Re: Combining Hurd and Qubes OS for security reasons? Possible?

[Richard Braun]

On Wed, Dec 23, 2015 at 11:56:23AM +0100, David Renz wrote:
> You can under no circumstances get a secure system running on one or
> multiple "system(s) of its/their own", because - as you have said it very
> precisely - you have no control over this.

That's not what I said. First, you don't run a secure system "on one or
multiple systems of their own". You run one system among multiple ones.
Then, that system must have control over memory access because that's
where the data is and that's what you want to protect. Finally, you
need hardware that can actually restrict memory access from devices that
are external from the point of view of that main system and physical
memory.

After reviewing SMM a bit more, it seems to be an x86 processor operating
mode, giving access to normally inaccessible resources, hidden from the
operating system, which means firmwares using that mode actually run on
the main processor, and are subject to neither IOMMU nor MMU restrictions.

If I'm right, it seems you just can't protect an x86 system from firmware
interference.

-- 
Richard Braun