[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] MirageOS AppVMs on Qubes

On 23 November 2015 at 12:35, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
> On 23 Nov 2015, at 11:15, Thomas Leonard <talex5@xxxxxxxxx> wrote:
>>
>> QubesOS is a security-focused desktop OS that runs multiple isolated
>> VMs under Xen. Typically, these run Linux. For example, I use a Fedora
>> VM for email and a Debian VM for development.
>>
>> There is discussion on the qubes mailing list at the moment about
>> using unikernel VMs:
>>
>>  https://groups.google.com/forum/#!topic/qubes-users/h03-1hiNMCc
>>
>> I've written a simple test unikernel [1] that supports Qubes' qrexec
>> protocol. This allows other domains to send command requests to the
>> VM. If approved by the dom0 policy, a two-way channel (stdin/stdout)
>> is established between the requesting VM and the unikernel. qrexec is
>> built on top of vchan, which was easy to support thanks to David
>> Scott's ocaml-vchan library.
>>
>> I've also written a tool [2] to let you upload unikernels built in an
>> AppVM to dom0 and run them easily.
>
> A newbie question -- is there a decent PC ultrabook that anyone can
> recommend to start running Qubes with working power management?

There's a Qubes Hardware Compatibility List here:

  https://www.qubes-os.org/hcl/

> I've heard good things about Dell XPSes...
>
> Also, I just ran across this nicely privilege separated TLS daemon:
> https://www.opsmate.com/titus/
>
> This seems like a good direction for TLStunnel to go in as well --
> explicit fine-grained process/VM separation for even the private keys.
> Running this in Qubes would be interesting...

Qubes are also interested in GnuPG. Since 2.1, all private key
operations are handled by gpg-agent, so we'd probably only have to
implement that. Anyone know how hard that would be?

https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring


-- 
Dr Thomas Leonard        http://roscidus.com/blog/
GPG: DA98 25AE CAD0 8975 7CDA  BD8E 0713 3F96 CA74 D8BA

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.