-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Qubes Power ISA Port Statement of Work Project Objectives and Reasoning: The objectives of this project is to port the Xen Hypervisor to the Power Architecture so that QubesOS can run on Power ISA CPUs. The purpose behind this objective is that QubesOS (in our collective opinion) is one of the most secure operating systems available today, due to its open source nature and its security by compartmentalization. However, QubesOS today can only run on the x86 instruction set, which is unauditable and insecure firmware. This represents a serious security concern; both theoretical and historical. Firmware affects all code above it (the BIOS, bootloader, kernel, OS, and all applications). No matter how secure those segments of the computer are, if the firmware is malicious, all levels above are fully compromised as well. The Vault 7 CIA leaks are a perfect example of this. Therefore, we currently can't consider QubesOS secure at all. However, The Power Instruction Set Architecture (ISA) is completely open source, and currently has open source 'implementations' (SBC's) on the market. This project would enable users to run QubesOS on a secure CPU and auditable firmware. Unlike with x86, hardware initialization firmware, boot firmware, and management firmware are all open source. In addition, all the family of CPU speculative execution vulnerabilities are not successful on Power CPUs. End Goal: The end goal of completed project will have the same user experience, security, and features of Qubes 4.1.0. However, please note that this is not what payment is contingent on. Current Status: Funds available as of May 6th, 2022: I (Robert Spigler) have 1 bitcoin & Blackbird Bundle available @Rudd-O has pledged 0.5 bitcoin (confirmed) @leo-lb has pledged 0.8 btc (need to confirm) Total 2.3 btc We have made a Mailing List and Matrix Room: qubes_port@lists.riseup.net; https://lists.riseup.net/www/info/qubes_port https://matrix.to/#/#qubes-port:matrix.org Developer: Timothy Pearson (Raptor Engineering) tpearson@raptorengineering.com Contributors: Robert Spigler (RobertSpigler.com) Management/Fundraising Olivier Lambert (olivierlambert) is doing project mgmt via Marc, but also acting as a liaison between Qubes, Xen Project and OpenPOWER. Marc Ungeschikts (marcungeschikts) from Vates helping with project management. Piotr Król (3mdeb, OpenPOWER firmware: hostboot, coreboot etc.) Simon Gaiser (Qubes/ITL) Thierry Laurion (Insurgo) @insurgo:matrix.org insurgo@riseup.net Demi Marie Obenour (Invisible Things Lab) Alyssa Ross (Spectrum) (Matrix: @qyliss:fairydust.space, Mail: hi@alyssa.is, IRC: qyliss (libera, oftc) Marek Marczykowski-Górecki (ITL) (Matrix: @marmarek:matrix.org, IRC: marmarek (libera, oftc, through matrix anyway), marmarek@invisiblethingslab.com) Frédéric Pierret (fepitre) (ITL) (IRC: fepitre/fpierret (librera, oftc)) Milestones: Phase 1: 0.65BTC. Build tooling, minimal boot to serial console of a Xen kernel on a single core (no SMP, missing drivers, core locked at 100% power). (Proposed) Phase 1.5: 0.65BTC (Pricing subject to change due to economic fluctuations): SMP, some driver integration (possible power state management?) required to get a usable system in preparation for Phase 2 - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEf4WKHNGE9pWzsby0UsewL8eQ8/AFAmJ1qqsACgkQUsewL8eQ 8/AV2Q//Utgckj3gcukZdx4PXVt2RsxjdH03/jJh1XhHldgnOpi5L3y6xBaH5l1L XFRQWwN4PgAcaV3vtdhSlA9DdQ9faNTF0PNfK+5COv8dx0Bua1yOuINNRB+cyCgK 5+cciFIUFOroqOZ67zQzrMvZXRGEKXZ4+k82FcH3QKTqDK0Oy6DC1DNNNWTPG66y jTV5fJWv+zLuVtqnR17B4gDTxDbsn2tkaYdP4cM0L8RpgC681fAMwBqHnXngNhKL wvTTq+AvzEc+aCjj90tvKMBT0qaQtESU35lLu9ylx+NjKhcUMt55WHnqPrPiuk38 cKj2c0EuB1dczNRrq9X/nGrAYpX+0/HIqy7qywYhG0I6jGBsbMviClEnSSlDwRHP xmtMFOgvCKdYUmwhTxLeEms2Yqyuw1qxEqsF2miURVHh2WS5NgAQWqT/ZFcgZJ53 aAmSQ2uwHa1GL+/qaYut6yFdGMTXgNrnVp4NERLPhOrP0t+wkyev3R9yBcbG/zWT 5AhfJFq8iw7HAZiefAUAJ1/WG4YBH3G/kvKHipWoJIUK3mTT3miEMF6ySRSk24cF HWBl3EE1waOsMBUrey4/81nEETiF9w/L9XVjy2Oowq0RMW9evKOvMgILKW7sVt/G MVpWAzdVYmv5k/E5+XFyOxAxGPDyTyIhASy1IxkAcVAdAgHqeTM= =BRIP - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- iQJTBAEBCAA9FiEEbljKSL6u8RwDRSBe7DyAvFcxm34FAmJ15ZQfHHRwZWFyc29u QHJhcHRvcmVuZ2luZWVyaW5nLmNvbQAKCRDsPIC8VzGbfvvMD/4ogdFWH1HgpH9c lyPmU7eLkRpl1Caazo2O4+sXoDw24mSi9Lz4/WcDh9uh6sFwC1fejPK+JZbmmRYo hUT9ksT8sooSnyboPp5mEk30v3oSU0VXty0Is8EbrIPeurS+PvusjH/32pu4Klux exHUIJQnnzxUX8U0+Eb1OSIgo4OA8sNXfeEqKs6YaAkEXnYFcZcyrY92iPr9n+uK d3BGIRWjQq46hZ1U/ahYpR+vVGm+K0LzqyHxeMdkl3rXVCccRjk8WCneSWgQv5TV lzN2vDL6ZD/vC3ghHwLRevVnmPR2b+MuhNCSo1RosQn+b95geNqfCrZ27p1/T9f9 ZGR4lIoXgMyMIDNTg/chmpY2uJWpQeNqz9SSornnJTAagDJGFTQQzp8XWFf2Vgmv t5iKOd07nLLCnfgsaFtXnQtl1Tf2x70bz8Kh+3F6A6SrVTj/EmEO0on+edLCvvIu ICCHGawYfY6cSvbmX9UOa0xrEup2tB5pCeU4Sx9lo626HqU9+SOyjdDfO8uiUtGS 5tUns3Ld6NoF8wSI9tKdkFJE+6YJMgFv1ArK6gV1KNqtZaLMJGLD8Sb2eHsJWLmM oZfAqiom5Z3Ixr4EULfeJtlYdqjR+f1YzNRNwAySJxU0pYr/xax9pPNGFu4Ra6zr vFOwItDz3QZRcmP8W3WL+YHvNk6UnQ== =Sgce -----END PGP SIGNATURE-----