Unikernel firewall VM

[ghost]

Qubes OS version: R4.0

This has been a GSOC proposal for a while, but didn't have an associated issue:

A firewall implemented as a unikernel which supports all the networking-related functionality as the default sys-firewall VM, including configuration via Qubes Manager. Other duties currently assigned to sys-firewall such as the update proxy may need to be appropriately migrated first.

It might be worth switching the default sys-firewall VM image to a unikernel based one. The most likely unikernel candidate seems to be MirageOS.

[DemiMarie]

MirageOS also has the advantage of being written predominantly in OCaml, which is memory safe. However, we need to check that

• it supports PVH (older versions only supported PV mode if I recall correctly)
• its Ethernet driver is hardened against a malicious netback (sys-net is not trusted)
• it performs adequately on real-world workloads (from what I can tell, MirageOS’s network stack is not very heavily optimized,

[DemiMarie]

MirageOS also has the advantage of being written predominantly in OCaml, which is memory safe. However, we need to check that

• it supports PVH (older versions only supported PV mode if I recall correctly)
• its Ethernet driver is hardened against a malicious netback (sys-net is not trusted)
• it performs adequately on real-world workloads (from what I can tell, MirageOS’s network stack is not very heavily optimized,