←back to thread

Qubes OS: A reasonably secure operating system

(www.qubes-os.org)
441 points ploggingdev | 1 comments | 19 Nov 17 16:06 UTC | HN request time: 0.206s | source
Show context
snvzz ◴[19 Nov 17 17:00 UTC] No.15734641[source]
Their weakest point is the hypervisor, Xen, which while a better choice than Linux/KVM, is still extremely bloated and has a poor security history.

Thankfully, better designs such as seL4's VMM do exist, although it might need a little more work [1] until usable for the purpose.

[1] https://sel4.systems/Info/Roadmap/

replies(6): >>15734676 #>>15734739 #>>15734803 #>>15734841 #>>15734956 #>>15735067 #
dijit ◴[19 Nov 17 17:07 UTC] No.15734676[source]
Could you clarify "Better choice"?

I've been using KVM/Xen/VMware for some time and always enjoyed it. And since Amazon and Google especially are going all in on KVM I'm surprised to hear the Xen is a better choice.

replies(2): >>15734758 #>>15734812 #
snvzz ◴[19 Nov 17 17:28 UTC] No.15734812[source]
>Could you clarify "Better choice"?

KVM is, like VMware, a Type 2 hypervisor. [1]

Xen is a proper Type 1 hypervisor.

[1] https://microkerneldude.wordpress.com/2010/10/14/much-ado-ab...

replies(3): >>15734912 #>>15735038 #>>15736268 #
1. aleden ◴[19 Nov 17 18:11 UTC] No.15735038[source]
It should be noted that KVM supports many different archs, and it lives inside the mainline Linux kernel while VMware's kernel modules are out-of-tree. I think this fact is an important difference (also that qemu-system-* are open-source, while vmware is not).