zlacker

[return to "Qubes OS: A reasonably secure operating system"]
1. snvzz+D3[view] [source] 2017-11-19 17:00:09
>>ploggi+(OP)
Their weakest point is the hypervisor, Xen, which while a better choice than Linux/KVM, is still extremely bloated and has a poor security history.

Thankfully, better designs such as seL4's VMM do exist, although it might need a little more work [1] until usable for the purpose.

[1] https://sel4.systems/Info/Roadmap/

◧◩
2. X86BSD+I8[view] [source] 2017-11-19 17:51:14
>>snvzz+D3
You also have access to BHyve on FreeBSD for a good hypervisor.
◧◩◪
3. floatb+3k[view] [source] 2017-11-19 20:08:14
>>X86BSD+I8
Just like KVM, bhyve includes a whole unix kernel in the TCB. Sure it's a better one :) but still.

Tiny hypervisors like NOVA http://hypervisor.org, seL4-based are the ideal solution, but sadly no one seems to be pushing to make them usable and production-ready :(

[go to top]