[prev in list] [next in list] [prev in thread] [next in thread]
List: qubes-devel
Subject: Re: [qubes-devel] Re: Running (or not) Xen during installation
From: Chris Laprise <tasket () openmailbox ! org>
Date: 2016-11-07 17:43:51
Message-ID: e678606b-d3b3-f631-6a70-b168f04a9098 () openmailbox ! org
[Download RAW message or body]
On 11/06/2016 10:19 PM, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-11-06 15:14, Chris Laprise wrote:
> > On 11/05/2016 04:46 AM, Joanna Rutkowska wrote:
> > > In the long term, we would like to maintain *full* isolation of most of the \
> > > PCIe devices (so DMA and MSI capable) from the TCB (perhaps except for the MCH \
> > > pseudo devs).
> > >
> > > This should be maintained throughout the whole boot process, starting from the
> > > reset vector. I don't think running Linux would allow us to achieve that. So, \
> > > we should aim at keeping Xen, and in the future, when we have better firmware \
> > > to work with (Coreboot?) make sure that at no point in time any of the \
> > > untrusted PCIe, such as your WiFi NIC, can interfere with the boot process.
> > >
> > > joanna.
> > Speaking of long-term, it would be interesting to know if ITL could consider \
> > specifying a hardware platform where Qubes or a Qubes-like OS could operate with \
> > greater consistency. The Qubes community currently spends most of its time and \
> > effort trying to reconcile the OS with the whims and priorities of Windows PC \
> > vendors.
> > Even if its not realistic to build such a PC in the near term, having a hardware \
> > (and firmware) specification that supports the objectives of Qubes could be \
> > educational and garner interest from more hardware-focused people and projects. \
> > It would also serve as a reminder of how (comparatively) problematic most PCs \
> > are.
> > Chris
> >
> What you're describing sounds like the required specifications for Qubes-certified \
> hardware beginning with R4.0:
> https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/
>
> Or did you have something different in mind?
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
Something else entirely... Like specifying CPU features, instruction
sets, bus characteristics, etc. using currently available open hardware
designs as a starting point. I think Joanna would be able to do or at
least oversee much of this planning. It would have a high-level aspect
stating the minimal hardware features at a macro level, but more
importantly it would drill way down to the hardware logic and would
serve as a guide for specific implementation plans used to fabricate
chips and motherboards.
So, ultimately, systems built for non-x86 Qubes could be planned openly
down to the last logic gate.
There would also have to be an establishment of procedures to serve as a
"reasonable" guide for auditing manufacturing processes (e.g. help
ensure chip fabrication delivers product without surprises).
An opportunity exists here to introduce a truly proper replacement for
"regular PCs", which I think are a poor match for the kind of security
Qubes is trying to deliver. Currently its like taking an old hotel
building and trying to turn it into a rocket gantry.
Chris
--
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/e678606b-d3b3-f631-6a70-b168f04a9098%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic