Conversation

RISC-V (

) is the future of secure systems. Looking forward to broadening adoption of this open architecture. #RISCV

1

2

26

virtual signalist

Replying to

and

If it doesn't support the full gamut of protections offered by a bare-metal hypervisor like Xen, then it doesn't seem very secure. But maybe someday.

3

1

Replying to

and

Xen doesn't guarantee isolation. Formally verified separation atop of RISC-V is achievable with sel4. General purpose tagged architectures and HW verification frameworks like Kami will provide the strongest guarantees for secure systems.

1:44 PM · Oct 2, 2020Twitter for Android

virtual signalist

Replying to

and

The level of isolation delivered is about the same; even microkernels rely on hw features as primitives and side-channels remain an issue w both. The difference is you can have a highly functional PC under Xen, as QubesOS shows.