The guarantees offered by the kernel cannot be subverted by unprivileged processes running on it.
Of course, the kernel is not very useful on its own, thus the design of drivers, filesystem servers and other services running on top of the kernel is still relevant.
Note that, unlike most other systems (including Linux) which are flawed at a fundamental level, seL4 actually enables the construction of a secure and reliable system.
No, that's the advantage is that the kernel/processes don't need to be trusted since your kernel guarantees the isolation.
So you can have a Linux kernel running next to some high security process with the guarantee that they will be isolated (with the exception of allowed IPC)
snvzz|11 months ago
Of course, the kernel is not very useful on its own, thus the design of drivers, filesystem servers and other services running on top of the kernel is still relevant.
Note that, unlike most other systems (including Linux) which are flawed at a fundamental level, seL4 actually enables the construction of a secure and reliable system.
marcosdumay|11 months ago
I don't think we have any such option right now.
rubenbe|11 months ago
nabla9|11 months ago
But there are limitations. DMA off, only formally verified drivers
It's also important to note that se4L multicore kernel is not yet verified.
snvzz|11 months ago
Koshkin|11 months ago