DOCSLIB.ORG

Flexible Workload Acceleration on Intel Architecture Lowers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

WHITE PAPER Intel® QuickAssist Technology Communications and Networking Flexible Workload Acceleration on Intel® Architecture Lowers Equipment Cost Intel® QuickAssist Technology eliminates the need for various add-on acceleration modules There will always be classes of standard application programming workloads and algorithms that interfaces (APIs). They provide consistent push the capabilities of traditional conventions and semantics across multiple compute platforms. A prime example is accelerator implementations, thus future- computationally-expensive public key proofing software investments. The platform encryption algorithms supporting SSL, also delivers exceptional packet processing particularly the handshaking mechanism performance by running performance- that allows a server and a client to optimized libraries from the Intel® Data establish a connection. Consequently, Plane Development Kit (Intel® DPDK). IT professionals often deploy specialty This paper provides an overview of Intel based add-on acceleration modules QuickAssist Technology and describes four to increase performance and avoid implementation scenarios that underscore overloading their servers. the flexibility available to equipment Now, there’s an alternative to using manufacturers, independent software specialized ASICs for compute-intensive vendors (ISVs) and IT professionals. Using Acceleration modules built workloads. Servers based on the Intel® this workload acceleration technology, it’s possible for Telco central offices and into the Intel® Platform for Platform for Communications Infrastructure have new capabilities for datacenters to significantly lower their Communications Infrastructure accelerating asymmetric and symmetric equipment cost and improve workload cryptography, data compression and other balancing across servers. workloads. The platform incorporates Intel® QuickAssist Technology, which includes acceleration modules that are accessed via a unified set of industry- Intel® QuickAssist Technology Workload Open Source Framework Open Source Applications Overview Cryptography • OpenSSL libcrypto • IPSec (NETKEY) Although Intel QuickAssist Technology • Linux* Kernel Crypto API • Apache* supports several mechanisms for Intel® (scatterlist) architecture platforms to communicate Data • zlib • File compression (minigzip) with accelerators, this paper focuses on the Compression • Linux Kernal Crypto • IPComp (NETKEY) acceleration capabilities within the Intel API (scatterlist) Platform for Communications Infrastructure, namely through the processors’ chipset which Table 1: Supported Workloads and Open Source Frameworks and Applications may also be used as a PCIe* device for higher performance. They are accessed via the Intel Benefits Implementation Effort and QuickAssist Technology API, which makes Today, equipment manufacturers and Performance calls to hardware acceleration modules in the IT professionals can choose from a Equipment manufacturers and IT platform, as depicted in Figure 1. The large assortment of specialty add-on professionals can implement Intel specialized acceleration modules available acceleration modules that span a wide QuickAssist Technology in a number in this chipset, execute specific workloads range of performance. Compared to many of ways, as illustrated in Figure 2. The including symmetric and asymmetric modules, Intel QuickAssist Technology offers implementation options support either cryptography, compression and pattern comparable or better performance, while open source or proprietary applications matching. The API enables the acceleration providing some other benefits. It is relatively and whether the protocol processing is modules to be easily accessed by open easy to scale performance because the done in user or kernel space. A number source software or vendor. Therefore, this acceleration capacity can be increased by of open source application patches flexibility can shorten time to market by adding processor cores and/or chipsets (user and kernel space) are supplied reducing development complexity and effort. to the design. For instance, in bladed by Intel engineers; and therefore, the systems, having integrated acceleration in customer software integration effort is the processor chipset eliminates the need User or OpenSource for an add-on acceleration module, reduces Application cost, lowers overall power consumption and decreases footprint. The Intel QuickAssist SHIMs (NETKEY, openlib, zlib) Proprietary Proprietary Software Technology API also preserves software Applications Applications investment over generations of platforms. Intel® QuickAssist Technology API Implementation Scenarios Open Source Open Source Applications Applications Intel QuickAssist Technology offers a high Hardware- Effort Programming Assisted level of flexibility given that it supports Kernel Space User Space Acceleration diverse workloads, embraces open source (IPSec & IPComp) (Others) Hardware software and runs in both kernel and Implementation Intel® Processor-Based Platform user space to best accommodate the Figure 2. Possible Implementation Scenarios Intel Supplied Customer Supplied implementation provided by the open source community. For example, IPSec and IPComp simplified. On the other hand, performance Figure 1. Intel® QuickAssist Technology Accesses typically run in kernel space, whereas many optimizations are possible for proprietary Hardware Acceleration Modules other open protocols run in user space. applications, which may require some Proprietary applications may run in either customization to interface to the Intel Open Source Software Support user or kernel space as well. QuickAssist Technology APIs. And these Today, Intel QuickAssist Technology performance optimizations can be carried accelerates cryptography and data • User space: The memory area typically forward in future generations of Intel compression workloads, with others assigned to application software by the QuickAssist Technology. Implementation currently in development. The workloads operating system. examples for these scenarios are provided are supported by open source frameworks Kernel space: The memory area reserved in the following and depicted in Figure 3. and applications, as shown in Table 1. • to run the kernel (the central part of an The use of open frameworks enables operating system) and software controlling developers to quickly evaluate the platform resources, such as device drivers. performance of the acceleration modules. 2 Open Source Application Open Source Application Proprietary Application Proprietary Application User Space Kernel Space (IPSec & IPComp) User Space Kernel Space (IPSec & IPComp) Open Source User Space Application Application Open Source API Open Source Applications (e.g., EVP API) (e.g., Openswan User Space Application Open Source Framework pluto for IKE (e.g., OpenSSL, libcrypto) User Space Application Shim Intel® QuickAssist Open Source API Intel® QuickAssist Technology API (e.g., OCF, cryptodev) Technology API Cryptography Accelerator Cryptography Accelerator User Space User Space Driver User Space User Space Driver Driver Kernel Space (e.g., Kernel App crytodev for (e.g., NETKEY, Kernel Space Application OCF) Openswan, KLIPS) Open Source API Intel® QuickAssist (e.g., OCF, scatterlist) Technology API Open Source Framework Cryptography Accelerator (e.g., Linux* Kernel Kernel Space Driver CryptoFramework, OCF) Shim Intel® QuickAssist Customer Supplied Technology API Open Source Cryptography Accelerator Intel Supplied Kernel Space Driver Intel QuickAssist Technology Cryptography Accelerator Figure 3. Implementation Examples Scenario 1. Open source application, Scenario 2. Open source application, Scenario 3. Proprietary application, user space kernel space (IPSec & IPComp) user space Challenge: An ISV wants to set up a cipher Challenge: An ISV wants to use open Challenge: An equipment manufacturer to perform encryption and decryption source IPSec & IPComp software, where wants to accelerate security functions operations in CBC, CFB, OFB or ECB mode. parts of the protocol handling run in kernel called by its proprietary user space space. security application. Solution: Download OpenSSL (open source) and the associated high level API, Solution: Use an open source API, such Solution: Modify the user space security called EVP. Include openssl/evp.h and link as OCF-Linux*, which is a Linux port of application to make calls to the Intel to libcrypto (-lcrypto). Compile with an the OpenBSD*/FreeBSD* Cryptographic QuickAssist Technology API. Some effort is Intel-provided shim that interfaces to the Framework (OCF). This port aims to bring needed to learn the API. Intel QuickAssist Technology API through full asynchronous crypto acceleration to an OpenSSL engine implementation, the Linux kernel and applications running Scenario 4. Proprietary application, which in turn calls a user space driver that under Linux. Intel supports kernel space kernel space interacts with the hardware. operation with the Intel QuickAssist Challenge: An equipment manufacturer Technology API, and a kernel-built shim wants to call the Intel acceleration and driver. In this scenario, the packet flow hardware modules from kernel space. usually stays in kernel space, and the user space code only handles control messages. Solution: Split up the proprietary security application so the calls to the hardware accelerators are made from kernel space. 3 Boost Packet Processing An Alternative to Add-on Throughput in User Space Acceleration Modules Intel
Recommended publications
  • FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 Kernel Crypto

    FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 Kernel Crypto

    FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 Kernel Crypto API Cryptographic Module FIPS 140-2 Level 1 Validation Software Version: R7-2.0.0 Date: December 7, 2018 Document Version 1.1 ©Oracle Corporation This document may be reproduced whole and intact including the Copyright notice. Title: Oracle Linux 7 Kernel Crypto API Cryptographic Module Security Policy December 07, 2018 Author: Atsec Information Security Contributing Authors: Oracle Linux Engineering Oracle Security Evaluations – Global Product Security Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright © 2018, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact including this copyright notice. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Linux 7 Kernel Crypto API Cryptographic
  • Namespacing in Selinux

    Namespacing in Selinux

    Namespacing in SELinux Linux.conf.au 2018 Sydney, Australia James Morris [email protected] Introduction ● Who am I? – Linux security subsystem maintainer ● Previously: Crypto API, Netfilter, SELinux, LSM, IPSec, MCS, sVirt ● Recovering manager ● blog.namei.org ● @xjamesmorris ● Overview – Briefly review technologies – Discuss requirements – SELinux namespace prototype – Current work: inode labeling – Future work SELinux ● Label-based mandatory access control (MAC) – Set security labels on: ● Subjects ● Objects – Define permissions – Centrally managed policy – Enforced by kernel ● Generalized ● Separation of policy and mechanism Linux Security Modules (LSM) ● Kernel API for access control ● Hooks – Located at security decision points – All security relevant information available – Race-free ● Kind of like Netfilter but for the whole kernel ● Pluggable: Smack, SELinux, AppArmor etc. Linux Namespaces ● Private views of global resources – mount, network, ipc, pid, user, uts, cgroup ● APIs: clone(2), setns(2), unshare(2) ● See also: pam_namespace(8) ● Uses: – Sandboxes – Containers – Multi-level security (!) ● No namespacing of LSM or other security APIs Containers ● Not a Thing ™ ● Actually namespaces + cgroups + magic – Docker, lxc, lxd etc. ● Very popular ● Kernel security APIs not containerized, e.g. – Limits functionality for OS-like containers – SELinux on Fedora-based distros pretends to be disabled inside container, and yet … ! Use Cases ● Enable SELinux confinement within a container – Currently runs as one global label and appears
  • Speeding up Linux Disk Encryption Ignat Korchagin @Ignatkn $ Whoami

    Speeding up Linux Disk Encryption Ignat Korchagin @Ignatkn $ Whoami

    Speeding Up Linux Disk Encryption Ignat Korchagin @ignatkn $ whoami ● Performance and security at Cloudflare ● Passionate about security and crypto ● Enjoy low level programming @ignatkn Encrypting data at rest The storage stack applications @ignatkn The storage stack applications filesystems @ignatkn The storage stack applications filesystems block subsystem @ignatkn The storage stack applications filesystems block subsystem storage hardware @ignatkn Encryption at rest layers applications filesystems block subsystem SED, OPAL storage hardware @ignatkn Encryption at rest layers applications filesystems LUKS/dm-crypt, BitLocker, FileVault block subsystem SED, OPAL storage hardware @ignatkn Encryption at rest layers applications ecryptfs, ext4 encryption or fscrypt filesystems LUKS/dm-crypt, BitLocker, FileVault block subsystem SED, OPAL storage hardware @ignatkn Encryption at rest layers DBMS, PGP, OpenSSL, Themis applications ecryptfs, ext4 encryption or fscrypt filesystems LUKS/dm-crypt, BitLocker, FileVault block subsystem SED, OPAL storage hardware @ignatkn Storage hardware encryption Pros: ● it’s there ● little configuration needed ● fully transparent to applications ● usually faster than other layers @ignatkn Storage hardware encryption Pros: ● it’s there ● little configuration needed ● fully transparent to applications ● usually faster than other layers Cons: ● no visibility into the implementation ● no auditability ● sometimes poor security https://support.microsoft.com/en-us/help/4516071/windows-10-update-kb4516071 @ignatkn Block
  • Linux Kernal II 9.1 Architecture

    Linux Kernal II 9.1 Architecture

    Page 1 of 7 Linux Kernal II 9.1 Architecture: The Linux kernel is a Unix-like operating system kernel used by a variety of operating systems based on it, which are usually in the form of Linux distributions. The Linux kernel is a prominent example of free and open source software. Programming language The Linux kernel is written in the version of the C programming language supported by GCC (which has introduced a number of extensions and changes to standard C), together with a number of short sections of code written in the assembly language (in GCC's "AT&T-style" syntax) of the target architecture. Because of the extensions to C it supports, GCC was for a long time the only compiler capable of correctly building the Linux kernel. Compiler compatibility GCC is the default compiler for the Linux kernel source. In 2004, Intel claimed to have modified the kernel so that its C compiler also was capable of compiling it. There was another such reported success in 2009 with a modified 2.6.22 version of the kernel. Since 2010, effort has been underway to build the Linux kernel with Clang, an alternative compiler for the C language; as of 12 April 2014, the official kernel could almost be compiled by Clang. The project dedicated to this effort is named LLVMLinxu after the LLVM compiler infrastructure upon which Clang is built. LLVMLinux does not aim to fork either the Linux kernel or the LLVM, therefore it is a meta-project composed of patches that are eventually submitted to the upstream projects.
  • Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module V4.0

    Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module V4.0

    Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0 FIPS 140-2 Non-Proprietary Security Policy Version 1.2 Last update: 2016-08-29 Prepared by: atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 www.atsec.co m ©2016 Red Hat Enterprise Linux / atsec information security corporation Page 1 of 24 This document can be reproduced and distributed only whole and intact, including this copyright notice. Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0 FIPS 140-2 Non-Proprietary Security Policy Table of Contents 1Cryptographic Module Specification........................................................................................4 1.1Module Overview...........................................................................................................4 1.2FIPS 140-2 validation.....................................................................................................6 1.3Modes of Operations......................................................................................................7 2Cryptographic Module Ports and Interfaces.............................................................................8 3Roles, Services and Authentication.........................................................................................9 3.1Roles.............................................................................................................................. 9 3.2Services........................................................................................................................
  • Demystifying Internet of Things Security Successful Iot Device/Edge and Platform Security Deployment — Sunil Cheruvu Anil Kumar Ned Smith David M

    Demystifying Internet of Things Security Successful Iot Device/Edge and Platform Security Deployment — Sunil Cheruvu Anil Kumar Ned Smith David M

    Demystifying Internet of Things Security Successful IoT Device/Edge and Platform Security Deployment — Sunil Cheruvu Anil Kumar Ned Smith David M. Wheeler Demystifying Internet of Things Security Successful IoT Device/Edge and Platform Security Deployment Sunil Cheruvu Anil Kumar Ned Smith David M. Wheeler Demystifying Internet of Things Security: Successful IoT Device/Edge and Platform Security Deployment Sunil Cheruvu Anil Kumar Chandler, AZ, USA Chandler, AZ, USA Ned Smith David M. Wheeler Beaverton, OR, USA Gilbert, AZ, USA ISBN-13 (pbk): 978-1-4842-2895-1 ISBN-13 (electronic): 978-1-4842-2896-8 https://doi.org/10.1007/978-1-4842-2896-8 Copyright © 2020 by The Editor(s) (if applicable) and The Author(s) This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Open Access This book is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this book are included in the book’s Creative Commons license, unless indicated otherwise in a credit line to the material.
  • A Comparison of Two Distributed Systems

    A Comparison of Two Distributed Systems

    A comparison of two distributed systems Finny Varghese Topics Design Philosophies Application environment Processor allocation Design Consequences Kernal Architecture Communication Mechanism File system Process Management 1 Amoeba vs. Sprite 2 philosophical grounds Distributed computing model vs. Unix-style applications Workstation-centered model vs. combination of terminal with a shared processor pool Amoeba vs. Sprite Amoeba Sprite user level IPC RPC model – Kernal use mechanism Caches files only on Client-level caching servers Centralized server – to Process migration model allocate processors 2 Amoeba System Sprite System 3 Design Philosophies 1. How to design a distributed file system with secondary storage shared? 2. How to allow collection of processors to be exploited by individual users Application Environment Amoeba Sprite Process or file = obj Eases – transition from Capability time-sharing to networked Port – hides the server workstations from objects Uniform communication Caching file data – on model workstations Easier - writing distributed application Little or no IPC Orca – programming language 4 Processor Allocation Pure “workstation” – execute tasks on one machine Pure “processor pool” – equal access to all processors Amoeba – closer to processor pool Sprite – closer to workstation model Processor Allocation - Amoeba “pool processor” – network interface and RAM Unlike pure – processors allocation outside pool processors for system services Terminals – only display server 3 reasons for this choice 1. Assumption that processor & memory price decrease 2. Assumption that the cost of adding new processor would be less than adding workstation 3. Entire distributed system – as a time sharing system 5 Processor Allocation - Sprite Priority, processing power of a workstation Unlike pure workstations – uses processing power of idle hosts Dedicated file servers – not for applications 3 reasons for this choice 1.
  • Simulation and Comparison of Various Scheduling Algorithm for Improving the Interrupt Latency of Real –Time Kernal

    Simulation and Comparison of Various Scheduling Algorithm for Improving the Interrupt Latency of Real –Time Kernal

    Journal of Computer Science and Applications. ISSN 2231-1270 Volume 6, Number 2 (2014), pp. 115-123 © International Research Publication House http://www.irphouse.com Simulation And Comparison of Various Scheduling Algorithm For Improving The Interrupt Latency of Real –Time Kernal 1.Lavanya Dhanesh 2.Dr.P.Murugesan 1.Research Scholar, Sathyabama University, Chennai, India. 2.Professor, S.A. Engineering College, Chennai, India. Email:1. [email protected] Abstract The main objective of the research is to improve the performance of the Real- time Interrupt Latency using Pre-emptive task Scheduling Algorithm. Interrupt Latency provides an important metric in increasing the performance of the Real Time Kernal So far the research has been investigated with respect to real-time latency reduction to improve the task switching as well the performance of the CPU. Based on the literature survey, the pre-emptive task scheduling plays an vital role in increasing the performance of the interrupt latency. A general disadvantage of the non-preemptive discipline is that it introduces additional blocking time in higher priority tasks, so reducing schedulability . If the interrupt latency is increased the task switching delay shall be increasing with respect to each task. Hence most of the research work has been focussed to reduce interrupt latency by many methods. The key area identified is, we cannot control the hardware interrupt delay but we can improve the Interrupt service as quick as possible by reducing the no of preemptions. Based on this idea, so many researches has been involved to optimize the pre-emptive scheduling scheme to reduce the real-time interrupt latency.
  • Get the Inside Track on 27 Years of Microkernel Innovation

    Get the Inside Track on 27 Years of Microkernel Innovation

    Get the inside track on 27 years of microkernel innovation# Sebastien and Colin talked about the history of the QNX Microkernel, the new Hybrid Development Model and then got into some details of how the kernel and the process manager actually work. Archived Web Broadcast# The On-Demand version of the broadcast is available here - http://seminar2.techonline.com/s/qnx_oct1707 Slides# Here are the slides from the webinar - sorry the are in PowerPoint format. Oct27_Microkernel_Innovation/ Webinar_kernel_oct07_final.ppt Questions From The Webinar# There were loads of questions during the webinar! Are there are QNX Kernel development books in process of writing or available now?# Not that I'm aware of - CB Does the Momentics version contain the develoment system and also the OS for the BSP.# What tools one needs to try this out?# is the uK student version FUll or minimal ?# There is only one version - the student and non-commercial aspect is simply the license agreement you select when you download - CB Has or will QNX publish a set of development standards or procedures (e.g., coding conventions)?# Yes - see the developers info page (OSDeveloperInformation) page for our coding guidelines - CB how would the "QNX Comunity" work with the hybrid SW model? how do people out-side of your company contribute?# The OSDeveloperInformation page covers how to contribute - CB could hybrid source model adversely effect stability of customer product ? i.e. enforced product releases for bug fixes....# Our regular releases are still going to be as thoroughly tested as before, there should be no stability problems introduced by sharing our code.
  • I.MX Encrypted Storage Using CAAM Secure Keys Rev

    I.MX Encrypted Storage Using CAAM Secure Keys Rev

    AN12714 i.MX Encrypted Storage Using CAAM Secure Keys Rev. 1 — 11/2020 Application Note Contents 1 Preface 1 Preface............................................1 Devices often contain highly sensitive information which is consistently at risk 1.1 Intended audience and scope......1 1.2 References...................................1 to get physically lost or stolen. Setting user passwords does not guarantee data 2 Overview......................................... 1 protection against unauthorized access. The attackers can simply bypass the 2.1 DM-Crypt......................................1 software system of a device and access the data storage directly. Only the 2.2 DM-Crypt accelerated by CAAM use of encryption can guarantee data confidentiality in the case where storage .....................................................2 media is directly accessed. 2.3 DM-Crypt using CAAM's Secure Key...............................................3 This document provides steps to run a transparent storage encryption at block 3 Hands-On........................................4 level using DM-Crypt taking advantage of the secure key feature provided 3.1 Installation....................................4 by i.MXs Cryptographic Accelerator and Assurance Module (CAAM). The 3.2 Usage...........................................6 document applies to all i.MX SoCs having CAAM module. The feature is not 3.3 Performance................................ 9 available on i.MX SoCs with DCP. 4 Revision History............................ 10 5 Appendix A. Configuration...........
  • History of General-Purpose Operating Systems Unix Opera

    History of General-Purpose Operating Systems Unix Opera

    Software systems and issues Operating system • operating systems • a program that controls the resources of a computer – controlling the computer – interface between hardware and all other software • file systems and databases – examples: Windows 95/98/NT/ME/2000/XP/Vista/7, – storing information Unix/Linux, Mac OS X, Symbian, PalmOS, ... • applications – programs that do things • runs other programs ("applications", your programs) • middleware, platforms • manages information on disk (file system) – where programs meet systems • controls peripheral devices, communicates with outside • interfaces, standards • provides a level of abstraction above the raw hardware – agreements on how to communicate and inter-operate – makes the hardware appear to provide higher-level services than it • open source software really does – freely available software – makes programming much easier • intellectual property – copyrights, patents, licenses What's an operating system? History of general-purpose operating systems • 1950's: signup sheets "Operating system" means the software code that, inter alia, • 1960's: batch operating systems (i) controls the allocation and usage of hardware resources – operators running batches of jobs (such as the microprocessor and various peripheral devices) of – OS/360 (IBM) a Personal Computer, (ii) provides a platform for developing • 1970's: time-sharing applications by exposing functionality to ISVs through APIs, – simultaneous access for multiple users and (iii) supplies a user interface that enables users to access – Unix (Bell Labs; Ken Thompson & Dennis Ritchie) functionality of the operating system and in which they can • 1980's: personal computers, single user systems run applications. – DOS, Windows, MacOS – Unix US District Court for the District of Columbia • 1990's: personal computers, PDA's, … Final Judgment, State of New York, et al v.
  • Course Title

    Course Title

    "Charting the Course ... ... to Your Success!" Linux Internals Course Summary Description This is an intensive course designed to provide an in-depth examination of the Linux kernel architecture including error handling, system calls, memory and process management, filesystem, and peripheral devices. This course includes concept lectures and discussions, demonstrations, and hands-on programming exercises. Objectives At the end of this course, students will be able to: • Identify and understand the components of • Understand and explain error handling; the Linux system and its file system • Understand and explain memory • Boot a Linux system and identify the boot management phases • Understand and explain process • Understand and utilize selected services management • Identify and understand the various • Understand and explain process scheduling components of the Linux kernal • Utilize and change kernal parameters Topics • Introduction • Memory Management • Booting Linux • Process Management • Selected Services • Process Scheduling • The Linux Kernel • Signals • Kernel Parameters • IPC (Interprocess Communication) • Kernel Modules • The Virtual Filesystem • Kernel Error Handling and Monitoring • Interrupts • Kernel Synchronization • Time and Timers • System Calls • Device Drivers Audience This course is designed for Technology Professionals who need to understand, modify, support, and troubleshoot the Linux Operating System. Prerequisites Students should be proficient with basic tools such as vi, emacs, and file utilities. Experience with systems programming in a UNIX or Linux environment is a recommended. Duration Five days Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies.