diff --git a/Projects/HomeRouter b/Projects/HomeRouter
new file mode 100644
index 0000000..7828987
--- /dev/null
+++ b/Projects/HomeRouter
@@ -0,0 +1,47 @@
+---
+title: Home router
+author: someone
+abstract: ![home router](/static/img/homerouter.png)
+---
+
+![home router](/static/img/homerouter.png)
+
+This is just a project idea, not (yet) a finished project.
+
+A home router is a computer which manages the Internet uplink for a client, and
+provides local connectivity.  It is accessible via the Internet, and the
+software running on a router needs to be hardened against attackers.  Attackers
+are searching for flaws in popular routers, because if they can breach their
+security, they get access to a large amount of computing and bandwidth
+resources.
+
+The home router provides basic network services for the local network, such as a
+domain name service (DNS) caching resolver, dynamic host configuration (DHCP),
+wireless (using WPA2 and WPS) networks, wired network connectivity,
+communication with the service provider (e.g. using PPP and PPPoE) including
+authentication, a web server for configuration.
+
+Clients are demanding increasing featuresets, including network storage, voice
+over IP (VoIP) endpoint, virtual private network (VPN) integration, data
+collector and broker for the Internet of things.
+
+Lots of home routers are currently based on a small Linux distribution, and if a
+security issue is discovered in any subsystem, this likely leads to a compromise
+of the entire router.  Secure update channels may not be available, and even if
+so, the fear that updating may introduce unforeseen behaviour keeps people away
+from updating their routers.
+
+We would base a router on top of an off-the-shelf arm64 board, where MirageOS is
+already running, using kvm as hypervisor.  Each network service would run as a
+separate virtual machine.  Several services are already available as MirageOS
+unikernels, such as a caching DNS resolver, a DHCP server, a firewall with NAT, an MQTT implementation,
+a web server, ...  A secure update channel, based on TUF, is currently under
+development.
+
+The infrastructure for distributing binary updates would be some Linux host
+which compiles the above mentioned unikernels whenever a dependent library is
+updated or changes are rolled out to the unikernel code themselves.
+
+Other required network services which are not yet implemented in OCaml, such as
+WPA2 or VoIP, would initially be based on a Linux virtual machine.  MirageOS
+unikernels and Linux virtual machines can coexist.
diff --git a/static/img/homerouter.png b/static/img/homerouter.png
new file mode 100644
index 0000000..ca4275d
Binary files /dev/null and b/static/img/homerouter.png differ