Gov2: OpenXT Platform Properties and Layers

Owned by Christopher Clark
Last updated: May 19, 2016
3 min read

DRAFT  

Open XT Platform Properties

  • Integrity of operating software.
    • Provides tamper-evident resistance to unauthorized changes to system software.
    • Verifies the integrity of all updates to the system software.
    • Supports secure remote update of system software.
    • Enforces policy-based constraints on operating software to limit the capabilities and inhibit the actions of compromised software.
    • Isolates system software requiring privileged device access from other components of system software to limit the capabilities and inhibit the actions of compromised device software.
  • Hardware-rooted trust.
    • Uses security features of platform hardware to protect integrity and confidentiality of system software and data.
  • Protection of storage.
    • Prevents access to system configuration data at rest.
    • Prevents access to user data at rest.
  • Protection of communications.
    • Enforces isolation between each of:
      1. Physical network device control software
      2. Communication encryption software with access to network credentials
      3. User software execution environments
    • Able to enforce local isolation between the networks of each VM.
    • Controls VMs access to the hosts physical network connections according to system policy.
  • Isolation of software execution environments.
    • Confinement of VM environments according to policy to prevent cross-domain data leakage.
  • Protection of input.
    • Keyboard and mouse input to system software is not observable by VMs.
    • Input to user VMs is isolated from others VMs.
    • The target of keyboard and mouse input is made evident to the user to prevent capture of input data via user confusion.
    • The key input sequences used to select the recipient of further input are protected from observation, interference and spoofing by VMs.
  • Protection of display.
    • The display outputs of all VMs are isolated from each other and protected from cross-domain data leakage.
  • Administrative control of devices.
    • Provides user software environments with access to platform devices and external peripherals according to system and VM administrator policies.
  • Compatibility with modern hardware platforms.
  • Compatibility with modern operating systems.
  • Architected and licensed to support production of branded commercial derivatives with optional proprietary extensions. 
  • Interoperability of base platform with guest VMs, providing developers with consistent mechanisms for packaging, deployment and operational support on validated commercial derivatives (validated and versioned interfaces include guest PV drivers).
  • Consistent upgrade mechanism for base platform with defined interoperability properties with optional proprietary extensions.
  • Defined OEM hardware compatibility with stable releases of base platform and commercial derivatives, validated by manual and/or automated testing.
  • Constructed from OSI-certified Open Source software and extensions with compatible software licenses.
  • << To do: Add more here >> 

 

OpenXT Layers

The OpenXT Project software utilizes the composable software layers provided by OpenEmbedded in order to isolate customizations, such as specific hardware support, incorporation of GUI environments and software distributions.

The OpenXT Project applies the layering mechanism to support the coexistence of multiple use cases within a common codebase. This enables maximization of collaboration on common components while also enabling non-aligned stakeholder requirements to be satisfied in different layers.

All OpenXT Layers are subject to OpenXT Governance as described in the Project Governance Documents. The OpenXT Layers create modular governance contexts for specific use cases, target markets and operational models, with a narrowed set of stakeholders and increased prospects of stakeholder alignment within individual layers.

Base Platform Layer

  • OpenXT Core Platform

Proposed Optional Layers

  • Switching display and input (surfman) layer <<To do: Link to the RFC for this layer here when ready>>

  • Compositing display and input (Qt) layer <<To do: Link to the RFC for this layer here when ready>>

Changes to this Document

Changes can be made to this document by the following the process in Gov1: OpenXT Project Governance Charter.

License of this Governance Document

Copyright 2016 by individual contributors. This work is licensed under the Creative Commons Attribution Share-Alike 4.0 International License. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/4.0/.

Revision History of this Governance Document