| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Nov 2013 08:47:07 +0100 From: Jan Kiszka <jan.kiszka@...mens.com> To: Jailhouse <jailhouse-dev@...glegroups.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, kvm <kvm@...r.kernel.org> Subject: [ANNOUNCE] Jailhouse: A Linux-based Partitioning Hypervisor We are happy to announce the Jailhouse project, now also to a broader community! Jailhouse is a partitioning hypervisor that can create asymmetric multiprocessing (AMP) setups on Linux-based systems. That means it runs bare-metal applications or non-Linux OSes aside a standard Linux kernel on one multicore hardware platform. Jailhouse ensures isolation between these "cells", as we call them, via hardware-assisted virtualization. The typical workloads we expect to see in non-Linux cells are applications with highly demanding real-time, safety or security requirements. In contrast to comparable hypervisors, Jailhouse is loaded and configured via Linux, not the other way around. Give it a try to see and "feel" the difference. The aim of Jailhouse is to keep the amount of code responsible for establishing and maintaining cell isolation as small as possible. And with small we mean a few thousand lines of code at the privilege level of the hypervisor. This is obviously much less than you can achieve with full-featured hypervisors like KVM. See also the Jailhouse presentation at this year's KVM Forum for the differentiation between KVM and Jailhouse, as well as possible combinations of both: https://docs.google.com/file/d/0B6HTUUWSPdd-Zl93MVhlMnRJRjg Jailhouse is clearly in an incubator stage. We currently only support Intel x86, including a demonstration setup inside QEMU/KVM. Also, we still lack a number features and measures in order to truly and provably isolate cells from each other. Besides working on this, ARM support is on our road map as well. As we would like to motivate early feedback, including potential contributions, we already released the code under GPLv2: https://github.com/siemens/jailhouse Aside the master branch, you can also find a first step towards the KVM-on-Jailhouse concept presented at KVM Forum 2013. Looking forward to your feedback! Jan -- Siemens AG, Corporate Technology, CT RTC ITP SES-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists