Google is already working on a KVM-based protected hypervisor for Android: https://lwn.net/Articles/836693/. It should be possible to make it work on generic ARM Linux with some modifications. It's currently ARM-only but the basic design is applicable for x86 too (and it's also likely that Google will eventually port it to x86 for Chrome OS if it works out).
The first feature to make use of this on Android will be compiling DEX bytecode of signed system apps: https://source.android.com/docs/core/virtualization/usecases#isolated-compilation
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Could possibly reuse something from Android AVF?
Date: 2022-12-10 01:39 pm (UTC)Google is already working on a KVM-based protected hypervisor for Android: https://lwn.net/Articles/836693/. It should be possible to make it work on generic ARM Linux with some modifications. It's currently ARM-only but the basic design is applicable for x86 too (and it's also likely that Google will eventually port it to x86 for Chrome OS if it works out).
The first feature to make use of this on Android will be compiling DEX bytecode of signed system apps: https://source.android.com/docs/core/virtualization/usecases#isolated-compilation