On 11 Aug 2023, at 21:33, Hugo V.C. <skydive...@gmail.com> wrote: That's it. And here is were I think we all in the security industry are failing. I don't think we can solve that nowadays with the current hardware/CPUs and "mix" things, moreover, even if someone dares to do it, I guess it will be extremely complex to make guarantees. Instead of "relaxing" the security policy, I bet to solve that by, literally, make hardware partitioning, with different OSs, the general purpose one and the one with guarantees and then transfer sensible workloads to the hardware partition with the OS that gives you guarantees. I'm aware that here interaction between those two systems introduces new challenges, but IMHO it simplifies a lot the design.
I’m not convinced that there’s a case for more HW support than the simple mechanisms we propose in the TP paper, and which Nils instantiated in fence.t. Unless you go for something that is *very* complex, and will just create more opportunities for loopholes. "Simple is better” applies in the security context even more than in other contexts. Pick the simplest mechanism that does the job, and then use it judiciously. Gernot _______________________________________________ Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems
