[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Re: dom0 update for ppc64le support
From:       "'awokd' via qubes-devel" <qubes-devel () googlegroups ! com>
Date:       2018-04-04 4:37:59
Message-ID: 00e81b6caa0731b37d60ee052349f3e3.squirrel () tt3j2x4k5ycaa5zt ! onion
[Download RAW message or body]

On Mon, April 2, 2018 5:48 am, Raptor Engineering Sales wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Raptor Engineering can provide access the hardware needed to make this
> happen at no cost, plus some degree of support for issues encountered. We
> just need people willing to put in the time / work on the Xen port to
> ppc64el.
> 
> None of the ARM server / workstation platforms in existence with modern
> performance are open -- even the ThunderX2 relies on an AMI firmware stack
> with an AMI BMC, plus we normally see ME-type blobs in other parts of
> modern ARM systems.  Building something like Qubes on top of such a shaky
> foundation is something that has always concerned us, and one of the
> primary reasons why we want to see it fully support POWER systems as a
> first-class citizen.
> 
> What do we need to make this happen?

From upthread, sounds like Qubes on KVM on Power might be most realistic.
Have there been any improvements to KVM since
https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf
was written?
Specifically, this conclusion:

"We believe that the Xen hypervisor architecture better suits the needs of
our project. Xen hypervisor is very small comparing to Linux kernel, which
 makes it substantially easier to audit for security problems. Xen allows
to move most of the "world-facing" code out of Dom0, including the I/O 
emulator, networking code and many drivers, leaving very slim interface
between other VMs and Dom0. Xenʼs support for driver domain is crucial in
Qubes OS architecture.
KVM relies on the Linux kernel to provide isolation, e.g. for the I/O
emulator process, which we believe is not as secure as Xenʼs isolation
based on virtualization enforced by thin hypervisor. KVM also doesnʼt
support driver domains."

Eight years later, what would need to be done in KVM to close the gap with
Xen? All of the above?



-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/00e81b6caa0731b37d60ee052349f3e3.squirrel%40tt3j2x4k5ycaa5zt.onion.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]