Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige

Hier ansehen

1 von 15 Anzeige

HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor

Herunterladen, um offline zu lesen

"Session ID: HKG18-115
Session Name: HKG18-115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Speaker: Jan Kiszka
Track: Security


★ Session Summary ★
The open source hypervisor Jailhouse provides hard partitioning of multicore systems to co-locate multiple Linux or RTOS instances side by side. It aims at low complexity and minimal footprint to achieve deterministic behavior and enable certifications according to safety or security standards. In this session, we would like to look at the ARM-specific status of Jailhouse and discuss applications, to-dos and possible collaborations around it with the ARM community. The session is intended to be half presentation, half Q&A / discussion.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-115/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-115.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-115.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong

---------------------------------------------------
Keyword: Security
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"

"Session ID: HKG18-115
Session Name: HKG18-115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Speaker: Jan Kiszka
Track: Security


★ Session Summary ★
The open source hypervisor Jailhouse provides hard partitioning of multicore systems to co-locate multiple Linux or RTOS instances side by side. It aims at low complexity and minimal footprint to achieve deterministic behavior and enable certifications according to safety or security standards. In this session, we would like to look at the ARM-specific status of Jailhouse and discuss applications, to-dos and possible collaborations around it with the ARM community. The session is intended to be half presentation, half Q&A / discussion.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-115/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-115.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-115.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong

---------------------------------------------------
Keyword: Security
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor (20)

Anzeige

Weitere von Linaro (20)

Aktuellste (20)

Anzeige

HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor

  1. 1. Unrestricted © Siemens AG 2018 Jan Kiszka | Linaro Connect, March 19, 2018 Partitioning ARM Systems With the Jailhouse Hypervisor
  2. 2. Unrestricted © Siemens AG 2017 Page 2 Corporate Technology About /me, about this project • Jan Kiszka <jan.kiszka@siemens.com> • Member of embedded Linux team at Siemens Corporate Technology • (In-house) consultant, architect, developer for OSS • Focus on kernel, real-time, virtualization, embedded build systems • Upstream contributor • https://github.com/siemens/jailhouse • Not a product of Siemens, rather an infrastructure component • Started as open source project by Siemens • Published for broader industrial usage and contributions
  3. 3. Unrestricted © Siemens AG 2017 Page 3 Corporate Technology Agenda Introduction to Jailhouse hypervisor Current status on ARM Architectural insights Future directions Summary Discussion
  4. 4. Unrestricted © Siemens AG 2017 Page 4 Corporate Technology Jailhouse: Static Partitioning for Multicore Systems • Focus on maintaining static partitions • No scheduling • 1:1 resource assignment • (Almost) no device emulation • Keep runtime code base minimal • Hard RT properties with minimal overhead • Enable / simplify safety certification Design Goals RTOS / Bare- Metal Hardware Linux Core 4Core 3Core 1 Core 2 Jailhouse Hypervisor Device A Device B Device C Device D Stahlkocher, CC BY-SA 3.0 2nd Linux
  5. 5. Unrestricted © Siemens AG 2017 Page 5 Corporate Technology Boot Process of Jailhouse Power-On Boot Loader Typical Hypervisor Partition 1 OS Partition n OS Jailhouse Boot Loader Partition 2 OS Partition n OS Partition 2 OS Power-On Root LinuxLinux (Yet Another Boot Loader) ... ...
  6. 6. Unrestricted © Siemens AG 2017 Page 6 Corporate Technology Management Interface via Linux linux # jailhouse enable system.cell linux # jailhouse cell create realtime.cell linux # jailhouse cell load my-cell rtos.bin linux # jailhouse cell start my-cell linux # jailhouse cell destroy my-cell linux # jailhouse cell linux linux.cell kernel -i initrd -d dtb linux # jailhouse disable
  7. 7. Unrestricted © Siemens AG 2017 Page 7 Corporate Technology Modes of Operation – Trusting Linux? Linux Jailhouse Cell 1 Cell 2 Cell 3 Linux Jailhouse Cell 1 Cell 3 Cell 2 Open Model Safety Model • Linux (root cell) is in control • Cells not involved in management decisions • Sufficient if root cell is trusted • Linux controls, but... • Cells can be configured to vote over management decisions • Building block for safe operation
  8. 8. Unrestricted © Siemens AG 2017 Page 8 Corporate Technology Jailhouse Status on ARM ARMv7 • Support for Banana-Pi, Orange-Pi, NVIDIA Jetson TK1, VExpress, emtrion emCON-RZ/G1x • Non-upstream: TI Sitara AM572x-EVM • GICv2 and v3 • SMMU on to-do list ARMv8 • Support for AMD Seattle, LeMaker HiKey, Xilinx ZynqMP, NVIDIA Jetson TX1, ESPRESSObin, NXP i.MX8MQ • Works inside QEMU (via virt machine and GICv3) It's small • Currently ~7k lines of code (ARMv8)
  9. 9. Unrestricted © Siemens AG 2017 Page 9 Corporate Technology Architectural Overview Hypervisor Hardware Page MappingPage Allocator Virtual CPU IOMMU HW Access Filters IRQ Controller Arch. Specifics: Mapping, PCI, Life Cycle, ... Inter-Cell Communication PCI Access Life Cycle Management MMIO Access Debug Output VM, IRQ, Exception Entry UART Output Minimal libc Jailhouse Management Tool /sys/devices/jailhouse /dev/jailhouse Cell Image Cell Config Jailhouse Image Cell ConfigCell Image System Config Linux Kernel Jailhouse Driver Module
  10. 10. Unrestricted © Siemens AG 2017 Page 10 Corporate Technology Sharing Devices under Jailhouse Jailhouse Guest B Hardware Core 1 Core 2 Storage Core 3 Core 4 LAN Guest A Shared Memory Device IRQ vETH ivshmem-net vETH ivshmem-net NFS etc. Open issue: ivshmem (v2.0) vs. vhost-pci (virtio)
  11. 11. Unrestricted © Siemens AG 2017 Page 11 Corporate Technology Secure Boot with Jailhouse – Static Chain Boot Loader Partition n OS Partition 2 OS Power-On Full-featured Linux Minimal Linux (kernel + initrd with Jailhouse) ... Jailhouse • Simple model, feasible with all architectures • Prevents undesired hardware access of full-featured Linux • To-do: cell image validation by Jailhouse (if not part of initrd)
  12. 12. Unrestricted © Siemens AG 2017 Page 12 Corporate Technology Ongoing Developments Generated demo & testing images • WiP at https://github.com/siemens/jailhouse-images • Currently generates Debian x86 image for QEMU/KVM • Allows easy exploration of Jailhouse “look & feel” • Planned next: ARM64 QEMU image • Then: reference board images Speculation barriers • Already well isolated in static setups • Further isolate cells inside the hypervisor → CPU-local memory views • Prototype exists for x86, to be extended to ARM now
  13. 13. Unrestricted © Siemens AG 2017 Page 13 Corporate Technology Future Developments Configuration format • Binary format optimized for runtime usage → should remain • Source format currently C structure → should be improved • Device Tree? Also on x86? • Custom YAML description? Non-Linux root cells • Straightforward with many RTOSes • Catch: we need stable & versioned hypervisor boot interface Early partitioning • Create cells via boot loader or EFI helper • Cell reload / restart during runtime without root cell? Clock partitioning • Provide infrastructure to help with moderating clock access • Avoid clock driver reimplementations in hypervisor → firmware service?
  14. 14. Unrestricted © Siemens AG 2017 Page 14 Corporate Technology Why Jailhouse? • Designed for real-time • Full CPU isolation • Minimal I/O latencies • Designed for safety & security • No emulation, no scheduling, minimal interfaces • Target code size: <10k LOC/arch (runtime even smaller) • Safety certification under preparation (waiting for safe hardware) • Designed as true Open Source • GPLv2, public for 4.5 years • Active community, including CPU vendors • Could eventually make into the kernel
  15. 15. Page 15 Thank you! Jan Kiszka <jan.kiszka@siemens.com>

×