Hugo V.C. wrote:
" So I was assuming the isolation between VMs are more assured using sel4."
Yes. isolation is what is guaranteed and proved by seL4. This is the "magic" of having it´s code formally verified and what makes the difference with any other solution, in terms of isolation.
"In itself I am not worried if the VM is compromised."
Then go ahead. But remember that if VM is compromised then the solution is compromised. So if you need to sell/distribute this solution you will need to argue to your customers/users why you don´t care about VM compromise...
"Perhaps I could get usb stack ported natively... "
Anything you strip down from the VMs and port it to native code you get a giant improvement in terms of security.
El mié, 19 oct 2022 a las 7:54, <james.hillman07(a)gmail.com> escribió:
Hugo V.C. wrote: "My intention was to use a minimum image with no UI but importantly the USB drivers/stack."
Sure. This is a common approach and default VMs examples of seL4 tutorials are exactly that: a kernel + busybox, so no UI. Still this is just Linux with a very big kernel...
El mié., 19 oct. 2022 6:37, <james.hillman07(a)gmail.com> escribió:
Thanks everyone, really enjoy reading the discussion. Sorry for the lazy untargetted use of the word Linux. My intention was to use a minimum image with no UI but importantly the USB drivers/stack.
I guess the key issue is what the best data rate I could hope for between the VMs. _______________________________________________ Devel mailing list -- devel(a)sel4.systems To unsubscribe send an email to devel-leave(a)sel4.systems
So I was assuming the isolation between VMs are more assured using sel4. In itself I am not worried if the VM is compromised. Perhaps I could get usb stack ported natively... _______________________________________________ Devel mailing list -- devel(a)sel4.systems To unsubscribe send an email to devel-leave(a)sel4.systems
Thanks for confirming and continuing the discussion. I think my use case the system gets reset (read only os) on every use and a typical use time is perhaps a few minutes. In terms of minimising the impact of comprimise I'm thinking of using three VMs - insecure/comprimise exposed, a "between states" VM which would enforce data flow syntax/packet checking between the other two VMs, and a secure/trusted VM.