Matthew GarrettMy annual plea for a thing: I want a type 1 hypervisor that just has a small isolated VM and then passes through the rest of the hardware to the main VM which runs Linux. The small VM is intended to be used to run small pieces of code that the main OS should not be able to interfere with. Does such a thing exist? (Think Xen, but with a Dom0 that can't see into DomUs)
Alexander Graf@mjg59 sounds pretty close to Jailhouse?
@agraf My recollection is that Jailhouse does static partitioning and no scheduling, ie you need to give it a CPU? It also starts from Linux which makes it harder to sequester secrets that Linux can't get at.
@mjg59 I'm not sure how much both of these are embedded into its architecture or just artifacts of how its main users consume it.
@agraf I'm pretty sure the lack of scheduling is a design choice that would need to be retrofitted. Launching from Linux is more about how it's managed, so that's probably an easier thing to fix.
@mjg59 true, it doesn't seem to support any scheduling at all. That said, I'd expect a simple round robin scheduler may not be super difficult to implement. Either way, not an off the shelf solution for your use case.