Hi Demi!
my goal is to bring seL4 to the average user via running a browser Firefox?? on top of seL4 so compromising the browser makes "impossible" to cross the seL4 virtualization barrier (let's ignore emulation layers exposure surface). From here possibilities are endless: running virtualized browser on top of seL4 on top of an insecure OS (Windows/Linux/Mac.. ), running multiple VMs (similar to QubesOS), etc. Every scenario is different.
The Linux guest, is, as far I understand ciber security, untrusted (Linux kernel is untrusted). Everything on top (i.e. Firefox) untrusted.
The hardware will depend. Right now is x86_64 but I'm emulating aarch64 via qemu to speed up dev things as for me x86_64 seL4 support is still too complex (I"m alone on seL4 dev stuff so I always look the easiest path for demo purposes). Anyway, the hardware is not something I care, things are evolving so fast...( https://docs.qualcomm.com/bundle/publicresource/topics/80-62010-1/Getting-st...) ideas are more important and I bet on experimenting with seL4 to virtualize anything anywhere.
The only thing I care here in this kind of virtualization is all the "glue" software to get hardware access on the host (now I use qemu but who knows, maybe at some point someone can remove qemu and run seL4 natively virtualized on Windows/Linux/Mac). We put a man on the Moon...
Not sure how this experiment will end up, what I'm sure is I want to use seL4 everywhere, and Windows looks to me like the perfect Circus for my little Frankenstein... :-)
El jue., 11 abr. 2024 18:06, Demi Marie Obenour demiobenour@gmail.com escribió:
On 4/10/24 04:32, Hugo V.C. wrote:
Thank you Peter, I'll give it a try... Anyway, is there any "out-of-the-box" example of a Linux Guest with gpu passthrough enabled? I mean, it would be nice to have a real example demo ready to use so engineers/companies around the Globe can try it. I'm getting mad trying
to
run a Firefox in a Linux Guest (see attached screenshot) and was jut able to start it on a headless Linux guest server with no GPU (remote X
window)
but performance is horrible (not usable) so I can not even do a demo.
This
is a show stopper for seL4. It is nice to have all the stuff to build
thing
"from scratch", but the market needs "ready to use" stuff so people can
try
it. Is there anything usable out there (just to try)?🙏
What is your goal here? Is the Linux guest trusted or untrusted? If it is trusted, what untrusted code is running on the system? What hardware are you running on? -- Sincerely, Demi Marie Obenour (she/her/hers)
Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems