GrapheneOS's roadmap regarding virtualization

DeletedUser405

The roadmap section of the GrapheneOS FAQ states they are planning in the long term to be

moving away from relying on the Linux kernel as the core of the OS and foundation of the security model. It needs to move towards a microkernel-based model with a Linux compatibility layer, with many stepping stones leading towards that goal including adopting virtualization-based isolation

then

Over the longer term, i.e. many years from now, Linux can fade away completely and so can the usage of virtualization

But why would the need for virtualization fade? It prevents apps from sharing the host kernel, which is great for security

de0u

DeletedUser405 This decade people are excited about hypervisors, but there's no rule that says a large complicated hypervisor is more secure than a small microkernel (or that a large microkernel is more secure than a small hypervisor, etc.).

A couple times now a microkernel has been proven correct -- admittedly a small microkernel in the case of Verve, but research projects often start small. Meanwhile there are plenty of "hypervisor escape" bugs.

So "hypervisor means secure" is no more true than "JavaScript means secure" or any other magic-bullet claim.

It also has memory and performance costs.

DeletedUser405

de0u
Then, what about applications in microkernel VMs, to get the best out of both worlds?

de0u

DeletedUser405 The interface between a kernel and hardware (thus, a hypervisor) is a gigantic interface. It's generally harder to make gigantic interfaces secure. In theory a microkernel has a small interface and could be easier to secure.

Security isn't really about piling more stuff on. If a microkernel is insecure, or a hypervisor is insecure, or both, it's unclear what is gained by running one on top of the other. For sure performance will be lost, though.

DeletedUser459

I guess the general idea comes from Qubes

Toiletterider

QubesOS founder mentioned that no operating system is secure with compromised firmware or hardware.

Same applies to phones. Worth keeping in mind!

American hardware is rumored to have built-in-backdoors to NSA. At least according to Edward Snowden.

Any progress that makes it harder to breach the privacy of average joes is good. But most of them dont even care. Grapheneos is good for phones, Qubes aswell for PC.

other8026

Toiletterider backdoors

This might be an interesting read https://discuss.grapheneos.org/d/10150-not-your-average-why-pixel-thread/7