| ▲ | milesvp 2 hours ago | |
There are people working on this problem honestly. The general solution 10 years ago was a micro kernel. Today, I’m not sure. The linux model is starting to look dated, with similar problems elsewhere. Modern hardware design looks less and less like classic textbook design, with all kinds of random chips having direct memory access to memory the cpu uses on some shared bus. Where even things like on board blue tooth chips can become attack vectors on the system. There was a good keynote on the topic 5 years ago By Timothy Roscoe https://www.usenix.org/conference/osdi21/presentation/fri-ke... | ||
| ▲ | MatejKafka an hour ago | parent [-] | |
Agree with all of those points and there are some partial solutions (IOMMU, userspace drivers, virtualization,...), but we're still quite far from being able to safely connect untrusted hardware and load its driver without effectively giving it privileged access. | ||