Multikernel support?

General Discussion
1

Hi Qubeheads,

I recently became aware of multikernels, which seem to be the logical opposite of unikernels:

Unlike containers that share a kernel or VMs that add virtualization overhead, our multikernel architecture provides true kernel isolation with near bare-metal performance, dynamic resource allocation, and application-optimized environments.

As multikernels have recently gone open-source and reached out to LKML, there are now a few posts to the LKML that mention the addition of multikernel support to the kernel. [1] [2]

My questions are straightforward:

  • How does this affect Xen and the broader Qubes ecosystem?
  • From a Qubeshead perspective, would such an implementation actually increase or decrease security?
  • Could it lead to increased performance, reliability, or ease of implementation in Qubes? Could it increase or decrease the virtualization overhead?

It might not be too practical from a domU perspective, but what about from a dom0 perspective?

I know absolutely nothing about multikernels and only the basics around unikernels, so I’d appreciate if some of the more experienced kernel hackers could help me understand what this means for virtualization, security, Linux, and the Qubes ecosystem.

2

Multikernels seem very promising.

I doubt Qubes OS could just abandon Xen, and start using multikernels, it would mean you can only run Linux.

I also don’t see how multiple kernels can share the same physical hardware, without it leading to security issues.

Replacing Xen with Linux also seem like it would drastically increase the attack surface.

2 Likes
3

According to official website:

Multikernel Technologies delivers the next generation of cloud operating systems with unprecedented performance, security, and resource efficiency for modern computing environments.

Multikernel Technologies delivers transformative advantages for enterprise and cloud infrastructure.

Multikernel focus on cloud and enterprise, that mean server rooms. QubesOS useless as cloud OS, maximum as nice lab setup.
You plan to run such setup with cloud hardware (U4 server with Xeon/Epyc multi-cpu motherboard) or on private laptop?

  • Xen can run as cloud solution, but no In context of QubesOS.

  • Increasing or decreasing of security depend on who and how manage such setup, it may solve same QubesOS limits regrading unexpected OS as network gateway

  • It definitely will decrease performance, and you can read it at official documentations.
    Also important question, which hardware may handle such setup? (multi-cpu laptop?)

Near bare-metal performance with dynamic hardware resource allocation

I believe that QubesOS is hard enough for maintenance without multikernel on same machine, and also support multikernel but for it’s own Qubes.

1 Like
4