Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

SecuMiKern

@SecuMiKern@sh.itjust.works

This profile is from a federated server and may be incomplete. Browse more on the original instance.

SecuMiKern OP ,

More info on Atmosphere (Open Source Horizon AKA SwitchOS) as I find it fascinating that an OS created for a gaming device got such tight security:

https://www.reddit.com/r/emulation/comments/hygtnx/mesosphere_opensource_nintendo_switch_kernel_now/

Quotes from Creator of Atmosphere:

It is a completely unique microkernel with a cooperative (non-preemptive) scheduler. The kernel is secure -- so far as I can tell (as a reverse engineer and hacker), it has zero security bugs. They throw out years of backwards compatibility (they're not POSIX/UNIX), and they really, really benefit from it from a security and modularity PoV.
Horizon's the only meaningful RTOS with a microkernel that I'm aware of (other than Fuschia). Everything's in userland -- filesystems, gpu (and other device drivers). The OS is capability-based and conceptually all about lots of different processes/drivers ("system modules") that host microservices.
The fact that Nintendo designed such a rock-solid, modular, custom operating system for their consoles fascinates me.

IPC is the hottest hot-path in a microkernel, correspondingly Nintendo marked every function involved in IPC as attribute((always_inline)), this was kind of a huge pain to reverse engineer as a result.
In addition, Nintendo implemented "SvcReplyAndReceive" as a single system call that allows a microservice server process to reply to and receive a new message in one invocation.
That said, there's actually less overhead than you think. Past of why FUSE is slower than a kernel driver for FS is because FUSE has to talk to the kernel to do filesystem stuff, so when you read a file you have your process -> FUSE -> kernel -> hardware. In comparison, on Horizon the kernel is completely uninvolved in filesystem management (it doesn't even have the sdmmc hardware mapped). Thus processes will do process -> FS system module process -> hardware.

In Horizon, everything is very distinctly not a file. There's no global filesystem paths the way that unix/linux have special /dev/whatever.
Pipes don't exist in Horizon -- all IPC is done via the horizon ipc ("HIPC") protocol.
UNIX/POSIX have stuff like fork() and child processes...but creating a process is an incredibly privileged operation in a capability-based operating system. Fork() is impossible to implement in Horizon, all threads are created via SvcCreateThread() instead. Child processes aren't a thing that exist.

SecuMiKern OP ,

Qubes OS is wrapper around underlying operating systems, so it doesn't really fix for example Linux's security holes it just kinda sandbox/virtualize them

Fedora Silverblue seems to be Fedora but immutable so many of linux's problems still apply

SecuMiKern OP ,

Some vulnerabilities are not specific to linux like Heartbleed, Spectre, Meltdown

And even though OpenBSD fix most famous/severe ones, others are not tested or their fix may lag behind

SecuMiKern OP ,

Their basic premise seems solid, but is it actively developed? it seems to go through long periods of inactivity

SecuMiKern OP ,

It's not, GrapheneOS is hardened Android check their site for more information

And android is not just linux + SELinux there is much more to it

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • incremental_games
  • meta
  • All magazines
    •