Hi WhonixQubes, I don't have too much to add, but I wanted to throw in my support: I'm very interested in seeing qubes or something very much like it on top of sel4. There is another, similar project using genode which places virtualbox on top of the nova ukernel to have VMs run with a smaller TCB in isolated processes. Though thats still a bit different than what qubes gives you, and although the TCB is smaller, none of it is proven. On Wed, Mar 18, 2015 at 4:35 AM, WhonixQubes wrote:

Hello,

I am the maintainer of the Qubes + Whonix project...

https://www.whonix.org/wiki/Qubes

Which is the port of Whonix OS (think a more secure Tor proxied VM) to Qubes OS, which has upstream integration into the Qubes codebase now.

I am very interested in secure minimal kernels and hypervisors, and have been discussing these topics publicly and privately with other interested developers and investors recently.

And I am also positioning to bring development resources to low-level projects that can achieve a more optimal (and verifiable) secure TCB than bloated Linux-based systems, as Qubes Dom0 is currently based upon.

Actually being able to read through and know all the code that is running on a mission critical machine, a novel thought, huh. ;)

I am most interested in this Qubes blurb on the seL4 website...

https://sel4.systems/GettingStarted

"Qubes is an open source operating system designed to provide strong security for desktop computing using virtualisation to provide isolation. Qubes is based on Xen. seL4 is a much better fit for Qubes. The project is to port Qubes to seL4 (or develop an alternative Qubes-like system for seL4)."

I absolutely agree with this and would like to know more about what Qubes development project might already underway be in the seL4 community in order to consider the opportunity of providing some real assistance in the future.

What's the status of this seL4 Qubes port project and who can I get in touch with to talk more about accomplishing it?

Thanks! :)

WhonixQubes

_______________________________________________ Devel mailing list Devel@sel4.systems https://sel4.systems/lists/listinfo/devel

Hi, This past (southern hemisphere) summer at NICTA we've had a student start work on a port of Qubes to seL4 . This work mainly focussed on providing the seL4 backend support needed for the Qubes R3 Hypervisor-Abstraction-Layer (see [1][2][3] for some info about the HAL and backend support it requires). The status of the project at the moment is that we have support for inter-VM communication using vchan and qrexec, and a very simple libvirt wrapper (that doesn't do much yet). However there is still a bunch work to do in getting much of the libvirt functionality (managing VMs including creating and destroying VMs at runtime) working, and then getting the rest of Qubes running based on this backend support. Ihor [1] http://theinvisiblethings.blogspot.com.au/2013/03/introducing-qubes-odyssey-... [2] http://theinvisiblethings.blogspot.com.au/2013/06/qubes-os-r3-alpha-preview-... [3] http://theinvisiblethings.blogspot.com.au/2014/11/qubes-r3odyssey-initial-so... -- Ihor Kuz Senior Researcher NICTA | Locked Bag 6016 | UNSW, Sydney NSW 1466 T + 61 2 8306 0582 | F +61 2 8306 0406 www.nicta.com.au l ihor.kuz@nicta.com.au On 18/03/2015, at 10:35 PM, WhonixQubes wrote:

Hello,

I am the maintainer of the Qubes + Whonix project...

https://www.whonix.org/wiki/Qubes

Which is the port of Whonix OS (think a more secure Tor proxied VM) to Qubes OS, which has upstream integration into the Qubes codebase now.

I am very interested in secure minimal kernels and hypervisors, and have been discussing these topics publicly and privately with other interested developers and investors recently.

And I am also positioning to bring development resources to low-level projects that can achieve a more optimal (and verifiable) secure TCB than bloated Linux-based systems, as Qubes Dom0 is currently based upon.

Actually being able to read through and know all the code that is running on a mission critical machine, a novel thought, huh. ;)

I am most interested in this Qubes blurb on the seL4 website...

https://sel4.systems/GettingStarted

"Qubes is an open source operating system designed to provide strong security for desktop computing using virtualisation to provide isolation. Qubes is based on Xen. seL4 is a much better fit for Qubes. The project is to port Qubes to seL4 (or develop an alternative Qubes-like system for seL4)."

I absolutely agree with this and would like to know more about what Qubes development project might already underway be in the seL4 community in order to consider the opportunity of providing some real assistance in the future.

What's the status of this seL4 Qubes port project and who can I get in touch with to talk more about accomplishing it?

Thanks! :)

WhonixQubes

_______________________________________________ Devel mailing list Devel@sel4.systems https://sel4.systems/lists/listinfo/devel