(www.qubes-os.org)

441 points ploggingdev | 1 comments | 19 Nov 17 16:06 UTC | HN request time: 0.245s | source

Show context

snvzz ◴[19 Nov 17 17:00 UTC] No.15734641[source]▶

Their weakest point is the hypervisor, Xen, which while a better choice than Linux/KVM, is still extremely bloated and has a poor security history.

Thankfully, better designs such as seL4's VMM do exist, although it might need a little more work [1] until usable for the purpose.

[1] https://sel4.systems/Info/Roadmap/

replies(6): >>15734676 #>>15734739 #>>15734803 #>>15734841 #>>15734956 #>>15735067 #

X86BSD ◴[19 Nov 17 17:51 UTC] No.15734956[source]▶

>>15734641 #

You also have access to BHyve on FreeBSD for a good hypervisor.

replies(1): >>15735659 #

1. floatboth ◴[19 Nov 17 20:08 UTC] No.15735659[source]▶

>>15734956 #

Just like KVM, bhyve includes a whole unix kernel in the TCB. Sure it's a better one :) but still.

Tiny hypervisors like NOVA http://hypervisor.org, seL4-based are the ideal solution, but sadly no one seems to be pushing to make them usable and production-ready :(

↑

Qubes OS: A reasonably secure operating system