AFRL developed SecureView in 2010 for government agencies that wanted a single workstation/laptop system that supported multiple need-to-know groups and classification levels. The underlying OpenXT is very similar in architecture to Qubes], with more "enterprise features", such as remote revocation of access, provisioning, etc. They also support Windows guests, in addition to the normal Linux ones.
The systems can be configured with separate network cards per classification level, or use separate VMs as network encryptors between the guest and network VM. This way the guest VM doesn't have access to the keys and a compromised network device also doesn't have access. This allows "High over Low" to "tunnel classified traffic over NIPRNET infrastructure".
SecureView supports only a small number of laptops and desktops, which allows them to ensure that the firmware has been audited and that they can maintain a chain of trust from power on to TPM key unsealing. They use tboot TXT for late launch verification of the firmware as well.
There is a project underway at NSA to replace the Linux dom0 kernel with a much smaller dedicated kernel that has hard-coded resource allocations to setup the other guest domains using Xen's API. This would remove Linux entirely from their TCB. The Qubes world is considering similar things, including the Mirage OS project to replace parts with safer languages like OCaml.
There are some clever features, such as "GlowView", which changes the keyboard backlight to reflect the security domain that currently has focus.
SMM integrity monitoring
The NSA has developed a virtualized SMM Transfer Monitor (STM) called STM/PE that allows them to run enclave-like code in System Management Mode, where it is somewhat protected from attackers who can escalate to ring0. They promised to release this code, although it isn't on the NSA github page yet.
They have published a paper about LKIM, the Linux Kernel Integrity Measurer that monitors the Linux kernel from SMM, and they have mentioned that there have a Xen specific integrity monitor.
- SecureView Overview (2016)
- SecureView product page
- LKIM: The Linux Kernel Integrity Measurer (J. Aaron Pendergrass and Kathleen N. McGill, 2013)
- USENIX Security'17 poster session list mentions XKIM or XHIM
- Extending Early-boot Trust to Service VMs in Xen (Daniel DeGraaf, U.S. National Security Agency)