El lun, 13 nov 2023 a las 2:48, Demi Marie Obenour (<demioben...@gmail.com>) escribió:
> On 11/10/23 05:07, Hugo V.C. wrote: > > "If people want to improve the hardware, focussing on generic mechanisms > > such as support for partitioning L2-LL caches would be far more > beneficial > > than point-solutions that will be defeated by the next class of attacks." > > > > The path of partitioning some hardware resourse ends up in full > > partitioning of the computing platform including power supply. It is > > simpler (almost zero design effort) and the only "reasonably" secure > > solution. Whenever you share hardware resources, you open the path to > side > > channels. > > At this point one just has multiple separate systems. > **** Yes, it is wonderful how simple it is... isn't it? > > > On the other hand, PLUS full computing platform partitioning time > > protection is a must on each isolated computing platform. So here we have > > two problems that need to be addressed by different vendors: > > > > 1) Time protection, CPU/SoC vendors > > 2) Computing platform isolation (laptop/servers vendors). > > > > Figure out how wonderful would be to have a laptop with X full > independent > > computing platforms inside (fun/work/banking...) and each one based on > > CPU/SoC solutions with Time Protection. > > That works until one needs to use all of the cores on the system for a > parallel > VM kernel build or for non-accelerated video encoding. > > > On top of each of those platforms some verified hypervisor/kernel > (seL4?). > > > > BTW, the step 2 is straight forward, just make laptops a bit bigger and > add > > a screen swich to switch each isolated computing platform. > > One might as well just buy multiple laptops and be able to use them at the > same time. > *** You can not easily travel with multiple laptops and it is not a comfortable solution, nor you can sell this idea to anyone. Instead you can travel with a single laptop with 3 different computing platforms inside, basically, the user will never know, it will be transparent. > -- > Sincerely, > Demi Marie Obenour (she/her/hers) > > _______________________________________________ > Devel mailing list -- devel@sel4.systems > To unsubscribe send an email to devel-leave@sel4.systems > _______________________________________________ Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems