[Joel_Mckay]

see other comment, the author describes some issues with current hardware virtualization. kvm is also pretty good, but not perfect... and completely irrelevant with GPU pass-through enabled. =3

[fsflover]

Which other approach to security do you consider reliable? Through correctness? Through obscurity?

https://blog.invisiblethings.org/2008/09/02/three-approaches...

[Joel_Mckay]

Publicly documented encrypted mmu, as it is the only practical way to isolate contexts on parallel cores.

Or some exotic processor no one would ever sell successfully. =3

[wmf]

Intel SGX/TDX and AMD SEV-SNP implemented that (although it was hacked the other day) and some clouds offer it.

[Rohansi]

What would an encrypted MMU do differently?

[Joel_Mckay]

Mitigates undetectable bleeding/contamination of information between parallel processes, cores, and or rowhammer etc.

Thus, writing a robust and secure OS may actually be possible by competent programmers in most compiled languages. Best of luck =3

[Rohansi]

But how does it accomplish that? And how can you guarantee it would solve those hardware issues?

[Joel_Mckay]

The memory areas would appear as ciphertext to other processes/unprivileged-cores in most cases even when hardware has glitched up. If you are asking how they specifically implemented the mmu <-> unreachable key handling outside the OS, that information was never public if I recall.

I've often pondered how it was really implemented too. Best of luck. =3

"Why Multi-Threaded Code Can Sometimes Misbehave (Weak Memory Concurrency)" (Computerphile)

https://www.youtube.com/watch?v=E3hvLz717zM