Mailing List Archive

Hello Denis!

The use case you described is every interesting.
In short, it can be achieved as there is a linux kernel under Android.
Also I have found:
https://xen4android.github.io/about/
https://forum.odroid.com/viewtopic.php?t=6370
https://ieeexplore.ieee.org/document/7927127
and some xen wiki pages:
https://wiki.xenproject.org/wiki/Category:Android

I myself also work on similar ideas to secure critical domains with Xen on
automotive/self-driving systems.

But there are also a few words I want to clarify.
Usually, in those real-time and safety-critical systems (cellphone is not
sc, I guess), a seperation kernel based os is more preferred.
For example, Apple has a small l4 os running in security enclaves, and okl4
was once largely used as a secure microvisor.
I use Xen in my projects mainly out of engineering and availability
reasons, as there is an important fact that Xen does support linux systems
well and a lot of applications are well developed on Xen (e.g. ros systems).

In the end, I think so far you have done a great job.
Any insights about your dom0 performance?

Good luck and have fun!
Kun

Denis Obrezkov <denisobrezkov@gmail.com> ?2019?8?28??? ??3:06???

> Hello,
>
> during last three months I was porting Xen to Beagleboard-x15 within
> GSoC 2019.
> Here is my final report:
> https://medium.com/@denisobrezkov/xen-on-beagleboard-x15-a517ea7d9bb
> So, now dom0 can run to some extent.
>
> But my purpose is to run Android in domU on arm32 (or arm64). Is it
> possible?
> I found this article:
>
> https://events.static.linuxfound.org/sites/events/files/slides/Xen%20Automotive%20RC1.pdf
> What is the current status of this work?
>
> I want to use Android with Xen for improving mobile and maybe IoT
> security (that is my phd topic in Bremen Uni). It's kind of close to
> automotive xen usage but for mobile devices (trusted dom0 and untrusted
> domU).
>
> --
> Regards, Denis Obrezkov
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xenproject.org
> https://lists.xenproject.org/mailman/listinfo/xen-users

Hi Kun,

thank you for the links.

>
> But there are also a few words I want to clarify.
> Usually, in those real-time and safety-critical systems (cellphone is
> not sc, I guess), a seperation kernel based os is more preferred. 
> For example, Apple has a small l4 os running in security enclaves, and
> okl4 was once largely used as a secure microvisor.

My project is more about usability of security mechanisms. So, I don't
have any real-time constraints.
The basic idea is that a device might run Linux in dom0 and Android in
domUs with Xen Security Modules and SELinux enabled on each VM. And the
main access policy is stored in dom0 and controlled remotely. For
example, you might have different permissions to a storage and
peripheral based on your current location (e.g. you can't use camera
being on your workplace) and dom0 is responsible for controlling it.
Less formal motivation is that you might have a Linux mobile device
(like from Jolla or Puri.sm) and run Android apps with permissions
installed by dom0.

I am also wondering what is the best supported modern arm platform in Xen.


>  In the end, I think so far you have done a great job.
> Any insights about your dom0 performance?
Unfortunately, I haven't tested it properly yet. The current state is
that it is possible to run Linux+Busybox in dom0.
>
> Good luck and have fun!
> Kun
>
> Denis Obrezkov <denisobrezkov@gmail.com
> <mailto:denisobrezkov@gmail.com>> ?2019?8?28??? ??3:06???
>
> Hello,
>
> during last three months I was porting Xen to Beagleboard-x15 within
> GSoC 2019.
> Here is my final report:
> https://medium.com/@denisobrezkov/xen-on-beagleboard-x15-a517ea7d9bb
> So, now dom0 can run to some extent.
>
> But my purpose is to run Android in domU on arm32 (or arm64). Is it
> possible?
> I found this article:
> https://events.static.linuxfound.org/sites/events/files/slides/Xen%20Automotive%20RC1.pdf
> What is the current status of this work?
>
> I want to use Android with Xen for improving mobile and maybe IoT
> security (that is my phd topic in Bremen Uni). It's kind of close to
> automotive xen usage but for mobile devices (trusted dom0 and untrusted
> domU).
>
> --
> Regards, Denis Obrezkov
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xenproject.org <mailto:Xen-users@lists.xenproject.org>
> https://lists.xenproject.org/mailman/listinfo/xen-users
>

--
--
Regards, Denis Obrezkov

_______________________________________________
Xen-users mailing list
Xen-users@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-users

Hey, that's my super old slides!

We have Android port working on R-Car gen3 chips (with all HALs properly
implemented), you can check out repositories here:
https://github.com/xen-troops


On Tue, Aug 27, 2019, 22:06 Denis Obrezkov <denisobrezkov@gmail.com> wrote:

> Hello,
>
> during last three months I was porting Xen to Beagleboard-x15 within
> GSoC 2019.
> Here is my final report:
> https://medium.com/@denisobrezkov/xen-on-beagleboard-x15-a517ea7d9bb
> So, now dom0 can run to some extent.
>
> But my purpose is to run Android in domU on arm32 (or arm64). Is it
> possible?
> I found this article:
>
> https://events.static.linuxfound.org/sites/events/files/slides/Xen%20Automotive%20RC1.pdf
> What is the current status of this work?
>
> I want to use Android with Xen for improving mobile and maybe IoT
> security (that is my phd topic in Bremen Uni). It's kind of close to
> automotive xen usage but for mobile devices (trusted dom0 and untrusted
> domU).
>
> --
> Regards, Denis Obrezkov
>