[l-albertovich]

Sorry about the late reply but this is something I've been thinking about for a long time and something for which I have been trying to design my own carrier board while waiting for the turing pi 2.

Think about Qubes OS where you define different "security contexts" for diferent workloads where each of these run in isolated virtual machines. If properly implemented it's a pretty sturdy solution but you're one hypervisor away from total compromise regardless of what you do.

Now think of the same thing except this time you have one main system that acts as a firewall, shared resource, pxe and window server and a few secondary nodes that boot up from lightweight static images they get from the main node and mount specific resources from it to achieve a sense of persistence (ie. firefox / thunderbird profiles, etc).

There you have a pretty decently marked attach surface so you know which services you need to audit and isolate in the main box.

In my mind I'd love to have the same thing but with the compute modules laying parallel to the main board to be able to fit it in an oversized laptop form factor (kind of like the mnt reform) but this would be a really cool middle ground.

I plan on getting to the software side of it as soon as I have some spare time because even if this doesn't work or isn't ever in stock the whole thing could be put together in a ghettoish way using regular PIs and it'd still be something that could be fit in a mini tower with a small switch which would be good enough for me.