[fsflover]

What is wrong about virtualization? It allows to run all existing software, it doesn't restrict the owner of the device, it is extremely flexible and reliable. And it can be fast, too.

[Joel_Mckay]

see other comment, the author describes some issues with current hardware virtualization. kvm is also pretty good, but not perfect... and completely irrelevant with GPU pass-through enabled. =3

[fsflover]

Which other approach to security do you consider reliable? Through correctness? Through obscurity?

https://blog.invisiblethings.org/2008/09/02/three-approaches...

[Joel_Mckay]

Publicly documented encrypted mmu, as it is the only practical way to isolate contexts on parallel cores.

Or some exotic processor no one would ever sell successfully. =3

[wmf]

Intel SGX/TDX and AMD SEV-SNP implemented that (although it was hacked the other day) and some clouds offer it.

[Rohansi]

What would an encrypted MMU do differently?

[Joel_Mckay]

Mitigates undetectable bleeding/contamination of information between parallel processes, cores, and or rowhammer etc.

Thus, writing a robust and secure OS may actually be possible by competent programmers in most compiled languages. Best of luck =3

[Rohansi]

But how does it accomplish that? And how can you guarantee it would solve those hardware issues?