05/2016 04:46 AM, Joanna Rutkowska wrote:
> > > In the long term, we would like to maintain *full* isolation of most of the \
> > > PCIe devices (so DMA and MSI capable) from the TCB (perhaps except for the MCH \
> > > pseudo devs).
> > > 
> > > This should be maintained throughout the whole boot process, starting from the
> > > reset vector. I don't think running Linux would allow us to achieve that. So, \
> > > we should aim at keeping Xen, and in the future, when we have better firmware \
> > > to work with (Coreboot?) make sure that at no point in time any of the \
> > > untrusted PCIe, such as your WiFi NIC, can interfere with the boot process.
> > > 
> > > joanna.
> > Speaking of long-term, it would be interesting to know if ITL could consider \
> > specifying a hardware platform where Qubes or a Qubes-like OS could operate with \
> > greater consistency. The Qubes community currently spends most of its time and \
> > effort trying to reconcile the OS with the whims and priorities of Windows PC \
> > vendors. 
> > Even if its not realistic to build such a PC in the near term, having a hardware \
> > (and firmware) specification that supports the objectives of Qubes could be \
> > educational and garner interest from more hardware-focused people and projects. \
> > It would also serve as a reminder of how (comparatively) problematic most PCs \
> > are. 
> > Chris
> > 
> What you're describing sounds like the required specifications for Qubes-certified \
> hardware beginning with R4.0: 
> https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/
> 
> Or did you have something different in mind?
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org

Something else entirely... Like specifying CPU features, instruction 
sets, bus characteristics, etc. using currently available open hardware 
designs as a starting point. I think Joanna would be able to do or at 
least oversee much of this planning. It would have a high-level aspect 
stating the minimal hardware features at a macro level, but more 
importantly it would drill way down to the hardware logic and would 
serve as a guide for specific implementation plans used to fabricate 
chips and motherboards.

So, ultimately, systems built for non-x86 Qubes could be planned openly 
down to the last logic gate.

There would also have to be an establishment of procedures to serve as a 
"reasonable" guide for auditing manufacturing processes (e.g. help 
ensure chip fabrication delivers product without surprises).

An opportunity exists here to introduce a truly proper replacement for 
"regular PCs", which I think are a poor match for the kind of security 
Qubes is trying to deliver. Currently its like taking an old hotel 
building and trying to turn it into a rocket gantry.

Chris

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/e678606b-d3b3-f631-6a70-b168f04a9098%40openmailbox.org.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]