Consideration About Enabling Hypervisor in Open-Source firmware
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Status Update on PCI Express Support in Qemu
Status Update on PCI Express Support in QEmu Isaku Yamahata, VA Linux Systems Japan K.K. <[email protected]> Xen Summit North America April 28, 2010 Agenda ● Introduction ● Usage and Example ● Implementation Details ● Future Work ● Considerations on further development issues Introduction From http://en.wikipedia.org/wiki/PCI_Express PCI Express native Hotplug Electro Mechanical Lock(EMI) Slot Number From http://docs.hp.com/ Eventual Goal Dom0 qemu-dm interrupt root DomU Inject the error up Virtual PCIe Bus down Interrupt to notify the error Xen VMM hardware PCI express bus PCI Express root port PCI Express upstream port PCI Express Error Message native passthrough PCI Express downstream port With native hot plug support Error PCI Express device Eventual Goal ● More PCI features/PCI express features – The current emulated chipset(I440FX/PIIX3) is too old. – So new Chipset emulator is wanted. ● Xen PCI Express support – PCI Express native hotplug – PCI Express native passthourgh ● When error is detected via AER(Advanced Error Reporting), inject the error into the guest. ● these require several steps, so the first step is... First Phase Goal ● Make Qemu PCI Express ready – Introduce new chipset emulator(Q35) ● PCI Express native hot plug ● Implement PCI Express port emulators, and make it possible to inject errors into guest Current status Qemu/PCI express ● PCIe MMCONFIG Merged. the qemu/guest Q35 chipset base working PCIe portemulator working PCIe native hotplug working firmware PCIe AER WIP PCIe error injection WIP VBE paravirtualization working enhancement is seabios mcfg working almost done. e820 working host bridge initiazatlin working ● pci io/memory The next step is space initialization working passing acpi table outside qemu working qemu upstream vgabios VBE paravirtualization working merge. -
Multiprocessor Initialization of INTEL SOC in Coreboot
Multiprocessor Initialization OF INTEL SOC in Coreboot Pratik Prajapati ([email protected]) Subrata Banik ([email protected]) 1 Agenda • Intel Multiple Processor (MP) Initialization • Coreboot + Intel FSP Boot Flow • Problem with existing model • Solution space • Design • Future Scope 2 Intel Multiple Processor (MP) Initialization • The IA-32 architecture (beginning with the P6 family processors) defines a multiple-processor (MP) initialization protocol called the Multiprocessor Specification Version 1.4. • The MP initialization protocol has the following important features: • It supports controlled booting of multiple processors without requiring dedicated system hardware. • It allows hardware to initiate the booting of a system without the need for a dedicated signal or a predefined boot processor. • It allows all IA-32 processors to be booted in the same manner, including those supporting Intel Hyper-Threading Technology. • The MP initialization protocol also applies to MP systems using Intel 64 processors. • Entire CPU multiprocessor initialization can be divided into two parts – BSP (Boot Strap Processor) Initialization – AP (Application Processor) Initialization Reference: Intel SDM Multiple Processor Init - section 8.4 3 Coreboot + Intel FSP (Firmware support package) Boot Flow Coreboot/BIOS FSP * Coreboot uses its own temp ram init code. 4 Problem Statement with existing model • Background: Coreboot is capable enough to handle multiprocessor initialization on IA platforms. So ideally, CPU features programming can be part of Coreboot MP Init sequence. • But, there might be some cases where certain feature programming can't be done with current flow of MP init sequence. Because, Intel FSP-S has to program certain registers to meet silicon init flow due to SAI (Security Attributes of Initiator) and has to lock other registers before exiting silicon init API. -
CS3210: Booting and X86
1 CS3210: Booting and x86 Taesoo Kim 2 What is an operating system? • e.g. OSX, Windows, Linux, FreeBSD, etc. • What does an OS do for you? • Abstract the hardware for convenience and portability • Multiplex the hardware among multiple applications • Isolate applications to contain bugs • Allow sharing among applications 3 Example: Intel i386 4 Example: IBM T42 5 Abstract model (Wikipedia) 6 Abstract model: CPU, Memory, and I/O • CPU: execute instruction, IP → next IP • Memory: read/write, address → data • I/O: talk to external world, memory-mapped I/O or port I/O I/O: input and output, IP: instruction pointer 7 Today: Bootstrapping • CPU → what's first instruction? • Memory → what's initial code/data? • I/O → whom to talk to? 8 What happens after power on? • High-level: Firmware → Bootloader → OS kernel • e.g., jos: BIOS → boot/* → kern/* • e.g., xv6: BIOS → bootblock → kernel • e.g., Linux: BIOS/UEFI → LILO/GRUB/syslinux → vmlinuz • Why three steps? • What are the handover protocols? 9 BIOS: Basic Input/Output System • QEMU uses an opensource BIOS, called SeaBIOS • e.g., try to run, qemu (with no arguments) 10 From power-on to BIOS in x86 (miniboot) • Set IP → 4GB - 16B (0xfffffff0) • e.g., 80286: 1MB - 16B (0xffff0) • e.g., SPARCS v8: 0x00 (reset vector) DEMO : x86 initial state on QEMU 11 The first instruction • To understand, we first need to understand: 1. x86 state (e.g., registers) 2. Memory referencing model (e.g,. segmentation) 3. BIOS features (e.g., memory aliasing) (gdb) x/1i 0xfffffff0 0xfffffff0: ljmp $0xf000,$0xe05b 12 x86 -
A Lightweight Virtualization Layer with Hardware-Assistance for Embedded Systems
PONTIFICAL CATHOLIC UNIVERSITY OF RIO GRANDE DO SUL FACULTY OF INFORMATICS COMPUTER SCIENCE GRADUATE PROGRAM A LIGHTWEIGHT VIRTUALIZATION LAYER WITH HARDWARE-ASSISTANCE FOR EMBEDDED SYSTEMS CARLOS ROBERTO MORATELLI Dissertation submitted to the Pontifical Catholic University of Rio Grande do Sul in partial fullfillment of the requirements for the degree of Ph. D. in Computer Science. Advisor: Prof. Fabiano Hessel Porto Alegre 2016 To my family and friends. “I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones.” (Linus Torvalds) ACKNOWLEDGMENTS I would like to express my sincere gratitude to those who helped me throughout all my Ph.D. years and made this dissertation possible. First of all, I would like to thank my advisor, Prof. Fabiano Passuelo Hessel, who has given me the opportunity to undertake a Ph.D. and provided me invaluable guidance and support in my Ph.D. and in my academic life in general. Thank you to all the Ph.D. committee members – Prof. Carlos Eduardo Pereira (dissertation proposal), Prof. Rodolfo Jardim de Azevedo, Prof. Rômulo Silva de Oliveira and Prof. Tiago Ferreto - for the time invested and for the valuable feedback provided.Thank you Dr. Luca Carloni and the other SLD team members at the Columbia University in the City of New York for receiving me and giving me the opportunity to work with them during my ‘sandwich’ research internship. Eu gostaria de agraceder minha esposa, Ana Claudia, por ter estado ao meu lado durante todo o meu período de doutorado. O seu apoio e compreensão foram e continuam sendo muito importantes para mim. -
Coreboot - the Free Firmware
coreboot - the free firmware vimacs <https://vimacs.lcpu.club> Linux Club of Peking University May 19th, 2018 . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 1 / 77 License This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/. You can find the source code of this presentation at: https://git.wehack.space/coreboot-talk/ . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 2 / 77 Index 1 What is coreboot? History Why use coreboot 2 How coreboot works 3 Building and using coreboot Building Flashing 4 Utilities and Debugging 5 Join the community . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 3 / 77 Index 6 Porting coreboot with autoport ASRock B75 Pro3-M Sandy/Ivy Bridge HP Elitebooks Dell Latitude E6230 7 References . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 4 / 77 1 What is coreboot? History Why use coreboot 2 How coreboot works 3 Building and using coreboot Building Flashing 4 Utilities and Debugging 5 Join the community . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 5 / 77 What is coreboot? coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology. The word ’coreboot’ should always be written in lowercase, even at the start of a sentence. vimacs (LCPU) coreboot - the free firmware May 19th, 2018 6 / 77 History: from LinuxBIOS to coreboot coreboot has a very long history, stretching back more than 18 years to when it was known as LinuxBIOS. -
Institutionalizing Freebsd Isolated and Virtualized Hosts Using Bsdinstall(8), Zfs(8) and Nfsd(8)
Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) [email protected] @MichaelDexter BSDCan 2018 Jails and bhyve… FreeBSD’s had Isolation since 2000 and Virtualization since 2014 Why are they still strangers? Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) Integrating as first-class features Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) This example but this is not FreeBSD-exclusive Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) jail(8) and bhyve(8) “guests” Application Binary Interface vs. Instructions Set Architecture Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) The FreeBSD installer The best file system/volume manager available The Network File System Broad Motivations Virtualization! Containers! Docker! Zones! Droplets! More more more! My Motivations 2003: Jails to mitigate “RPM Hell” 2011: “bhyve sounds interesting...” 2017: Mitigating Regression Hell 2018: OpenZFS EVERYWHERE A Tale of Two Regressions Listen up. Regression One FreeBSD Commit r324161 “MFV r323796: fix memory leak in [ZFS] g_bio zone introduced in r320452” Bug: r320452: June 28th, 2017 Fix: r324162: October 1st, 2017 3,710 Commits and 3 Months Later June 28th through October 1st BUT July 27th, FreeNAS MFC Slips into FreeNAS 11.1 Released December 13th Fixed in FreeNAS January 18th 3 Months in FreeBSD HEAD 36 Days -
Thread Scheduling in Multi-Core Operating Systems Redha Gouicem
Thread Scheduling in Multi-core Operating Systems Redha Gouicem To cite this version: Redha Gouicem. Thread Scheduling in Multi-core Operating Systems. Computer Science [cs]. Sor- bonne Université, 2020. English. tel-02977242 HAL Id: tel-02977242 https://hal.archives-ouvertes.fr/tel-02977242 Submitted on 24 Oct 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Ph.D thesis in Computer Science Thread Scheduling in Multi-core Operating Systems How to Understand, Improve and Fix your Scheduler Redha GOUICEM Sorbonne Université Laboratoire d’Informatique de Paris 6 Inria Whisper Team PH.D.DEFENSE: 23 October 2020, Paris, France JURYMEMBERS: Mr. Pascal Felber, Full Professor, Université de Neuchâtel Reviewer Mr. Vivien Quéma, Full Professor, Grenoble INP (ENSIMAG) Reviewer Mr. Rachid Guerraoui, Full Professor, École Polytechnique Fédérale de Lausanne Examiner Ms. Karine Heydemann, Associate Professor, Sorbonne Université Examiner Mr. Etienne Rivière, Full Professor, University of Louvain Examiner Mr. Gilles Muller, Senior Research Scientist, Inria Advisor Mr. Julien Sopena, Associate Professor, Sorbonne Université Advisor ABSTRACT In this thesis, we address the problem of schedulers for multi-core architectures from several perspectives: design (simplicity and correct- ness), performance improvement and the development of application- specific schedulers. -
Full Virtualization on Low-End Hardware: a Case Study
Full Virtualization on Low-End Hardware: a Case Study Adriano Carvalho∗, Vitor Silva∗, Francisco Afonsoy, Paulo Cardoso∗, Jorge Cabral∗, Mongkol Ekpanyapongz, Sergio Montenegrox and Adriano Tavares∗ ∗Embedded Systems Research Group Universidade do Minho, 4800–058 Guimaraes˜ — Portugal yInstituto Politecnico´ de Coimbra (ESTGOH), 3400–124 Oliveira do Hospital — Portugal zAsian Institute of Technology, Pathumthani 12120 — Thailand xUniversitat¨ Wurzburg,¨ 97074 Wurzburg¨ — Germany Abstract—Most hypervisors today rely either on (1) full virtua- a hypervisor-specific, often proprietary, interface. Full virtua- lization on high-end hardware (i.e., hardware with virtualization lization on low-end hardware, on the other end, has none of extensions), (2) paravirtualization, or (3) both. These, however, those disadvantages. do not fulfill embedded systems’ requirements, or require legacy software to be modified. Full virtualization on low-end hardware Full virtualization on low-end hardware (i.e., hardware with- (i.e., hardware without virtualization extensions), on the other out dedicated support for virtualization) must be accomplished end, has none of those disadvantages. However, it is often using mechanisms which were not originally designed for it. claimed that it is not feasible due to an unacceptably high Therefore, full virtualization on low-end hardware is not al- virtualization overhead. We were, nevertheless, unable to find ways possible because the hardware may not fulfill the neces- real-world quantitative results supporting those claims. In this paper, performance and footprint measurements from a sary requirements (i.e., “the set of sensitive instructions for that case study on low-end hardware full virtualization for embedded computer is a subset of the set of privileged instructions” [1]). -
Kshot: Live Kernel Patching with SMM and SGX
KShot: Live Kernel Patching with SMM and SGX Lei Zhou∗y, Fengwei Zhang∗, Jinghui Liaoz, Zhengyu Ning∗, Jidong Xiaox Kevin Leach{, Westley Weimer{ and Guojun Wangk ∗Department of Computer Science and Engineering, Southern University of Science and Technology, Shenzhen, China, zhoul2019,zhangfw,ningzy2019 @sustech.edu.cn f g ySchool of Computer Science and Engineering, Central South University, Changsha, China zDepartment of Computer Science, Wayne State University, Detroit, USA, [email protected] xDepartment of Computer Science, Boise State University, Boise, USA, [email protected] Department of Computer Science and Engineering, University of Michigan, Ann Arbor, USA, kjleach,weimerw @umich.edu { f g kSchool of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, China, [email protected] Abstract—Live kernel patching is an increasingly common kernel vulnerabilities also merit patching. Organizations often trend in operating system distributions, enabling dynamic up- use rolling upgrades [3], [6], in which patches are designed dates to include new features or to fix vulnerabilities without to affect small subsystems that minimize unplanned whole- having to reboot the system. Patching the kernel at runtime lowers downtime and reduces the loss of useful state from running system downtime, to update and patch whole server systems. applications. However, existing kernel live patching techniques However, rolling upgrades do not altogether obviate the need (1) rely on specific support from the target operating system, to restart software or reboot systems; instead, dynamic hot and (2) admit patch failures resulting from kernel faults. We patching (live patching) approaches [7]–[9] aim to apply present KSHOT, a kernel live patching mechanism based on patches to running software without having to restart it. -
QEMU Version 4.2.0 User Documentation I
QEMU version 4.2.0 User Documentation i Table of Contents 1 Introduction ::::::::::::::::::::::::::::::::::::: 1 1.1 Features :::::::::::::::::::::::::::::::::::::::::::::::::::::::: 1 2 QEMU PC System emulator ::::::::::::::::::: 2 2.1 Introduction :::::::::::::::::::::::::::::::::::::::::::::::::::: 2 2.2 Quick Start::::::::::::::::::::::::::::::::::::::::::::::::::::: 2 2.3 Invocation :::::::::::::::::::::::::::::::::::::::::::::::::::::: 3 2.3.1 Standard options :::::::::::::::::::::::::::::::::::::::::: 3 2.3.2 Block device options :::::::::::::::::::::::::::::::::::::: 12 2.3.3 USB options:::::::::::::::::::::::::::::::::::::::::::::: 23 2.3.4 Display options ::::::::::::::::::::::::::::::::::::::::::: 23 2.3.5 i386 target only::::::::::::::::::::::::::::::::::::::::::: 30 2.3.6 Network options :::::::::::::::::::::::::::::::::::::::::: 31 2.3.7 Character device options:::::::::::::::::::::::::::::::::: 38 2.3.8 Bluetooth(R) options ::::::::::::::::::::::::::::::::::::: 42 2.3.9 TPM device options :::::::::::::::::::::::::::::::::::::: 43 2.3.10 Linux/Multiboot boot specific ::::::::::::::::::::::::::: 44 2.3.11 Debug/Expert options ::::::::::::::::::::::::::::::::::: 45 2.3.12 Generic object creation :::::::::::::::::::::::::::::::::: 54 2.3.13 Device URL Syntax ::::::::::::::::::::::::::::::::::::: 66 2.4 Keys in the graphical frontends :::::::::::::::::::::::::::::::: 69 2.5 Keys in the character backend multiplexer ::::::::::::::::::::: 69 2.6 QEMU Monitor ::::::::::::::::::::::::::::::::::::::::::::::: 70 2.6.1 Commands ::::::::::::::::::::::::::::::::::::::::::::::: -
Consideration About Enabling Hypervisor in Open-Source firmware
Consideration about enabling hypervisor in open-source firmware OSFC 2019 Piotr Król 1 / 18 About me Piotr Król Founder & Embedded Systems Consultant open-source firmware @pietrushnic platform security [email protected] trusted computing linkedin.com/in/krolpiotr facebook.com/piotr.krol.756859 OSFC 2019 CC BY 4.0 | Piotr Król 2 / 18 Agenda Introduction Terminology Hypervisors Bareflank Hypervisor as coreboot payload Demo Issues and further work OSFC 2019 CC BY 4.0 | Piotr Król 3 / 18 Introduction Goal create firmware that can start multiple application in isolated virtual environments directly from SPI flash Motivation to improve virtualization and hypervisor-fu to understand hardware capabilities and limitation in area of virtualization to satisfy market demand OSFC 2019 CC BY 4.0 | Piotr Król 4 / 18 Terminology Virtualization is the application of the layering principle through enforced modularity, whereby the exposed virtual resource is identical to the underlying physical resource being virtualized. layering - single abstraction with well-defined namespace enforced modularity - guarantee that client of the layer cannot bypass it and access abstracted resources examples: virtual memory, RAID VM is an abstraction of complete compute environment Hypervisor is a software that manages VMs VMM is a portion of hypervisor that handle CPU and memory virtualization Edouard Bugnion, Jason Nieh, Dan Tsafrir, Synthesis Lectures on Computer Architecture, Hard- ware and Software Support for Virtualization, 2017 OSFC 2019 CC BY 4.0 | Piotr Król 5 / -
Quadcore with Coreboot / Libreboot on the T500 (Hopefully the T400 As Well)
QuadCore with Coreboot / Libreboot on the T500 (hopefully the T400 as well) (Translator’s note: Unfortunately, I couldn’t get pdflatex to compile with images, so here’s the link, I’ll put lines in at least so that you can see where each image goes) I tested the quadcore-mod from here first on a T500 mainboard, but back then, the BIOS did me a great disservice, see here and read the paragraph “Why this can’t be done for the T500 and W500” at the end of the first post. Meanwhile, we got Libreboot for the T500, which is basically Coreboot without BLOBs, i.e. CPU microcode. The code differs from coreboot in certain other aspects, however I don’t know exactly. With the ROMs offered for the T500, Quads don’t work either. Finally, I got to actually using a Pandaboard to debug Libreboot’s boot process with a Quad-core installed. The boot process hangs when the third CPU is to be initialized. Looking at the code, I found out that the kconfig data is built to the original specs. In the case of the T500 (which takes the data from the folder for the T400), the maximum count for the CPU is set to two. I changed the count to 4, generated the ROM again, flashed it –> You got quadcore. Because the current Libreboot version doesn’t support screens larger than 1280x800 with the T500, I had to extract the original VGA-BIOS for the Intel graphics from the original Lenovo BIOS and integrate it instead of the “native VGA init” into the ROM.