This is a place for ManaTEE project documentation. This is an experimental project not yet ready for general use.
To isolate the less trusted Chrome OS kernel, a hypervisor is being added. This hypervisor can isolate sections of memory that the rest of the system won't be able to access, even if the Chrome OS kernel is exploited. Trusted environments can be started as other VMs(shown below) or as user-space processes in the hypervisor. Trichechus manages the TEE.
+-------------------+ +-------+ +-------+ +----------------+ | CrOS user space | | | | ARCVM | | Crostini | |-------------------| | TEE | |-------| |----------------| | CrOS kernel | | | | GKI | | Termina kernel | +-------------------+ +-------+ +-------+ +----------------+ +-----------------------------Hypervisor-----------------------------+ | +---------------+ +--------+ +--------+ +--------+ | | | crosvm-direct | | crosvm | | crosvm | | crosvm | | | +---------------+ +--------+ +--------+ +--------+ | | +--------------+ | | | trichechus | | | +--------------+ | |--------------------------------------------------------------------| | Linux kernel with kvm | +--------------------------------------------------------------------+
Nested virtualization has performance penalty and VMs that used to be invoked from within Chrome OS will be invoked outside of Chrome OS VM, as sibling VMs. Chrome OS VM will manage hardware devices and proxy access to them to the sibling VMs.
TODO: Until sibling VM is implemented we start TEE as containers inside the hypervisor. Also, some TEEs may run inside the hypervisor context.