Re: [ANN] Muen - An x86/64 Separation Kernel for High Assurance

[Alexander Senier <mail@senier.net>]

On Fri, 13 Dec 2013 13:41:38 -0800 (PST)
Diogenes <phathax0r@gmail.com> wrote:

> Will this kernel function on any AMD based systems or any embedded
> systems (Gumstix, Rasberry Pi)?

Muen purposely is a relatively small layer on top Intel VT as this
keeps the kernel complexity low. Supporting AMD-based systems should be
possible, though, with reasonable effort and a minor increase in
complexity as AMD's hardware virtualization features are comparable.

When it comes to embedded targets the closest match seems to be the
Intel Atom CPU. While versions with VT-x exist, there are currently no
Atom CPUs with EPT or VT-d. EPT (aka. nested paging) is an important
feature to reduce the complexity (and performance) of virtual machines.
VT-d is essential if untrusted virtual machines have direct access to
PCIe devices and especially if you want to build a system that uses
untrusted device drivers / devices in conjunction with trusted
applications (think of an untrusted Linux VM that drives the network
card and a trusted application that enforces encryption of all
traffic). Should Intel ever build VT-d (and EPT) into Atom CPUs, a Muen
port to these CPUs is thinkable.

> Are there plans to port this kernel?

While a port to a suitable AMD CPU seems doable, it is not planned at
the moment as there is no demand. Given the size of the kernel, a port
to completely different architectures like ARM would probably be more
complex than a rewrite.

> Are you looking for contributors?

Sure. Note, that Muen is meant to be the foundation for trustworthy
*systems* - in a component-based system there are many other interesting
areas outside the kernel. Someone asked for a (trusted?) TCP/IP stack
earlier, other trusted components (input, graphics, crypto…) are
necessary to make up a complete system.

Regards
Alex