zlacker

So imagine you have a separate slot in your desktop/laptop occupied by a secondary single board computer of sufficient power to run your banks website or other secure operations. Since you are going to use it to git push to import repos or move money you give two shits if it has much in the way of customization.

You hit a physical button and an internal kvm switches usb input and displayport out between primary and secondary machine. There is no shared clipboard or way for data to be intentionally be shared between machines and nothing to distinguish this setup from any other "secure" setup to disallow its use. It ticks the correct boxes to meet the described intent of the feature and unlike a secure environment one is obliged to use for everything would actually be more secure as you have no good reason to install a bunch of software or browse random websites on the slower secure environment.

>>michae+(OP)
You can try QubesOS, which does exactly this using virtual machines. Clipboard is not shared by default, you need to move the contents of the clipboard using yet another keystroke pair (so it's 4-salutes scheme: Ctrl-C, Ctrl-Shift-C, Ctrl-Shift-V, Ctrl-V to actually copy something between machines). App's windows are delineated with coloured borders which cannot be overridden from inside the VM.

There are major usability problems, mostly related to graphics (the protocol that forwards the windows is purposefully dumb and doesn't support 3D acceleration at all), but for things like browsing bank apps or even watching youtube it's enough.

>>michae+(OP)
You can also just use a Windows VM and forward the already-working TPM to it. With tools like Cassowary you can use Windows browsers through an app-only RDP connection, integrating the VM seamlessly. Hardware acceleration will be a bit more difficult, but for things like encoding or decoding video you can already forward virtual GPUs on most platforms if you get the configuration right.

I don't think you'll need to buy an SBC for this. A weekend of messing with virtual machines will be enough.

>>throw_+wP
> the protocol that forwards the windows is purposefully dumb and doesn't support 3D acceleration at all

This is a major reason I haven't tried QubesOS yet. Thanks to Nvidia I've seen what happens when you run a desktop with a browser without hardware acceleration and it sucks. CPU cores get pegged with basic scrolling or video playback and power consumption is simply unreasonable.

Perhaps if I were a human rights activist or a journalist I would use it, but I'm not.

>>jeroen+Q01
This is fundamentally different on multiple fronts. Insofar as security if the host is compromised the VM has none because of the hosts control over the VM's environment. For the same reason anything that requires you to be in an authenticated environment is probably not going to accept an authenticated environment that is itself hosted in one that is not. The browser/system would assert that it isn't in the Matrix by testing naively by looking for the presence of VM specific information or devices and more securely by performing operations which must work differently in a vm see this post

https://stackoverflow.com/questions/39533/how-to-identify-th...

>>michae+tE2
Remote attestation is already available on big cloud providers and Windows runs virtualised on many servers across the world for remote work. Excluding all of those browsers would probably be problematic for almost every use case.

I don't think big websites will block every VM (especially since Microsoft has some kind of super secure browser implementation that uses virtualisation). You may need to make KVM fake HyperV, though.

>>jeroen+LL2
None of the consumer facing resources need to be accessible via your vm in the cloud because that isn't how users get to Content/Banking/Shopping/School/resources/communication they do so on their desktop OS. There is zero reason 99.9% of use cases couldn't or would bother to block "insecure" environments and not also block VMs running in insecure environments.

> You may need to make KVM fake HyperV, though.

Not even techies are farting around with virtual machines and hoping their fake virtualization tricks don't break this weak when they have important things to do much less 99.999% of planet earth. They might however be willing to press one button that perceptively from the user standpoint switches their screen to a different desktop that happens to be running on a different machine. The interface to this feature would be simple enough they wouldn't have to care to understand it.

Users Mental Model: press button and "special" browser pops up full screen where I can bank/spend money. Press button again and it goes back whatever they were doing.

>>michae+LI3
Virtual Windows machines with thin clients are used all over the world. Microsoft is even trying to make Window 11 an online-first platform according to news like https://www.theverge.com/2023/6/27/23775117/microsoft-window.... Some of these companies may run Windows on bare metal, but I doubt the majority of them doesn't do at least some server/workspace separation through VMs.

I know people want convenience. Anyone interested in convenience will just use Windows or macOS. They won't need to mess with VMs. This whole problem is only an issue for the small percentage of the population that wants to use their own weird operating systems, browsers, or addons.

If the need arises, someone will make a user friendly tool to do all this. Cassowary can do it today after following a step by step guide, they can also add their Web Integrity patches to those steps if they need to.

If you, as a user, want to have a special button that makes banking work without needing to know how or why, stick with proprietary operating systems. Linux isn't user friendly enough to accomplish this and it probably won't be for a while. The same is true if you want to watch your HD/4K streaming content without a huge struggle.

>>jeroen+DF4
Why wouldn't the host and client be attested to be safe without letting arbitrary virtualization?