By: Jose (1.delete@this.2.com), March 18, 2021 9:35 am
Room: Moderated Discussions
Linus Torvalds (torvalds.delete@this.linux-foundation.org) on March 17, 2021 10:30 am wrote:
> Doug S (foo.delete@this.bar.bar) on March 17, 2021 9:30 am wrote:
> >
> > While everyone agrees that the performance hit of microkernels is real, for applications where
> > security is paramount it is totally worth it.
>
>
> If you actually want security - and this isn't some theory, this is how people actually do it
> - you implement physically separate systems, and you make the secure side much simpler, and
> you do code review like there is no tomorrow. Ie automotive, automation, things like that.
>
That's exactly the way it is typically done in the payment terminal industry, especially for android based stand alone POS terminals. You have the main CPU running the UI transaction flow bits, while a separate secure MCU handles all security-related operations, like tamper sensor handling, secret key storage, cryptographic manipulations etc. The only connection between the two of them is an SPI bus. The Secure MCU usually runs a very small RTOS, or even bare metal code.
Regards,
Jose
> Doug S (foo.delete@this.bar.bar) on March 17, 2021 9:30 am wrote:
> >
> > While everyone agrees that the performance hit of microkernels is real, for applications where
> > security is paramount it is totally worth it.
>
>
> If you actually want security - and this isn't some theory, this is how people actually do it
> - you implement physically separate systems, and you make the secure side much simpler, and
> you do code review like there is no tomorrow. Ie automotive, automation, things like that.
>
That's exactly the way it is typically done in the payment terminal industry, especially for android based stand alone POS terminals. You have the main CPU running the UI transaction flow bits, while a separate secure MCU handles all security-related operations, like tamper sensor handling, secret key storage, cryptographic manipulations etc. The only connection between the two of them is an SPI bus. The Secure MCU usually runs a very small RTOS, or even bare metal code.
Regards,
Jose
| Topic | Posted By | Date |
|---|---|---|
| x86 - why unite when you can fragment? | anonymou5 | 2021/03/12 06:16 PM |
| x86 - why unite when you can fragment? | Linus Torvalds | 2021/03/13 01:18 PM |
| x86 - why unite when you can fragment? | Jon Masters | 2021/03/13 07:25 PM |
| x86 - why unite when you can fragment? | Jon Masters | 2021/03/13 07:44 PM |
| x86 - why unite when you can fragment? | Yuhong Bao | 2021/03/13 08:49 PM |
| x86 - why unite when you can fragment? | tt | 2021/03/20 09:30 AM |
| x86 - why unite when you can fragment? | Andrey | 2021/03/14 04:15 PM |
| x86 - why unite when you can fragment? | Linus Torvalds | 2021/03/14 04:58 PM |
| x86 - why unite when you can fragment? | anonymou5 | 2021/03/14 05:31 PM |
| x86 - why unite when you can fragment? | anon2 | 2021/03/14 08:07 PM |
| Microkernel? | Anon | 2021/03/14 11:49 PM |
| Microkernel? | none | 2021/03/15 12:37 AM |
| Microkernel? | Anon | 2021/03/15 01:56 AM |
| Microkernel? | anon2 | 2021/03/15 01:58 AM |
| Microkernel? | Simon Farnsworth | 2021/03/15 03:12 AM |
| Microkernel? | anon2 | 2021/03/15 04:53 AM |
| Microkernel? | Simon Farnsworth | 2021/03/15 06:56 AM |
| Microkernel? | iz | 2021/03/15 08:10 AM |
| Microkernel? | Anon | 2021/03/15 09:05 AM |
| Microkernel? | iz | 2021/03/16 01:25 AM |
| Microkernel? | Andrey | 2021/03/16 02:54 AM |
| Microkernel? | iz | 2021/03/16 08:36 AM |
| Microkernel? | Andrey | 2021/03/16 10:06 AM |
| Microkernel? | anonymou5 | 2021/03/16 11:44 AM |
| Microkernel? | iz | 2021/03/21 02:58 AM |
| Microkernel? | Andrey | 2021/03/21 09:34 AM |
| Microkernel? | anon2 | 2021/03/15 08:31 AM |
| Microkernel? | Simon Farnsworth | 2021/03/16 04:42 AM |
| Microkernel? | Gabriele Svelto | 2021/03/15 03:21 AM |
| Microkernel? | anon2 | 2021/03/15 04:56 AM |
| Microkernel? | Gabriele Svelto | 2021/03/15 10:41 AM |
| Microkernel? | anon2 | 2021/03/15 08:00 PM |
| Microkernel? | Gabriele Svelto | 2021/03/16 07:23 AM |
| Microkernel? | anon2 | 2021/03/16 05:13 PM |
| Microkernel? | anon2 | 2021/03/16 05:16 PM |
| Microkernel? | Gian-Carlo Pascutto | 2021/03/16 01:40 PM |
| Microkernel? | anon2 | 2021/03/16 05:53 PM |
| Microkernel? | Linus Torvalds | 2021/03/16 07:25 PM |
| Microkernel? | Doug S | 2021/03/17 09:30 AM |
| Microkernel? | Linus Torvalds | 2021/03/17 10:30 AM |
| Microkernel? | Brendan | 2021/03/17 10:56 PM |
| Microkernel? | Michael S | 2021/03/18 03:47 AM |
| Microkernel? | Brendan | 2021/03/18 09:07 AM |
| Microkernel? | Jose | 2021/03/18 09:35 AM |
| Microkernel? | zArchJon | 2021/03/18 05:42 PM |
| Transputer | RichardC | 2021/03/17 09:47 AM |
| Microkernel? | dmcq | 2021/03/17 11:15 AM |
| Microkernel? | Linus Torvalds | 2021/03/17 11:59 AM |
| Microkernel? | dmcq | 2021/03/17 12:38 PM |
| Microkernel? | Adrian | 2021/03/17 01:00 PM |
| Microkernel? | Ana R. Riano | 2021/03/18 04:33 AM |
| Microkernel? | ⚛ | 2021/04/30 04:52 PM |
| Microkernel? | NvaxPlus | 2021/03/17 11:48 AM |
| Microkernel? | Michael S | 2021/03/18 03:32 AM |
| Microkernel? | Adrian | 2021/03/18 04:12 AM |
| Microkernel? | dmcq | 2021/03/18 06:30 AM |
| Microkernel? | dmcq | 2021/03/18 06:55 AM |
| Microkernel? | Adrian | 2021/03/18 08:35 AM |
| Microkernel? | --- | 2021/03/18 09:49 AM |
| Microkernel? | dmcq | 2021/03/18 10:59 AM |
| Microkernel? | dmcq | 2021/03/18 04:09 PM |
| Microkernel? | --- | 2021/03/18 09:27 AM |
| Microkernel? | Kalle A. Sandström | 2021/03/20 06:34 AM |
| Microkernel? | --- | 2021/03/20 08:35 AM |
| Microkernel? | anon2 | 2021/03/21 05:29 PM |
| Microkernel? | dmcq | 2021/03/15 04:06 AM |
| Microkernel? | anon2 | 2021/03/15 04:59 AM |
| Microkernel? | dmcq | 2021/03/15 11:51 AM |
| Microkernel? | anon2 | 2021/03/15 08:31 PM |
| Microkernel? | dmcq | 2021/03/16 09:17 AM |
| Microkernel? | Jukka Larja | 2021/03/16 11:22 AM |
| Microkernel? | dmcq | 2021/03/16 04:06 PM |
| Microkernel? | Jukka Larja | 2021/03/17 03:42 AM |
| Microkernel? | dmcq | 2021/03/17 07:00 AM |
| Microkernel? | anon2 | 2021/03/16 05:26 PM |
| Microkernel? | --- | 2021/03/16 10:07 AM |
| Microkernel? | -.- | 2021/03/15 08:15 PM |
| Microkernel? | anon2 | 2021/03/15 09:18 PM |
| Microkernel? | Foo_ | 2021/03/16 03:37 AM |
| Read the thread (NT) | anon2 | 2021/03/16 05:27 PM |
| Already did (NT) | Foo_ | 2021/03/17 02:55 AM |
| Already did | anon2 | 2021/03/17 03:46 AM |
| Already did | Etienne Lorrain | 2021/03/18 02:31 AM |
| Microkernel? | -.- | 2021/03/17 05:04 AM |
| Microkernel? | Gabriele Svelto | 2021/03/17 08:53 AM |
| Microkernel? | -.- | 2021/03/17 02:43 PM |
| Microkernel? | dmcq | 2021/03/16 08:40 AM |
| x86 - why unite when you can fragment? | Konrad Schwarz | 2021/03/17 10:19 AM |
| x86 - why unite when you can fragment? | anonon | 2021/03/15 07:37 AM |
