Re: Combining Hurd and Qubes OS for security reasons? Possible?

[Samuel Thibault]

David Renz, on Sun 20 Dec 2015 22:40:03 +0100, wrote:
> 1) I have seen ACPI code in 'real life' which is able to modify Windows, Linux
> and BSD systems on the same computer (probably code stored in the DSDT table).
> So even if Hurd would use ACPI only e. g. for shutting down the computer: 
> Could
> the according function call used for shutting down the computer lead to other
> ACPI code being executed? I would guess that this might be possible.

I don't know. See the code in ./i386/i386at/acpihalt.c.  That looks like
a small interpreter.  I don't know what it's able to do.

> 2) If booting Hurd or Linux with the "acpi=off" boot parameter, would this 
> rule
> out the possibility that (malicious) ACPI code might get executed?

In the Mach case, yes, because we'd then not use ACPI at all.  I guess
it's the same with Linux.

> > > Wouldn't it potentially increase one's security by many times, if one 
> > > would
> be
> > > able to let (e. g.) Debian Hurd as a template VM on top of a Qubes OS
> system?
> >
> > Well, that'll replace the GNU Mach ACPI implementation with the Xen
> > implementation, i.e. trading one security surface by another. Since the
> > Xen one is well-tested, that can be a good trade :)
> 
> Wouldn't a Qubes OS Hurd template be very much like running on a (perhaps more
> secure) VM?

I can only guess so, I don't know what Qubes provides beyond Xen.

Samuel