Xen project Mailing List

Re: [MirageOS-devel] Mirage OS and Qubes OS integration

From: Anil Madhavapeddy <anil@xxxxxxxxxx>

Date: Mon, 8 Feb 2016 15:07:34 +0000

Cc: Marek Marczykowski-GÃrecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, "mirageos-devel@xxxxxxxxxxxxxxxxxxxx" <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>, qubes-devel <qubes-devel@xxxxxxxxxxxxxxxx>

Delivery-date: Mon, 08 Feb 2016 15:07:56 +0000

Domainkey-signature: a=rsa-sha1; c=nofws; d=recoil.org; h=content-type :mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; q=dns; s= selector1; b=g73h5XLibPCWuyfc8D9SBj8dqYexL2qwGlJ8QECsl1n8NZi+gid eJgcOdv64dOS7BNuh2rwV76+CkxeD0/0wdyvWe7BzSTdRFUasGxlBP961EB7t4vV zpCLNtkyVX+HE7QnqwAY6PCaItwlm84rffxGH5+YXyNq02FnAU0smIEo=

List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

On 7 Feb 2016, at 22:33, Thomas Leonard <talex5@xxxxxxxxx> wrote: > >> How is that related to Mirage OS? It can be distributed/installed as >> minimal root.img, containing just /boot directory with: >> - a Mirage OS binary >> - grub2 configuration starting it >> >> Why not installing it directly as a kernel (also using some new qrexec >> service)? Two reasons: >> - VM kernel loaded from dom0 filesystem is parsed by a toolstack >> running there. While the attack surface is quite small here >> (probably only uncompressing code), it still exists This is indeed how we boot on EC2 at the moment (which uses pv-grub also). https://github.com/mirage/mirage/blob/master/scripts/ec2.sh A Mirage Xen unikernel is wrapped in a minimal image that includes a grub.conf that points to it. Anil _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.