Thinking out of the box for systems security here :) What if we could increase security of PureOS by virtualizing it on top of the seL4/NOVA microkernel, either using CAmkES or as a Genode virtualization component?
Open, Needs TriagePublic

Description

Here's an interesting video from one of the developers of the Genode OS Framework demonstrating the process with Android(Linux) on ARM (excuse the youtube) https://www.youtube.com/watch?v=voFV1W4yyY8

This would be particularly useful in the context of the Librem 13 Tablet and the Future Librem Phone.

If the Intel ME was reverse engineered to the degree that it could be utilized instead of neutralized, this would present an interesting opportunity.

I believe that we should consider the use of these technologies to help make the Purism Laptops, Tablets, and (future) Phones more secure and help make the internet and the world a safer, better place.

While this could be something to think about, at this moment it is way off the charts. It is undeveloped/untested proposal which would require quite a bit effort to achieve and we are currently overwhelmed with work. Besides manpower/manhours we would need to check against all freedom components (is all free and possible and if not what would require to create free alternative) and how much would impact performance and user experience of the device and OS. PureOS welcomes contributions and proof-of-concept demos if someone does (if you have the skills, feel free to join the community).

PureOS doesn't aim to be the most secure OS on planet (the most secure one is that never gets connected to internet and has the smallest attack surface) but it does aim to be the most advanced and secure OS for everyday use (aka by billion of people that connect and use devices for their daily tasks such as browsing, chatting and usage of specialized software).

Also note that we need to push security thoughts forward: there is no secure OS if the hardware is compromised so bundled combination of PureOS (with its ongoing support from Purism) and Librem line of devices does give the most secure modern high-end device currently on the market.

I feel you. For now, I will experiment with virtualizing PureOS with both sel4 and nova and see if interesting things develop nicely, and relay my results. Since all of the hardware is freed, device drivers will not be a problem for Genode to run perfectly on the Librem device (I wish I had the beefy cash to buy one :/).

Genode is AGPLv3 (w/linking clause), while
seL4 and NOVA are both GPLv2. There is very little if any non-free components, but I would expect an audit to take place nonetheless due to the nature of Debian/PureOS.

I believe in mathematically proven security to be a vital aspect of computing freedom. Its very possible for one to be free yet insecure... I hope the time and effort of this post to be of any value to Purism, PureOS, and the Librem devices.

And I absolutely love that PureOS is developed with the Librem hardware in mind primarily. The Librems are without a doubt the standard of freedom and quality. This makes them highly-secure, but is still low-assurance, undeniably.

So, this raises the obvious question of a custom kernel. Should we have TWO branches where we chop EVERYTHING out of the kernel and userspace that the Librem devices wouldn't ever ever need (reducing the trusted computing base by a sizable amount thus increasing security) and keep a Primary Branch with everything included as it currently stands for all other devices?

For the custom kernel - yes, I have for some time that in mind basically called on my TODO list as "PureOS kernel optimization" - the thing is that I wanted to have grsec enabled kernel by default before digging into that (as vanilla grsec is not meant for proper desktop usage) but now we faced the dawn of grsec so I am not sure yet how we will approach all that. If you have the skillset, I would gladly chat about it (I refurbished 6 Librem15v2 (prototypes and returns) which would end up maybe missing one components (such as disk or battery) but they are enough for development for future contributors to PureOS).

Also, keep me notified (via this thread or via mail) about your experiment :)

This is all so exciting!

If you have any smashed up, deformed, or otherwise defective librem laptops missing a battery and disk and have no chance of selling them, I wouldn't mind taking it off of your hands for me to do some experimental PureOS development! :)

We do have some refurbished Librems (as I mentioned it already here) but to get it you need to show some work already. Feel free to ping me on IRC (zlatan on freenode) or mail me directly so we talk about it.

todd reassigned this task from todd to zlatan.todoric.Jan 6 2018, 8:23 PM
todd added a subscriber: todd.

Should probably go to Zlatan, or maybe Kyle.

Add Comment