Makatea: Qubes-like OS on seL4

fsflover · March 22, 2022, 6:33pm

https://www.trustworthy.systems/projects/TS/makatea

See also earlier topics about alternative operating systems

Qubes-lite With KVM and Wayland
and

Spectrum OS discussion

and

BastilleBSD discussion

and

Bottlerocket

fsflover · March 22, 2022, 6:41pm

Port Qubes to ppc64 [3 bitcoin bounty]

opened 02:54AM - 18 Sep 18 UTC

Rspigler

T: enhancement help wanted C: core P: default bounty

QubesOS is the most secure operating system available, by far. However, it unfo…rtunately only runs on the x86 instruction set, which runs on unauditable and insecure firmware. The Power Architecture is a much more secure ISA. Products like the Talos II (edit: and now much more affordable Blackbird) with the Power9 CPU are fully open, with auditable schematics, firmware, and software - and being able to run QubesOS on such devices would be a huge win for the infosec community. There are various ways to achieve this compatibility, so I thought that this issue could be a way to track them/discuss. 1 - Xen could have a ppc64 port (Raptor Computing Systems has offered free hardware to incentivize) 2 - Using the seL4 microkernel (https://github.com/QubesOS/qubes-issues/issues/3894), which is already looking into supporting the Power Architecture 3 - Qubes' Hypervisor Abstraction Layer (HAL), which utlizes libvirt to support multiple hypervisors, yet currently only supports Xen, could be expanded to support KVM, to run on ppc64. Edit 2021/21/01: Please see [here](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-425749018) for general KVM target goals, and [here](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-549986749) for a detailed list of tasks for KVM/Power. See [here](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-775609640) for most recent ppc64le/kvm status updates. Please see the below chronological updates to funding: - [1](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-764908374) - [2](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-779379318) - [3](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-779497332) In summary, for KVM we have a 3 bitcoin bounty, ~~and an additional 0.5 bitcoin remaining for matching funds~~ (deadline passed with 0.5 matching funds filled out of 1 bitcoin matching funds offered - see [here](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-937007407)). The match offer expired on July 28th 2021. Details of the bounty are below: @leo-lb paid @shawnanastasio 0.2 btc out of his 1 bitcoin bounty here: https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-630972681 @Rspigler (me) paid Shawn 0.5 bitcoin out of his 1.5 bitcoin bounty [here](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-779415652). I have also offered hardware (Blackbird mainboard and one 4 core Power9 CPU) for a developer who will use it towards this project. See post [here](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-947341382). @Rudd-O pledged 0.5 bitcoin [here](https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-779477070) (has paid 0). ~~I (Robert) have a remaining 0.5 matching bitcoin offer that expires on July 28th 2021.~~ To conclude, the total bounty is 3 bitcoin, with 0.7 bitcoin rewarded and 2.3 bitcoin remaining. Last updated: November 10th, 2021

GWeck · March 23, 2022, 9:17am

That’s about what I suggested some time earlier in issue #3894 ‘Use verified L4 kernel instead of Xen’. I hope they get along with that, and in close cooperation with Qubes!

Demi · March 23, 2022, 1:51pm

The reason it is Qubes-like, rather than being a full Qubes OS port, is that it is limited to server-side uses where all VMs are defined in a compile-time configuration file. Obviously this is not sufficient for the desktop use-cases that Qubes OS targets. I both hope and believe that Qubes OS can and will be ported to seL4 at some point, but this will require substantial development effort.

Kaizer · March 26, 2022, 6:50am

SEL4 + Qubes is game changer

But unsw been talking about this for 10 years