DOCSLIB.ORG

Improving Xen Security Through Disaggregation

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Improving Xen Security Through Disaggregation Improving Xen Security through Disaggregation Derek G. Murray Grzegorz Milos Steven Hand University of Cambridge Computer Laboratory [Firstname.Lastname]@cl.cam.ac.uk Abstract In order to evaluate the trustworthiness of a software system, Virtual machine monitors (VMMs) have been hailed as the basis for it is necessary to identify its trusted computing base (TCB). The an increasing number of reliable or trusted computing systems. The integrity of the TCB may then be measured, and this unforgeable Xen VMM is a relatively small piece of software – a hypervisor measurement can be used to generate a key that may be used for at- – that runs at a lower level than a conventional operating system testation, encryption and decryption operations [33]. However, the in order to provide isolation between virtual machines: its size TCB of a current Xen-based system comprises, in addition to the is offered as an argument for its trustworthiness. However, the VMM, a fully-fledged operating system (known as Dom0) and a management of a Xen-based system requires a privileged, full- set of user-space tools. These tools are used to perform several tasks blown operating system to be included in the trusted computing that require elevated privileges, including the creation of new VMs. base (TCB). Due to the inclusion of user-space software in the TCB, the size of In this paper, we introduce our work to disaggregate the man- the TCB is practically unbounded, as it can include any software agement virtual machine in a Xen-based system. We begin by that may be run by the administrator of the physical platform. Fur- analysing the Xen architecture and explaining why the status quo thermore, any measurement of the TCB cannot be used to guarantee results in a large TCB. We then describe our implementation, which the integrity of a virtual machine, because the system administrator moves the domain builder, the most important privileged compo- may run arbitrary privileged code at any time. In effect, this im- nent, into a minimal trusted compartment. We illustrate how this plies that the system administrator must be trusted, which impairs approach may be used to implement “trusted virtualisation” and the usefulness of Xen in utility computing scenarios [26]. improve the security of virtual TPM implementations. Finally, we In this paper, we demonstrate the use of disaggregation to shrink evaluate our approach in terms of the reduction in TCB size, and the TCB of a virtual machine in a Xen-based system. We have by performing a security analysis of the disaggregated system. transferred the VM-building functionality into a small, trusted VM that runs alongside Dom0. We had two main goals in this work. Categories and Subject Descriptors D.4.6 [Operating Systems]: The primary goal was to reduce and bound the TCB of a Xen-based Security and Protection—Information flow controls system, in order to improve its security. In particular, by removing Dom0 user-space from the TCB, we would remove the require- General Terms Design, Security ment that the administrator of the physical platform be trusted. We Keywords Disaggregation, trusted computing base, virtual ma- anticipate that this will be relevant for the users of virtualisation in chines utility computing. A closely-related goal was to demonstrate that a VM running on a disaggregated system maintains the same confi- dentiality and integrity properties as a physical machine, assuming 1. Introduction the inviolability of the TCB. This should allay many concerns over Many researchers have proposed using virtual machine monitors switching to a virtualised approach. (VMMs) to improve the reliability, security or assurance of com- We begin by introducing the Xen architecture, the domain build- puting systems [10]. They argue that the small code-base of a VMM ing process, and how these relate to the TCB of a Xen-based sys- can be used as justification for trusting its correct operation; this tem (Section 2). We then describe our framework for selecting a same argument has been applied to microkernels [31]. The assump- TCB for the disaggregated solution, and introduce new criteria for tion is made that the integrity of the lower layers (including the evaluating a TCB that should be considered in addition to the raw VMM) is axiomatic, therefore it is possible to infer the integrity of number of lines of code (Section 3). We discuss the implementation components (individual virtual machines) running above [3, 7]. We of our disaggregated domain builder design, which has also neces- aim to use the Xen hypervisor [4] as the basis of an “open trusted sitated the development of a lightweight inter-VM communication computing” system [20]. Such an approach extends the purview of mechanism (Section 4). We evaluate our disaggregated approach trusted computing hardware into virtual machines (VMs); it also against our primary goals by enumerating the contents of the TCB allows the user discretion over when to use this hardware, and en- and performing a security analysis (Section 6). Finally, we consider ables the use of trusted and untrusted software side-by-side. related work (Section 7) and draw conclusions (Section 8). 2. Background The existing Xen VMM architecture and privilege model have This is the author’s version of the work. It is available here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in VEE implications for security, and enable an administrator to take full ’08. http://doi.acm.org/10.1145/1346256.1346278 control of all virtual machines running on the same host. It is VEE’08, March 5–7, 2008, Seattle, Washington, USA therefore impossible for the users of a virtual machine to trust Copyright c 2008 ACM 978-1-59593-796-4/08/03. $5.00 in the confidentiality and integrity of that virtual machine. This o a d k e r n e l i m a g e f r o m d i s k may inhibit the uptake of virtualisation, especially in the class of L applications where confidentiality is required by law. l l o c a t e p h y s i c a l m e m o r y m a p In this section, we provide a brief overview of the Xen architec- A ture (Subsection 2.1), describe the domain building process (Sub- C o p y k e r n e l i m a g e i n t o n e w V M o m U section 2.2), and discuss the design of Xen with respect to its trusted D computing base (Subsection 2.3). S X e n t u p i n i t i a l p a g e t a b l e s f o r n e w V M 2.1 Xen architecture e The traditional representation of a Xen-based system shows sev- L a u n c h n e w V M eral virtual machines, drawn separately and side-by-side on top of the Xen VMM (hypervisor), which itself is positioned above the platform hardware [4]. A single VM, Dom0, is distinguished as a Figure 1. Outline of the steps involved in building a new VM management or control VM, which is always booted by the hyper- (DomU). Privileged operations are shown as bold arrows; direct visor, and contains the control plane software. However, this picture foreign mappings are shown as dotted lines. ignores the trust relationships between Dom0 and the remaining VMs. In our work we aim to reduce and bound these trust relation- ships, so that Dom0 can accurately be positioned side-by-side with robustness [4]. However, the delegation of this task to user-space other VMs. processes exposes the special privileges to all user-space processes Xen makes extensive use of paravirtualisation in order to in Dom0, which has implications for the trusted computing base achieve good performance. This process entails porting VM ker- (see §2.3). In this subsection, we describe the process of building a nels to run on a new machine architecture that corresponds to the paravirtualised VM. Thanks to paravirtualisation, many of the low- support provided by the VMM. On the x86 architecture, four pro- level steps involved in a conventional x86 OS boot process (such as cessor rings are used to define privilege levels. In most common interactions with the BIOS, and the use of 16-bit real mode) can be operating systems, the kernel runs in ring 0 (the highest privilege elided. level), and user processes run in ring 3 (the lowest privilege level). The main steps in the domain building process are shown in Fig- Xen must have full control over and protection from the VMs that ure 1, with privileged operations (as defined later in §3.1) shown as it hosts, so it runs in ring 0. VM kernels are paravirtualised in order bold arrows. Firstly, the kernel image (and, optionally, an initial to run in ring 1. User processes continue to run in ring 3. ramdisk) are loaded from disk into the domain builder’s memory. Xen provides many mechanisms for communication. The most The image is parsed in order to extract the executable code region, primitive is the hypercall, which is an invocation of the hypervisor and obtain any parameter values. Following this, the builder re- by a guest VM. A hypercall is analogous to a system call in con- quests that the hypervisor allocates physical memory for the new ventional operating systems, and is also implemented using a soft- VM. This is not depicted as a privileged operation, because it does ware trap to transfer control to the hypervisor.
Load more

Recommended publications
  • Operating System Boot from Fully Encrypted Device
    Masaryk University Faculty of Informatics Operating system boot from fully encrypted device Bachelor’s Thesis Daniel Chromik Brno, Fall 2016 Replace this page with a copy of the official signed thesis assignment and the copy of the Statement of an Author. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Daniel Chromik Advisor: ing. Milan Brož i Acknowledgement I would like to thank my advisor, Ing. Milan Brož, for his guidance and his patience of a saint. Another round of thanks I would like to send towards my family and friends for their support. ii Abstract The goal of this work is description of existing solutions for boot- ing Linux and Windows from fully encrypted devices with Secure Boot. Before that, though, early boot process and bootloaders are de- scribed. A simple Linux distribution is then set up to boot from a fully encrypted device. And lastly, existing Windows encryption solutions are described. iii Keywords boot process, Linux, Windows, disk encryption, GRUB 2, LUKS iv Contents 1 Introduction ............................1 1.1 Thesis goals ..........................1 1.2 Thesis structure ........................2 2 Boot Process Description ....................3 2.1 Early Boot Process ......................3 2.2 Firmware interfaces ......................4 2.2.1 BIOS – Basic Input/Output System . .4 2.2.2 UEFI – Unified Extended Firmware Interface .5 2.3 Partitioning tables ......................5 2.3.1 MBR – Master Boot Record .
    [Show full text]
  • White Paper: Indestructible Firewall in a Box V1.0 Nick Mccubbins
    White Paper: Indestructible Firewall In A Box v1.0 Nick McCubbins 1.1 Credits • Nathan Yawn ([email protected]) 1.2 Acknowledgements • Firewall-HOWTO • Linux Router Project • LEM 1.3 Revision History • Version 1.0 First public release 1.4 Feedback • Send all information and/or criticisms to [email protected] 1.5 Distribution Policy 2 Abstract In this document, the procedure for creating an embedded firewall whose root filesystem is loaded from a flash disk and then executed from a RAMdisk will be illustrated. A machine such as this has uses in many environments, from corporate internet access to sharing of a cable modem or xDSL connection among many computers. It has the advantages of being very light and fast, being impervious to filesystem corruption due to power loss, and being largely impervious to malicious crackers. The type of firewall illustrated herein is a simple packet-filtering, masquerading setup. Facilities for this already exist in the Linux kernel, keeping the system's memory footprint small. As such the device lends itself to embedding very well. For a more detailed description of firewall particulars, see the Linux Firewall-HOWTO. 3 Equipment This project has minimal hardware requirements. An excellent configuration consists of: For a 100-baseT network: • SBC-554 Pentium SBC with PISA bus and on-board PCI NIC (http://www.emacinc.com/pc.htm#pentiumsbc), approx. $373 • PISA backplane, chassis, power supply (http://www.emacinc.com/sbcpc_addons/mbpc641.htm), approx. $305 • Second PCI NIC • 32 MB RAM • 4 MB M-Systems Flash Disk (minimum), approx. $45 For a 10-baseT network: • EMAC's Standard Server-in-a-Box product (http://www.emacinc.com/server_in_a_box.htm), approx.
    [Show full text]
  • Chapter 3. Booting Operating Systems
    Chapter 3. Booting Operating Systems Abstract: Chapter 3 provides a complete coverage on operating systems booting. It explains the booting principle and the booting sequence of various kinds of bootable devices. These include booting from floppy disk, hard disk, CDROM and USB drives. Instead of writing a customized booter to boot up only MTX, it shows how to develop booter programs to boot up real operating systems, such as Linux, from a variety of bootable devices. In particular, it shows how to boot up generic Linux bzImage kernels with initial ramdisk support. It is shown that the hard disk and CDROM booters developed in this book are comparable to GRUB and isolinux in performance. In addition, it demonstrates the booter programs by sample systems. 3.1. Booting Booting, which is short for bootstrap, refers to the process of loading an operating system image into computer memory and starting up the operating system. As such, it is the first step to run an operating system. Despite its importance and widespread interests among computer users, the subject of booting is rarely discussed in operating system books. Information on booting are usually scattered and, in most cases, incomplete. A systematic treatment of the booting process has been lacking. The purpose of this chapter is to try to fill this void. In this chapter, we shall discuss the booting principle and show how to write booter programs to boot up real operating systems. As one might expect, the booting process is highly machine dependent. To be more specific, we shall only consider the booting process of Intel x86 based PCs.
    [Show full text]
  • Network Boot and Exotic Root HOWTO
    Network Boot and Exotic Root HOWTO Brieuc Jeunhomme frtest [email protected] Logilab S.A. Revision History Revision 0.3 2002−04−28 Revised by: bej Many feedback inclusions, added links to several projects Revision 0.2.2 2001−12−08 Revised by: dcm Licensed GFDL Revision 0.2.1 2001−05−21 Revised by: logilab Fixed bibliography and artheader Revision 0.2 2001−05−19 Revised by: bej Many improvements and included Ken Yap's feedback. Revision 0.1.1 2001−04−09 Revised by: logilab First public draft. Revision 0.1 2000−12−09 Revised by: bej Initial draft. This document explains how to quickly setup a linux server to provide what diskless linux clients require to get up and running, using an IP network. It includes data and partly rewritten text from the Diskless−HOWTO, the Diskless−root−NFS−HOWTO, the linux kernel documentation, the etherboot project's documentation, the linux terminal server project's homepage, and the author's personal experience, acquired when working for Logilab. Eventually this document may end up deprecating the Diskless−HOWTO and Diskless−root−NFS−HOWTO. Please note that you'll also find useful information in the From−PowerUp−to−bash−prompt−HOWTO and the Thin−Client−HOWTO, and the Claus−Justus Heine's page about NFS swapping. Network Boot and Exotic Root HOWTO Table of Contents 1. Introduction.....................................................................................................................................................1 1.1. What is this all about?.......................................................................................................................1 1.2. Thanks...............................................................................................................................................1 1.3. Diskless booting advocacy................................................................................................................1 1.3.1. Buying is cheaper than building.......................................................................................1 1.3.2.
    [Show full text]
  • Sbadmin for Linux System Recovery Guide Is a Supplement to the Sbadmin User Guide, Providing Details on Reinstalling a Linux System from a Sbadmin System Backup
    Linux System Recovery Guide Version 8.2 Trademarks and Copyrights © Copyright Storix, Inc. 1999-2021 SBAdmin is a registered trademark of Storix, Inc. SBAdmin is a trademark of Storix, Inc in the USA and other countries Intel is a registered trademark of Intel, Inc. Linux is a registered trademark of Linus Torvalds. Intel, Pentium, IA32, Itanium, Celeron and IA64 are registered trademarks of Intel Corporation. AMD, Opteron, and Athlon are registered trademarks of Advanced Micro Devices. HP Integrity servers are registered trademarks of Hewlett-Packard Development Company. Publicly Available Software This product either includes or is developed using source code that is publicly available: AESCrypt* Rijndael and Cipher Block Feedback Copyright 1999, 2000 Enhanced Software Technologies Inc. mode (CFB-128) encryption/decryption http://aescrypt.sourceforge.net/ algorithms BusyBox Single executable containing tiny Copyright 1989, 1991 Free Software Foundation, Inc. versions of common UNIX utilities http://busybox.net/cgi-bin/cvsweb/busybox/ LILO LInux boot Loader Copyright 1999-2003 John Coffman. Copyright 1992-1998 Werner Almesberger. http://freshmeat.net/projects/lilo/ Tcl Open source scripting language Copyright Regents of the University of California, Sun Microsystems, Inc. http://tcl.sourceforge.net Tk Tk graphics toolkit Copyright Regents of the University of California, Sun Microsystems, Inc. http://tcl.sourceforge.net DropBear A Smallish SSH 2 Server and Client Copyright 2002, 2003 Matt Johnston http://www.matt.ucc.asn.au/dropbear/dropbear.html GRUB Grand Unified Bootloader (GNU GRUB) Copyright 1989, 1991 Free Software Foundation, Inc. http://www.gnu.org/software/grub/grub.html Lighttpd Secure, fast, compliant and flexible Copyright 2004 Jan Kneschkle, incremental web-server http://www.lighttpd.net OpenSSL Toolkit implementing Secure Socket Copyright 1998-2008 The OpenSSL Project Layer Copyright 1995-1998 Eric A.
    [Show full text]
  • Linux-Cookbook.Pdf
    LINUX COOKBOOK ™ Other Linux resources from O’Reilly Related titles Linux Device Drivers Exploring the JDS Linux Linux in a Nutshell Desktop Running Linux Learning Red Hat Enterprise Building Embedded Linux Linux and Fedora Systems Linux Pocket Guide Linux Security Cookbook Understanding the Linux Kernel Linux Books linux.oreilly.com is a complete catalog of O’Reilly’s books on Resource Center Linux and Unix and related technologies, including sample chapters and code examples. ONLamp.com is the premier site for the open source web plat- form: Linux, Apache, MySQL, and either Perl, Python, or PHP. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We specialize in document- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit conferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searches across more than 1,000 books. Subscribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today with a free trial. LINUX COOKBOOK ™ Carla Schroder Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Linux Cookbook™ by Carla Schroder Copyright © 2005 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use.
    [Show full text]
  • Bull System Backup / Restore N O V a SC a LE
    Bull System Backup / Restore NOVASCALE User's Guide for NovaScale Universal & Intensive REFERENCE 86 A2 73EV 04 NOVASCALE Bull System Backup / Restore User's Guide for NovaScale Universal & Intensive Software November 2008 BULL CEDOC 357 AVENUE PATTON B.P.20845 49008 ANGERS CEDEX 01 FRANCE REFERENCE 86 A2 73EV 04 The following copyright notice protects this book under Copyright laws which prohibit such actions as, but not limited to, copying, distributing, modifying, and making derivative works. Copyright Bull SAS 2008 Printed in France Suggestions and criticisms concerning the form, content, and presentation of this book are invited. A form is provided at the end of this book for this purpose. To order additional copies of this book or other Bull Technical Publications, you are invited to use the Ordering Form also provided at the end of this book. Trademarks and Acknowledgements We acknowledge the right of proprietors of trademarks mentioned in this book. Intel ® and Itanium ® are registered trademarks of Intel Corporation. Windows ® and Microsoft ® software are registered trademarks of Microsoft Corporation. UNIX ® is a registered trademark in the United States of America and other countries licensed exclusively through the Open Group. Linux ® is a registered trademark of Linus Torvalds. NovaScale ® is a registered trademark of Bull The information in this document is subject to change without notice. Bull will not be liable for errors contained herein, or for incidental or consequential damages in connection with the use of this material.
    [Show full text]
  • Linux Exam Q&A (7Th Sem)
    Readme: The formatting of this document is bad because I have already passed the subject and I don’t want to spend time on the subject which I have already passed. This also means no new answer will be added or solved. Disclaimer: I DO NOT claim or guarantee whether the answer written here is 100% accurate. If you feel something is not accurate or out-of-order, it will be a great help, if you let me know. You know how to find me. Note: Those question which are crossed (i.e. strike-through) refer to the repeated question which has been solved/answered already. Tips: Don’t try to read this pdf using mobile Its pointless and time wasting activity. Use your laptop. Read it in 16:9 full-screen format. Author: Pranav Bhattarai Fall 2019 1 a) Explain the Linux with its architecture. What are the different types of Linux distribution? Explain any two. 1 b) Define term ‘culture of free software’? How Linux and UNIX is related? Explain. 2 a) Define and explain Shell? Difference between TCSH and KSH? 2 b) What are the different Linux supporting files? Explain. 3 a) What is general partitioning scheme while installing Linux Operating System and what do you prefer or recommended? 3 b) How can you monitor system performance in Linux? Explain with example. 4 a) What are difference run levels in Linux? Explain method to change these run levels. 4 b) Write the function of following command with example: rpm -i fdisk -1 at Iptables alias chgrp chmod man pstree nslookup 5 a) Write a program to check whether a given number is prime or not using shell scripts.
    [Show full text]
  • Build Your Own Distro Tired of the Run-Of-The-Mill Stuff on Distrowatch? Why Not Heed Mayank Sharma and Create the Perfect Operating System for You?
    Build your own distro Tired of the run-of-the-mill stuff on Distrowatch? Why not heed Mayank Sharma and create the perfect operating system for you? few issues ago, [LXF171, 50 making it your own – by removing apps and Now traditional wisdom says that creating Distros Tested], we looked at drivers that you don’t need and adding the your own Linux system is a rather difficult the best Linux distributions for ones you do. You’ll also probably change the thing to do and shouldn’t be attempted by A all kinds of users. There were factory-fitted artwork that says more about anyone other than Linux veterans. distros that were designed with ease of use the distro vendor than you. We begin the feature with graphical point- in mind, some focused on productivity, Sure that’s one way to go about it. and-click tools. Yes, you read that right. All it while others catered to specialised use You tweak and customise the distro to suit takes is a couple of clicks to craft your very cases, such as security and privacy your requirements. But wouldn’t it be really own flavour of Linux that you can pass to conscious users. But we can guarantee great if you just create your very own, custom friends and family. We’ve got tools that’ll help that there wasn’t a distro designed Linux distribution? you create and distribute customised spins specifically and entirely for you! based on Ubuntu, Fedora and While most Linux users make do OpenSUSE – the three mainstream with one of the mainstream distros out “We’ve got tools that’ll Linux distributions that house there, there’s always something or the help you create and thousands of open source software in other that’s missing.
    [Show full text]
  • UNIVERSITY of PIRAEUS DEPARTMENT of DIGITAL SYSTEMS POSTGRADUATE PROGRAMME Economic Management and Digital Systems Security
    UNIVERSITY OF PIRAEUS DEPARTMENT OF DIGITAL SYSTEMS POSTGRADUATE PROGRAMME Economic Management and Digital Systems Security Smartphone Forensics & Data Acquisition DISSERTATION Pachigiannis Panagiotis MTE1219 2015 Contents Contents……… ....................................................................................................................................... 2 Acknowledgement ................................................................................................................................... 7 Abstract……. ........................................................................................................................................... 8 1) Introduction........................................................................................................................................... 9 1.1) Context ........................................................................................................................................... 9 1.2) Aim & Objective .......................................................................................................................... 10 1.3) Background .................................................................................................................................. 11 1.4) Structure of Thesis ....................................................................................................................... 11 2) Mobile Devices ..................................................................................................................................
    [Show full text]
  • Guía De Instalación De Debian GNU/Linux
    Guía de instalación de Debian GNU/Linux 12 de enero de 2020 Guía de instalación de Debian GNU/Linux Copyright © 2004 – 2019 el equipo del instalador de Debian Este manual es software libre, puede redistribuirlo y/o modificarlo bajo los términos de la licencia general pública GNU. Por favor, consulte la licencia en el Apéndice F para más información. Índice general 1. Bienvenido a Debian 1 1.1. ¿Qué es Debian? . 1 1.2. ¿Qué es GNU/Linux? . 1 1.3. ¿Qué es Debian GNU/Linux? . 2 1.4. What is the Debian Installer? . 3 1.5. Obtener Debian . 3 1.6. Obtener la última versión de este documento . 3 1.7. Estructura de este documento . 3 1.8. Sobre copyrights y licencias de software . 4 2. Requisitos del sistema 6 2.1. Hardware compatible . 6 2.1.1. Arquitecturas compatibles . 6 2.1.2. Three different ARM ports . 7 2.1.3. Variations in ARM CPU designs and support complexity . 7 2.1.4. Platforms supported by Debian/armhf . 7 2.1.5. Platforms no longer supported by Debian/armhf . 9 2.1.6. Múltiples procesadores . 9 2.1.7. Graphics Hardware Support . 9 2.1.8. Hardware de conectividad de red . 9 2.1.9. Periféricos y otro hardware . 9 2.2. Dispositivos que requieren Firmware . 9 2.3. Adquisición de hardware específico para GNU/Linux . 10 2.3.1. Evite hardware cerrado o privativo . 10 2.4. Medios de instalación . 10 2.4.1. CD-ROM/DVD-ROM/BD-ROM . 11 2.4.2. Red . 11 2.4.3.
    [Show full text]
  • Embedded Linux Device Driver Development Sébastien Bilavarn
    Embedded Linux Device driver development Sébastien Bilavarn Polytech’Nice Sophia - Département Electronique - Université de Nice Sophia Antipolis - S. Bilavarn - 1 - Outline Ch1 – Introduction to Linux Ch2 – Linux kernel overview Ch3 – Linux for Embedded Systems Ch4 – Embedded Linux distributions Ch5 – Case study: Xilinx PowerPC Linux Ch5 bis – Case study: Xilinx Zynq-7000 Linux Ch6 – Device driver development Polytech’Nice Sophia - Département Electronique - Université de Nice Sophia Antipolis - S. Bilavarn - 2 - Case study: Xilinx Zynq-7000 Linux Introduction Target platform: Xilinx Zynq-7000 Platform configuration Kernel configuration and compilation Kernel startup and execution Polytech’Nice Sophia - Département Electronique - Université de Nice Sophia Antipolis - S. Bilavarn - 3 - Introduction Target platform: Xilinx Zynq-7000 Processing System Hard IP processor : implemented on the silicon layout (where a soft IP would be implemented using FPGA logic). Programmable logic FPGA Provides the ability to add custom logic Polytech’Nice Sophia - Département Electronique - Université de Nice Sophia Antipolis - S. Bilavarn - 4 - Introduction Development of a Linux kernel on a reconfigurable platform: Hardware platform configuration Peripherals use on demand (UART, Timer, Ethernet, etc.) Processor architecture itself can be configured according to the needs (frequency, on-chip/off-chip memory, coprocessors, etc.) Compared to a standard kernel development (i.e. for a fixed platform architecture), information on the platform (BSP), in particular on the processor, must be known in order to configure properly the kernel. This process is more complex than on standard platforms where the architecture is fixed (memory size, enabling cache, etc.). Kernel development steps Configuration of the hardware platform Kernel configuration and compilation Kernel startup and test Polytech’Nice Sophia - Département Electronique - Université de Nice Sophia Antipolis - S.
    [Show full text]