zlacker

[return to "Qubes OS: A reasonably secure operating system"]
1. snvzz+D3[view] [source] 2017-11-19 17:00:09
>>ploggi+(OP)
Their weakest point is the hypervisor, Xen, which while a better choice than Linux/KVM, is still extremely bloated and has a poor security history.

Thankfully, better designs such as seL4's VMM do exist, although it might need a little more work [1] until usable for the purpose.

[1] https://sel4.systems/Info/Roadmap/

◧◩
2. dijit+c4[view] [source] 2017-11-19 17:07:05
>>snvzz+D3
Could you clarify "Better choice"?

I've been using KVM/Xen/VMware for some time and always enjoyed it. And since Amazon and Google especially are going all in on KVM I'm surprised to hear the Xen is a better choice.

◧◩◪
3. snvzz+o6[view] [source] 2017-11-19 17:28:46
>>dijit+c4
>Could you clarify "Better choice"?

KVM is, like VMware, a Type 2 hypervisor. [1]

Xen is a proper Type 1 hypervisor.

[1] https://microkerneldude.wordpress.com/2010/10/14/much-ado-ab...

◧◩◪◨
4. monoca+St[view] [source] 2017-11-19 22:19:11
>>snvzz+o6
sel4's virtualization support make it a type 2 hypervisor. Akaros too, which IMO has the right model for virtualization with it's 'VM threads' concept. All 'type 2' really means is that the kernel directly supports running threads in ring 3 in addition to ring 0.

I guess it's your use of 'proper' that bugged me.

[go to top]