Matthew GarrettMay 8, 2024
My annual plea for a thing: I want a type 1 hypervisor that just has a small isolated VM and then passes through the rest of the hardware to the main VM which runs Linux. The small VM is intended to be used to run small pieces of code that the main OS should not be able to interfere with. Does such a thing exist? (Think Xen, but with a Dom0 that can't see into DomUs)
Show threadEmelia/Emi

@mjg59 So basically "a programmable HSM" like a less-locked-down version of apple's secure enclave? I honestly think trying to achieve secure isolation on the same CPU as the rest of the OS is a fool's game, and the only way to ensure isolation is to physically isolate things onto independent cores via a mailbox interface.

(I've wanted something similar for literally ever...)

May 8, 2024 at 7:52pmWeb
Show threadMatthew GarrettMay 8, 2024
@becomethewaifu Hypervisors are "good enough", given that we haven't seen multi-tenant cloud turn into a complete disaster