Back in February we talked about hardware accelerated virtual machines coming to NetBSD. We are happy to report the NetBSD Virtual Machine Monitor (NVMM) is now available in NetBSD's development (-current) branch and will be included in the release of NetBSD 9. The NetBSD blog has some interesting observations with regards to NVMM. "One thing you may have noticed from Fig. A, is that the complex emulation machinery is not in the kernel, but in userland. This is an excellent security property of NVMM, because it reduces the risk for the host in case of bug or vulnerability – the host kernel remains unaffected –, and also has the advantage of making the machinery easily fuzzable. Currently, this property is not found in other hypervisors such as KVM, HAXM or Bhyve, and I hope we'll be able to preserve it as we move forward with more backends. Another security property of NVMM is that the assists provided by libnvmm are invoked only if the emulator explicitly called them. In other words, the complex machinery is not launched automatically, and an emulator is free not to use it if it doesn't want to. This can limit the attack surface of applications that create limited VMs, and want to keep things simple and under control as much as possible."
Star Labs - Laptops built for Linux.
View our range including the Star Lite, Star LabTop and more. Available with a choice of Ubuntu or Linux Mint pre-installed with many more distributions supported. Visit Star Labs for information, to buy and get support.