Nested virt with AVF can balance the competing goals of security, usability, freedom, individuals, and corporate supply chains. It can reduce the size and attack surface of the most-privileged code which runs in a system.
Nested virt has been available on x86 for a decade (KVM, Bromium vSentry / HP SureClick, Microsoft Defender App Guard), on Apple Silicon since M2, MacOS since M3 and iPadOS since M4 (Secure eXclave VM). On mobile, it can sidestep some business model conflicts which torpedoed Nokia, RIM, Maemo, Meego, Tizen, etc.
Standard Debian-with-root Arm package repo in pKVM hardware-nested VM with OpenGL (v)GPU remoting! So many years of upstream work across Linux, Android and ChromeOS to make this possible. Now we need phone/tablet OEMs to support Android Virtualization Framework (AVF) and OpenTitan-derived enclaves, so this feature can move beyond Pixel hardware.
> GFX virtualization aims at providing support for hardware accelerated 3D graphics in virtual machines. Unlike GPU-passthrough, with GFX virtualization the host and all VM guests can access the host GPU simultaneously. Vulkan and OpenGL are supported by virglrenderer using various approaches.. vDRM is a much thinner layer.. able to achieve native GPU performance, where VirGL and Venus may struggle to overcome expensive host/guest synchronizations..at the beginning of 2025, vDRM is partially supported by crosvm.
Hopefully Google's phone-tablet-laptop-desktop convergence of Android, ChromeOS and developer-targeted Debian Linux will motivate Apple to restore iPadOS 16.2 (2022!) virtualization support, https://github.com/utmapp/UTM/discussions/5748.
> Regulatory issues were likely a major factor that led to the demise of Soli and Motion Sense on future Pixel models. Soli operates in the 60GHz frequency, which is reserved for military and government use in India.. Many of the Google Pixel 4's Motion Sense gestures are available.. Nest Hub's Soli radar extends far enough to detect when you're sleeping, and to track your breathing.
There is one area that the IEEE is not working on, at least not directly: privacy and security.. IEEE fellow and member of the Wi-Fi sensing task group.. the goal is to focus on “at least get the sensing measurements done.” He says that the committee did discuss privacy and security: “Some individuals have raised concerns, including myself.” But they decided that while those concerns do need to be addressed, they are not within the committee’s mandate.
> it has been shown that SENS-based classifiers can infer privacy-critical information such as keyboard typing, gesture recognition and activity tracking ... since Wi-Fi signals can penetrate hard objects and can be used without the presence of light, end-users may not even realize they are being tracked ... individuals should be provided the opportunity to opt out of SENS services – in other words, to avoid being monitored and tracked by the Wi-Fi devices around them. This would require the widespread introduction of reliable SENS algorithm for human or animal identification.
Would this require a worldwide database of biometric signatures for each human that opts out?
> Hardware memory tagging is going to provide a massive increase to protection against remote exploitation for GrapheneOS users. It's the biggest security feature we'll be shipping since we started in 2014.
https://www.androidauthority.com/android-15-virtual-machine-...