On Thu, Jun 11, 2015 at 08:52:25PM +0200, Norman Feske wrote:
Hi Jookia,
welcome to the mailing list!
Thanks for the welcome. :)
On 11.06.2015 18:57, Jookia wrote:
I looked at an old Genode demo from 2006 or so a while ago and found it had secure X11 forwarding. I'm very interested in this feature with virtual machines to get a nice environment for something like Turmvilla, though last time I checked the code it seemed this feature disappeared.
Indeed, we removed the code a long time ago. It was specific for the paravirtualized OKLinux kernel that we used in the live-CD scenario back then. The feature consisted of two parts: A custom Linux framebuffer driver that we enhanced with a nitpicker-like interface, and a X11 client that watched all X11 window operations and propagated these information to our driver. The driver, in turn, acted as a client of the nitpicker GUI server.
I see! I assumed it was doing something like Qubes does, given it's one of the things that lead me to Genode as it's not available on ARM or using TrustZone.
The mechanism worked well enough to integrate one or multiple X11 window systems into one nitpicker GUI. However, today, in the age of window compositing, I would implement this feature differently. Instead of relying on a guest-OS window manager to manage the X11 windows, I would use a custom compositor that exports the buffers with the content of each window to the Genode world - similar to how the X11 integration works on Qubes OS. This approach has the benefit that all windows (of both Linux applications and Genode applications) could be managed by a single window manager running on Genode.
Which sounds like something I might look in to doing. I'm a newbie but I have passion, which I suppose makes up for it? I'm not really confident enough to think I could do this securely though I suppose if I went the route of trying to get it upstreamed as a Genode feature it'd get code reviewed, yes?
That said, right now, there is no tangible plan on our side to implement this idea. Maybe you'd like to investigate it? ;-)
Perhaps. My main concern is secure communication between Genode and GNU/Linux. Or Genode and Genode. I'd like to eventually glue a bunch of running machines together, virtual or not, and build a metamachine that I can use for my computing, with secure logins somehow.
Right now the virtual machine monitor I've seen communicates through UART which I don't imagine has a particularly good amount of bandwidth. I assume Genode has some kind of IPC, perhaps it'd be nice to extend this to run with services on other machines (virtual or physical) which could be provided by other Genode or X11 services.
This sounds convoluted but eventually I'd like to have Genode running in the normal world too and use the secure world for my actual screen and keyboard inputs. Perhaps even scaling it up we could start to see situations where I could use my laptop as a thin screen and keyboard for applications running on my desktop. That's maybe too radical and dreamy.
Cheers Norman
Cheers again, Jookia.