Milestone Release 2
- Support for HVM VMs, including Windows-based!
- Untrusted Storage Domain (see the Arch Spec)
- Intel TXT boot (necessary for the storage domain, and also against Evil Maids)
- Fine-grained Dom0 IOMMU/VTd permissions for sand boxing graphics and audio card
- Protection against physical attacks via Express Cards, USB, etc.
- Secure OpenGL for AppVMs! (using Split I/O?)
- Trusted converters for select file types (JPEG, TXT, PDF?) for secure "up transfers" between domains
- Smart MIME handlers that delegate actions to designated AppVMs (e.g. clink on a link in email in work domain results in this URL being opened in the red domain's default web browser)
- Smart filesystem -- click on an invoice in 'work' domain and it will get automatically opened in the 'work-accounting' domain.
Note: See
TracRoadmap for help on using
the roadmap.
