[trustable-software] No hypervisor required...

[Paul Sherwood]

Thanks Niall, Gerald.

Here's a link to Duncan's original comment (which I've now marked as 
resolved) for posterity

https://docs.google.com/a/codethink.co.uk/document/d/1H8ymdyAxKqBHTDPWY_ltQOwihRQ3iIzTqxjuYQXF8O4/edit?disco=AAAAB6DYk8A

I also wanted to provide a link to Maciej Wolny's comments at:

https://docs.google.com/a/codethink.co.uk/document/d/1H8ymdyAxKqBHTDPWY_ltQOwihRQ3iIzTqxjuYQXF8O4/edit?disco=AAAABx0MKy8

There we covered similar ground, but I think we still got to the same 
point: theoretical/sales claims for hypervisors don't really offer any 
magic advantage versus best-of-breed OS separation, and in any case we 
still have to deal with the realities/threats of contended hardware.

br
Paul

On 2018-06-17 17:58, Niall Dalton wrote:
<snip>
> ​Completely agree. When separately safety critical hard realtime
> from others, the OS / hypervisor discussion is a red herring. Neither
> are sufficient, and it's a system architecture problem (and we make
> the usual tradeoffs in boot sequences etc).​ The safety critical
> stack should be minimally sized as usual.
> 
> When discussing the partition(s) of the system where most of the
> hardware will be, 99.99% of the software, and a vastly increasing
> amount of the compute will take place for the new workloads, then the
> partitioning mechanisms of both regular operating systems and
> hypervisor based systems are sufficient. When consolidating these
> workloads on fewer and much more capable platforms, it hasn't been the
> experience in other domains that the hypervisor is necessary, or that
> it pulls its weight.
> 
> Even in poster-child environments for virtualization, such as public
> clouds, we're moving to 'bare metal' - shifting the administrative
> domains and protection into hardware components in the system. (E.g.
> the approach Amazon takes using their in-house ARM SOCs in x86
> servers).