Comment by transpute
1 year ago
Android Virtualization Framework with pKVM on Pixel 7+ can technically allow unmodified Linux VMs to run in parallel with "official" VMs that pass hardware attestation. This feature is not yet exposed to end-users.
1 year ago
Android Virtualization Framework with pKVM on Pixel 7+ can technically allow unmodified Linux VMs to run in parallel with "official" VMs that pass hardware attestation. This feature is not yet exposed to end-users.
The point is that apps you need to run will only do so in the "official" VMs that pass hardware attestation and will intentionally fail in the unmodified Linux VMs.
If a banking app or DRM-encumbered streaming app can run in the official attested VM, what would be the benefit of running such closed apps in unmodified Linux VMs?
If banks and streaming vendors don't trust unmodified VMs, why would open-source Linux VMs trust closed apps with binary blobs?
One benefit of running open-source Linux VMs is access to the vast corpus of mature open-source software applications packaged by Debian, Fedora, etc.
> what would be the benefit of running such closed apps in unmodified Linux VMs?
That you wouldn't need the official attested VM anymore.
> why would open-source Linux VMs trust closed apps with binary blobs?
The point is that with an open-source Linux VM, the user could decide what to trust instead of some megacorp deciding for everyone.
> vast corpus of mature open-source software applications
The problem is that there's a lot of proprietary apps that are both (1) necessary for a lot of real-world things, e.g., the SeatGeek app for tickets to shows, and (2) not replaceable with FOSS because the company will ban you if you connect to their API with a third-party client.
5 replies →