1 Things to be addressed, at some point. Unsorted, unprioritized, incomplete.
4 - AMD IOMMU support [WIP]
7 - allow per cell (managing inter-core/inter-cell impacts)
8 - NMI control/status port - moderation or emulation required?
9 - whitelist-based MSR access
10 - add support for CDP (code/data L3 partitioning)
15 - improve support for platform variations (device tree?)
17 - support for big endian
18 - infrastructure to support BE architectures (byte-swapping services)
19 - usage of that infrastructure in generic subsystems
20 - specific BE support for ARMv7, then v8
23 - review of format, rework of textual representation
24 - platform device assignment
25 - refactor config generator
26 - better internal structure, also to prepare non-x86 support
27 - move into Python module, for reuse by multiple helper scripts
28 - enhance config generator
29 - confine the created root cell config to the essentially required
30 resources (e.g. PCI BARs)
31 - generate non-root cell configs
32 - add knowledge base about resource access rules that need manual review or
33 configurations that are known to be problematic (e.g. INTx sharing
37 - check integrity of configurations
38 - check integrity of runtime environment (hypervisor core & page_pool,
39 probably just excluding volatile Linux-related state variables)
40 - pure software solution (without security requirements)
41 - Intel TXT support? [WIP: master thesis]
43 - check for execution inside hypervisor, allow only when enabled in config
44 - clear memory regions before reassignment to prevent information leaks?
46 Inter-cell communication channel
47 - analysis of virtio reuse
48 - analysis of ARINC 653 semantics
49 - high-level mechanisms (specifically queues) based on selected/modified
51 - Linux for consoles and message-based interfaces (if not reusable)
55 - system tests, also in QEMU/KVM
56 - VT-d emulation for QEMU [WIP: interrupt redirection]
59 - reusable runtime environment for cell inmates
60 - skeleton in separate directory
62 - x86: add TSC calibration
63 - inter-cell communication library
64 - port free small-footprint RTOS to Jailhouse bare-metal environment
67 Hardware error handling
75 - report error-triggering devices behind IOMMUs via sysfs
76 - hypervisor console via debugfs?
77 - cell software watchdog via comm region messages
78 -> time out pending comm region messages and kill failing cells
79 (includes timeouts of unanswered shutdown requests)