lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <528B177B.5020604@siemens.com>
Date:	Tue, 19 Nov 2013 08:47:07 +0100
From:	Jan Kiszka <jan.kiszka@...mens.com>
To:	Jailhouse <jailhouse-dev@...glegroups.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	kvm <kvm@...r.kernel.org>
Subject: [ANNOUNCE] Jailhouse: A Linux-based Partitioning Hypervisor

We are happy to announce the Jailhouse project, now also to a broader
community!

Jailhouse is a partitioning hypervisor that can create asymmetric
multiprocessing (AMP) setups on Linux-based systems. That means it runs
bare-metal applications or non-Linux OSes aside a standard Linux kernel
on one multicore hardware platform. Jailhouse ensures isolation between
these "cells", as we call them, via hardware-assisted virtualization.
The typical workloads we expect to see in non-Linux cells are
applications with highly demanding real-time, safety or security
requirements. In contrast to comparable hypervisors, Jailhouse is loaded
and configured via Linux, not the other way around. Give it a try to see
and "feel" the difference.

The aim of Jailhouse is to keep the amount of code responsible for
establishing and maintaining cell isolation as small as possible. And
with small we mean a few thousand lines of code at the privilege level
of the hypervisor. This is obviously much less than you can achieve with
full-featured hypervisors like KVM. See also the Jailhouse presentation
at this year's KVM Forum for the differentiation between KVM and
Jailhouse, as well as possible combinations of both:

https://docs.google.com/file/d/0B6HTUUWSPdd-Zl93MVhlMnRJRjg

Jailhouse is clearly in an incubator stage. We currently only support
Intel x86, including a demonstration setup inside QEMU/KVM. Also, we
still lack a number features and measures in order to truly and provably
isolate cells from each other. Besides working on this, ARM support is
on our road map as well. As we would like to motivate early feedback,
including potential contributions, we already released the code under GPLv2:

https://github.com/siemens/jailhouse

Aside the master branch, you can also find a first step towards the
KVM-on-Jailhouse concept presented at KVM Forum 2013.

Looking forward to your feedback!

Jan

-- 
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ