ARM trust zone and Wayland on Genode?

Peter Lindener lindener.peter at ...9...
Wed Feb 5 00:34:32 CET 2014


Hi
   Norman-

   At the risk of coming across as a bit confused, For the life of me with
Genode Labs having recognized the significance of actively taking into
account the GUI layer in it's security model..    How in any real sense can
Genode's growth road-map not yet openly account for Wayland's rise within
the Linux computing world?....   Am I just asking about something that
Genode labs is choosing to play closer to there chest?....    I gather the
good parts of Nitpicker might likely be a good starting point.  I'm just
asking for some sense of assurance that, A. people are actively planing
Genode's longer term growth future. B. that somehow we might be able to
figure out how Genode might support apps that might be expecting a Wayland
display compositor to talk to...

   ...Am I asking the right questions here?

   all the best
      -Peter



On Thu, Jan 30, 2014 at 11:31 AM, Peter Lindener
<lindener.peter at ...9...>wrote:

> Hi
>     Norman-
>
>     Given that Genode's design philosophy is all about minimizing the
> TCB...
> it would seem that running Wayland under Nitpicker might be the first step
> toward achieving compatibility with Wayland, while also maintaining the
> well considered security that you have already achieved via Nitpicker...
> ie. your very nice thesis work!
>
>    It does seem like GPU interfacing security might be a real
> consideration here.
> I would propose that you might want to propose doing some research work
> for NVidia if they might see the wisdom in it....   I think your thesis
> speaks well of your qualifications for such....and my hunch is that if your
> sociable and reach out to them, your likely to find it very much a win /
> win situation... !!
>
>    all the best
>      -Peter
>
>
>
> On Thu, Jan 30, 2014 at 1:37 AM, Norman Feske <
> norman.feske at ...1...> wrote:
>
>> Hello Peter,
>>
>> >     It seems like Genode's secure display windows are off to a good
>> > start with "Nitpicker"...
>> > ...What is happening so that the Wayland display compositor will be able
>> > to in some way run withing the Genode OS?
>>
>> as far as I know, there is no concrete plan to bring Wayland to Genode.
>> It is not mentioned on our road map [1]. However, we have listed the
>> topic at our "challenges" page as a rough idea.
>>
>> [1]  http://genode.org/about/road-map
>> [2]  http://genode.org/about/challenges
>>
>> Design-wise there seem to be many similarities between nitpicker and
>> Wayland, but both solutions were created under different premises. For
>> Wayland, fluent graphics without any tearing artifacts were a big
>> motivation. The goal was to overcome the deficiencies of X.org. In
>> contrast, nitpicker was designed for security in the first place (you
>> can read more details in my dissertation [3]). Both goals led to a
>> similar design, which is a very good sign.
>>
>> [3]  http://www.genode-labs.com/publications/secure-gui-2009.pdf
>>
>> Personally, I think that exploring the combination of Wayland with
>> Genode is an interesting topic, but I am anything but sure about the
>> outcome. Whereas Wayland was designed for Linux, it is unclear to me how
>> well it fits with Genode's capability-based security model. Also, a
>> Wayland-based graphics stack will be significantly more complex than a
>> nitpicker-based one. This is because Wayland uses OpenGL as backend. So
>> Mesa plus the whole driver stack becomes a mandatory part of the trusted
>> computing base for any graphical application. In contrast, nitpicker's
>> trusted computing base is orders of magnitude less complex.
>>
>> That said, I think this does not need to be an either-or discussion
>> because different users have different needs. Not everyone is picky
>> about a low-complexity trusted-computing base. Having the option to use
>> Wayland or nitpicker would be great.
>>
>> As a technical precondition to take a closer look at Wayland on Genode,
>> we first need to address the problem to bring our version of Mesa up to
>> date and provide a way to use hardware-accelerated graphics. Those
>> topics are also important for Qt5's QML. For this reason, I raised the
>> point during the discussion of the road map. Even though we haven't put
>> it on the official road map, we still plan to work on it.
>>
>> >     Where might I find more info on the efforts to run Genode within ARM
>> > TrustZone...
>>
>> We are positively surprised about the response to our TrustZone work.
>> Currently, there is not much documentation available. But we will
>> obviously need to change that.
>>
>> For practical steps of how to start experimenting with TrustZone, maybe
>> Stefan can give you a good starting point?
>>
>> Btw, there will be talk by him at FOSDEM on Sunday in Brussels. We will
>> publish the slides and there may be even a video recording.
>>
>> Best regards
>> Norman
>>
>> --
>> Dr.-Ing. Norman Feske
>> Genode Labs
>>
>> http://www.genode-labs.com · http://genode.org
>>
>> Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
>> Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
>>
>>
>> ------------------------------------------------------------------------------
>> WatchGuard Dimension instantly turns raw network data into actionable
>> security intelligence. It gives you real-time visual feedback on key
>> security issues and trends.  Skip the complicated setup - simply import
>> a virtual appliance and go from zero to informed in seconds.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Genode-main mailing list
>> Genode-main at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/genode-main
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20140204/3cafba32/attachment.html>


More information about the users mailing list