Is X11 forwarding still implemented?

Jookia 166291 at ...9...
Mon Jun 15 14:07:33 CEST 2015


On Mon, Jun 15, 2015 at 10:15:03AM +0200, Norman Feske wrote:
> Hi Jookia,

Hello again,

> As you are repeatedly speaking of TrustZone, I assume that you are going
> to target ARM only?

So here's the deal with this: I'm a free software zealot so naturally I have a
Novena board  that I want to use for all my computing. Right now I've started
porting NixOS to it given someone's porting the Nix package manager to Genode
and I really like the idea of an immutable package manager that can explicitly
show an application's TCB.

I'm also a big fan of Qubes and security through isolation. Unfortunately, the
Novena uses the i.MX6 chipset which has an ARM Cortex-A9 CPU which means there's
no capacity for hardware-based virtualization or isolation. So I'm left with
three choices: Don't isolate my environment and use a single GNU/Linux desktop,
try porting Qubes to LXC and have a monolithic kernel as a hypervisor, or go
down the road of using the wrong tool for the job: TrustZone.

>From what I know TrustZone is ideally used to host a small secure operating
system alongside a regular operating system. I'd like to be able to use the
TrustZone as my normal operating system and use the normal world for untrusted
hardware like network adapters or USB sticks. Combining this with L4Linux I'm
hoping I'll be able to have some virtual machines spread out in a Qubes fashion
with some hardware protection.

Aside from the Novena I have my current x86_64 i7 920 machine and also a
laptop with an Intel Atom processor. I don't really consider these as
interesting targets for development, though I wouldn't mind setting up Genode on
the laptop for fun. Don't hold me to that though.

> Cheers
> Norman

Cheers!
Jookia.




More information about the users mailing list