SlideShare ist ein Scribd-Unternehmen logo

2011 10-19

Als PPTX, PDF herunterladen
Yaoyao Wang
Yaoyao Wang
BildungTechnologie
1 von 23
Features for Secure Mobile Devices  Low-overhead system virtualization  Separation of guest domains  Hot plug-in/-out of guest domains  Secure boot  Secure storage  Access control
Issues in virtualization  Efficiency is a major concern in embedded virtualization.  Paravirtualization approach is more efficient than full virtualization because expensive translation is not necessary.  ARM CPU has only one unprivileged mode
Architecture
CPU Virtualization  Physically two privilege modes (User mode and Supervisor mode) in ARM CPU. However,  Supervisor mode is assigned to Xen mode  User mode is split into two logical modes (kernel and user User mode is split into two logical modes (kernel and user process of Linux)  Address space protection between kernel mode and user process mode is guaranteed by ARM domain access control mechanism.
CPU Virtualization User Mode Kernel Mode Xen Mode Logical mode split
CPU Virtualization  Exception Handling  Para-virtualization of system calls. ○ System calls are implemented with software interrupt. ○ In Xen on ARM, system calls are interpreted by Xen
Memory Virtualization  Isolation requirements  VMM memory region should be protected from guest OS kernel and user processes  Guest OS kernel memory should be protected from user processes  User process memory should be protected from other processes  Every virtual machine should be isolated from each other
Memory Virtualization  With paging mechanism we can protect Xen memory from guest OS / user processes.  How about Guest OS and user processes isolation? They are in the same user space.
Memory Virtualization  Address Space Isolation  Simply separating the address space of applications and OS kernel will lead to significant cache/TLB flushing overheads since ARM v4/v5 architecture has virtually indexed virtually tagged (VIVT) cache, and Translation Look-aside Buffer (TLB) entries are not tagged with address space ID * ARM11 has virtually indexed physically tagged (VIPT) cache and Mpcore has physically indexed physically tagged (PIPT) cache
Memory Virtualization  CPU Cache  PIPT CPU TLB Cache DRAM Virtual Addr. Physical Addr. 32 bits 26 bits CPU Cache TLB DRAM  VIVT Virtual Addr. Physical Addr. 32 bits 26 bits  VIPT TLB CPU DRAM  PIVT Cache Virtual Addr. Physical Addr. 32 bits 26 bits
Memory Virtualization  Memory Map  Xen and guest domain (kernel + user process) are mapped on a same virtual address space. 0xFFFFFFFF Xen 0xFEFFFFFF 0xFF000000 Kernel 0xC0000000 Guest Domain User space 0xC0000000 0x00000000 Virtual Address Space Guest Domain Virtual Address Space
Memory Virtualization  Conventional MMU based paging mechanism can’t protect the OS kernel from application when they are running in the same user mode  Domain Access Control is used to prevent a user process from accessing to address space of kernel process in ARM CPU user mode.  c3, Domain Access Control Register
Memory Virtualization  The fields D15-D0 in the register define the access permissions for each one of the 16 domains. These domains can be either sections, large pages, or small pages of memory: Access Bit field Comment No access b00 Any access generates a domain fault Client b01 Accesses are checked based on the page table entry’s AP flag setting Reserved b10 Any access generates a domain fault Manager b11 Accesses are not checked against the access permission bits in the TLB entry, so a permission fault cannot be generated.
Memory Virtualization VMM mode D0 D0 D1 D2 Kernel mode D1 VMM Client Client Client Kernel Client Client Client User process User No access No access D2 mode
Memory Virtualization  Keep Xen address translation info from being flushed.  After page table changes (domain/process switching),  TLB entries are flushed explicitly.  TLB lockdown mechanism provided by processor can be used to avoid TLB flushing and reloading  Two lockdown TLB entries used for Xen pages ○ ARM926 provides 8 lockdown TLB entries
Memory Virtualization  Benchmark
System Boot Procedure  Xen and dom 0 kernel images are loaded at predefined memory location. Hardware Initialization Load kernel image for Dom 0 Load and jump to Xen image Initialize system resources (Timer, UART, Memory, IRQ) Create Dom 0 Execute Dom 0 Create / Load guest Domains
System Boot Procedure NOR Flash Partition for Dom 0 Partition 0 Partition 1 Partition 2 Xen Kernel Image File System Virtual space address Platform Load Address Xen Dom 0 I.MX21 0xC0008000 0xC1C00000
VM Create / Destroy  Guest domains (dom U) are created and destroyed by a user level application, dom0_util.  Dom0_util supports only create and destroy functions. Control guest domain Dom0_util Request Xen to create and execute / destroy dom U kernel, where this Domain control driver driver loads the kernel image. Xen Create and execute dom U / destroy dom U
VM Create / Destroy NAND Flash Partition for Dom 1 Partition 0 Partition 1 Kernel Image File System Virtual space address Platform Load Address I.MX21 0xc3c00000
Experiment  Host OS: Ubuntu 10.04  Emulator: Goldfish emulator platform(QEMU 0.82 based Android emulator)  Guest OS: mini-OS (it is used to test if Xen can work)  Supported OS: uc OS II
Experiment  Screenshot

Empfohlen

Xen Euro Par07
Xen Euro Par07Xen Euro Par07
Xen Euro Par07
congvc
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
Susheel Thakur
 
Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)
Mr Cracker
 
Realtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKTRealtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKT
The Linux Foundation
 
A510840101 24982 23_2020_lecture_2
A510840101 24982 23_2020_lecture_2A510840101 24982 23_2020_lecture_2
A510840101 24982 23_2020_lecture_2
Krishna Kumar Singh
 
Kernel modules
Kernel modulesKernel modules
Kernel modules
Elmàgic Àlàâ
 
Writing Character driver (loadable module) in linux
Writing Character driver (loadable module) in linuxWriting Character driver (loadable module) in linux
Writing Character driver (loadable module) in linux
RajKumar Rampelli
 
ARM Architecture-based System Virtualization: Xen ARM open source software pr...
ARM Architecture-based System Virtualization: Xen ARM open source software pr...ARM Architecture-based System Virtualization: Xen ARM open source software pr...
ARM Architecture-based System Virtualization: Xen ARM open source software pr...
The Linux Foundation
 

Empfohlen

Xen Euro Par07
Xen Euro Par07Xen Euro Par07
Xen Euro Par07
congvc
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
Susheel Thakur
 
Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)
Mr Cracker
 
Realtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKTRealtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKT
The Linux Foundation
 
A510840101 24982 23_2020_lecture_2
A510840101 24982 23_2020_lecture_2A510840101 24982 23_2020_lecture_2
A510840101 24982 23_2020_lecture_2
Krishna Kumar Singh
 
Kernel modules
Kernel modulesKernel modules
Kernel modules
Elmàgic Àlàâ
 
Writing Character driver (loadable module) in linux
Writing Character driver (loadable module) in linuxWriting Character driver (loadable module) in linux
Writing Character driver (loadable module) in linux
RajKumar Rampelli
 
ARM Architecture-based System Virtualization: Xen ARM open source software pr...
ARM Architecture-based System Virtualization: Xen ARM open source software pr...ARM Architecture-based System Virtualization: Xen ARM open source software pr...
ARM Architecture-based System Virtualization: Xen ARM open source software pr...
The Linux Foundation
 
Linux Porting to a Custom Board
Linux Porting to a Custom BoardLinux Porting to a Custom Board
Linux Porting to a Custom Board
Patrick Bellasi
 
Type of Embedded core
Type of Embedded core Type of Embedded core
Type of Embedded core
mukul bhardwaj
 
Booting & shut down,
Booting & shut down,Booting & shut down,
Booting & shut down,
Bhushan Pawar -Java Trainer
 
Ov psim demo_slides_power_pc
Ov psim demo_slides_power_pcOv psim demo_slides_power_pc
Ov psim demo_slides_power_pc
simon56
 
linux kernel overview 2013
linux kernel overview 2013linux kernel overview 2013
linux kernel overview 2013
Rohit Pratap Singh
 
Understanding The Boot Process
Understanding The Boot ProcessUnderstanding The Boot Process
Understanding The Boot Process
Dominique Cimafranca
 
Introduction to Kernel and Device Drivers
Introduction to Kernel and Device DriversIntroduction to Kernel and Device Drivers
Introduction to Kernel and Device Drivers
RajKumar Rampelli
 
Linux Booting Steps
Linux Booting StepsLinux Booting Steps
Linux Booting Steps
Anando Kumar Paul
 
Board support package_on_linux
Board support package_on_linuxBoard support package_on_linux
Board support package_on_linux
Vandana Salve
 
Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)
Macpaul Lin
 
IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02
blusmurfydot1
 
Linux io
Linux ioLinux io
Linux io
Sagar Janagonda
 
System Booting Process overview
System Booting Process overviewSystem Booting Process overview
System Booting Process overview
RajKumar Rampelli
 
Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...
Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...
Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...
ijesajournal
 
Boot process -test
Boot process -testBoot process -test
Boot process -test
Hari Shankar
 
Linux kernel
Linux kernelLinux kernel
Linux kernel
Mahmoud Shiri Varamini
 
Win8 architecture for developers
Win8 architecture for developersWin8 architecture for developers
Win8 architecture for developers
Robert MacLean
 
Linux kernel modules
Linux kernel modulesLinux kernel modules
Linux kernel modules
Eddy Reyes
 
Video Drivers
Video DriversVideo Drivers
Video Drivers
Anil Kumar Pugalia
 
Linux SD/MMC device driver
Linux SD/MMC device driverLinux SD/MMC device driver
Linux SD/MMC device driver
艾鍗科技
 
Ho sobaiday
Ho sobaidayHo sobaiday
Ho sobaiday
Minh Nguyen Hoang
 
San pham hocsinh
San pham hocsinhSan pham hocsinh
San pham hocsinh
Minh Nguyen Hoang
 

Weitere ähnliche Inhalte

Was ist angesagt?

Linux Porting to a Custom Board
Linux Porting to a Custom BoardLinux Porting to a Custom Board
Linux Porting to a Custom Board
Patrick Bellasi
 
Type of Embedded core
Type of Embedded core Type of Embedded core
Type of Embedded core
mukul bhardwaj
 
Ov psim demo_slides_power_pc
Ov psim demo_slides_power_pcOv psim demo_slides_power_pc
Ov psim demo_slides_power_pc
simon56
 
IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02
blusmurfydot1
 
Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...
Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...
Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...
ijesajournal
 
Boot process -test
Boot process -testBoot process -test
Boot process -test
Hari Shankar
 
Win8 architecture for developers
Win8 architecture for developersWin8 architecture for developers
Win8 architecture for developers
Robert MacLean
 

Was ist angesagt? (20)

Linux Porting to a Custom Board
Linux Porting to a Custom BoardLinux Porting to a Custom Board
Linux Porting to a Custom Board
 
Type of Embedded core
Type of Embedded core Type of Embedded core
Type of Embedded core
 
Booting & shut down,
Booting & shut down,Booting & shut down,
Booting & shut down,
 
Ov psim demo_slides_power_pc
Ov psim demo_slides_power_pcOv psim demo_slides_power_pc
Ov psim demo_slides_power_pc
 
linux kernel overview 2013
linux kernel overview 2013linux kernel overview 2013
linux kernel overview 2013
 
Understanding The Boot Process
Understanding The Boot ProcessUnderstanding The Boot Process
Understanding The Boot Process
 
Introduction to Kernel and Device Drivers
Introduction to Kernel and Device DriversIntroduction to Kernel and Device Drivers
Introduction to Kernel and Device Drivers
 
Linux Booting Steps
Linux Booting StepsLinux Booting Steps
Linux Booting Steps
 
Board support package_on_linux
Board support package_on_linuxBoard support package_on_linux
Board support package_on_linux
 
Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)
 
IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02
 
Linux io
Linux ioLinux io
Linux io
 
System Booting Process overview
System Booting Process overviewSystem Booting Process overview
System Booting Process overview
 
Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...
Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...
Enhanced Embedded Linux Board Support Package Field Upgrade – A Cost Effectiv...
 
Boot process -test
Boot process -testBoot process -test
Boot process -test
 
Linux kernel
Linux kernelLinux kernel
Linux kernel
 
Win8 architecture for developers
Win8 architecture for developersWin8 architecture for developers
Win8 architecture for developers
 
Linux kernel modules
Linux kernel modulesLinux kernel modules
Linux kernel modules
 
Video Drivers
Video DriversVideo Drivers
Video Drivers
 
Linux SD/MMC device driver
Linux SD/MMC device driverLinux SD/MMC device driver
Linux SD/MMC device driver
 

Andere mochten auch

Andere mochten auch (6)

Ho sobaiday
Ho sobaidayHo sobaiday
Ho sobaiday
 
San pham hocsinh
San pham hocsinhSan pham hocsinh
San pham hocsinh
 
Breathtaking 2011
Breathtaking 2011Breathtaking 2011
Breathtaking 2011
 
Bireysel Silah(lanma) Sorunu ve Psiko-ekonomik Çözümlemesi
Bireysel Silah(lanma) Sorunu ve Psiko-ekonomik ÇözümlemesiBireysel Silah(lanma) Sorunu ve Psiko-ekonomik Çözümlemesi
Bireysel Silah(lanma) Sorunu ve Psiko-ekonomik Çözümlemesi
 
2011046534
20110465342011046534
2011046534
 
Suç i̇şlemi̇ş ve i̇şlememi̇ş ergenleri̇n adi̇l dünya i̇nanci
Suç i̇şlemi̇ş ve i̇şlememi̇ş ergenleri̇n adi̇l dünya i̇nanci Suç i̇şlemi̇ş ve i̇şlememi̇ş ergenleri̇n adi̇l dünya i̇nanci
Suç i̇şlemi̇ş ve i̇şlememi̇ş ergenleri̇n adi̇l dünya i̇nanci
 

Ähnlich wie 2011 10-19

ARMvisor @ Linux Symposium 2012
ARMvisor @ Linux Symposium 2012ARMvisor @ Linux Symposium 2012
ARMvisor @ Linux Symposium 2012
Peter Chang
 
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionLinaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
The Linux Foundation
 
Virtual Pc Seminar
Virtual Pc SeminarVirtual Pc Seminar
Virtual Pc Seminar
guest5b5549
 
Secure Containers with EPT Isolation
Secure Containers with EPT IsolationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation
LinuxCon ContainerCon CloudOpen China
 
Xen and the Art of Virtualization
Xen and the Art of VirtualizationXen and the Art of Virtualization
Xen and the Art of Virtualization
Susheel Thakur
 
Intrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanIntrack14dec tips tricks_clean
Intrack14dec tips tricks_clean
chinitooo
 

Ähnlich wie 2011 10-19 (20)

ARMvisor @ Linux Symposium 2012
ARMvisor @ Linux Symposium 2012ARMvisor @ Linux Symposium 2012
ARMvisor @ Linux Symposium 2012
 
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionLinaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
 
Virtual Pc Seminar
Virtual Pc SeminarVirtual Pc Seminar
Virtual Pc Seminar
 
Linaro connect : Introduction to Xen on ARM
Linaro connect : Introduction to Xen on ARMLinaro connect : Introduction to Xen on ARM
Linaro connect : Introduction to Xen on ARM
 
Virtualization Primer for Java Developers
Virtualization Primer for Java DevelopersVirtualization Primer for Java Developers
Virtualization Primer for Java Developers
 
淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道 淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道
 
Xen io
Xen ioXen io
Xen io
 
Xen & the Art of Virtualization
Xen & the Art of VirtualizationXen & the Art of Virtualization
Xen & the Art of Virtualization
 
Memory Management in TIZEN - Samsung SW Platform Team
Memory Management in TIZEN - Samsung SW Platform TeamMemory Management in TIZEN - Samsung SW Platform Team
Memory Management in TIZEN - Samsung SW Platform Team
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Secure Containers with EPT Isolation
Secure Containers with EPT IsolationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation
 
Xen and the Art of Virtualization
Xen and the Art of VirtualizationXen and the Art of Virtualization
Xen and the Art of Virtualization
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Disco: Running Commodity Operating Systems on Scalable Multiprocessors Disco
Disco: Running Commodity Operating Systems on Scalable Multiprocessors DiscoDisco: Running Commodity Operating Systems on Scalable Multiprocessors Disco
Disco: Running Commodity Operating Systems on Scalable Multiprocessors Disco
 
Intrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanIntrack14dec tips tricks_clean
Intrack14dec tips tricks_clean
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Embedding Linux On The Encore Simputer
Embedding Linux On The Encore SimputerEmbedding Linux On The Encore Simputer
Embedding Linux On The Encore Simputer
 
Advancedperformancetroubleshootingusingesxtop 101110131727-phpapp02
Advancedperformancetroubleshootingusingesxtop 101110131727-phpapp02Advancedperformancetroubleshootingusingesxtop 101110131727-phpapp02
Advancedperformancetroubleshootingusingesxtop 101110131727-phpapp02
 
Nos Windows
Nos WindowsNos Windows
Nos Windows
 

Kürzlich hochgeladen

An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 

Kürzlich hochgeladen (20)

Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 

2011 10-19

  • 1.
  • 2. Features for Secure Mobile Devices  Low-overhead system virtualization  Separation of guest domains  Hot plug-in/-out of guest domains  Secure boot  Secure storage  Access control
  • 3. Issues in virtualization  Efficiency is a major concern in embedded virtualization.  Paravirtualization approach is more efficient than full virtualization because expensive translation is not necessary.  ARM CPU has only one unprivileged mode
  • 5. CPU Virtualization  Physically two privilege modes (User mode and Supervisor mode) in ARM CPU. However,  Supervisor mode is assigned to Xen mode  User mode is split into two logical modes (kernel and user User mode is split into two logical modes (kernel and user process of Linux)  Address space protection between kernel mode and user process mode is guaranteed by ARM domain access control mechanism.
  • 6. CPU Virtualization User Mode Kernel Mode Xen Mode Logical mode split
  • 7. CPU Virtualization  Exception Handling  Para-virtualization of system calls. ○ System calls are implemented with software interrupt. ○ In Xen on ARM, system calls are interpreted by Xen
  • 8. Memory Virtualization  Isolation requirements  VMM memory region should be protected from guest OS kernel and user processes  Guest OS kernel memory should be protected from user processes  User process memory should be protected from other processes  Every virtual machine should be isolated from each other
  • 9. Memory Virtualization  With paging mechanism we can protect Xen memory from guest OS / user processes.  How about Guest OS and user processes isolation? They are in the same user space.
  • 10. Memory Virtualization  Address Space Isolation  Simply separating the address space of applications and OS kernel will lead to significant cache/TLB flushing overheads since ARM v4/v5 architecture has virtually indexed virtually tagged (VIVT) cache, and Translation Look-aside Buffer (TLB) entries are not tagged with address space ID * ARM11 has virtually indexed physically tagged (VIPT) cache and Mpcore has physically indexed physically tagged (PIPT) cache
  • 11. Memory Virtualization  CPU Cache  PIPT CPU TLB Cache DRAM Virtual Addr. Physical Addr. 32 bits 26 bits CPU Cache TLB DRAM  VIVT Virtual Addr. Physical Addr. 32 bits 26 bits  VIPT TLB CPU DRAM  PIVT Cache Virtual Addr. Physical Addr. 32 bits 26 bits
  • 12. Memory Virtualization  Memory Map  Xen and guest domain (kernel + user process) are mapped on a same virtual address space. 0xFFFFFFFF Xen 0xFEFFFFFF 0xFF000000 Kernel 0xC0000000 Guest Domain User space 0xC0000000 0x00000000 Virtual Address Space Guest Domain Virtual Address Space
  • 13. Memory Virtualization  Conventional MMU based paging mechanism can’t protect the OS kernel from application when they are running in the same user mode  Domain Access Control is used to prevent a user process from accessing to address space of kernel process in ARM CPU user mode.  c3, Domain Access Control Register
  • 14. Memory Virtualization  The fields D15-D0 in the register define the access permissions for each one of the 16 domains. These domains can be either sections, large pages, or small pages of memory: Access Bit field Comment No access b00 Any access generates a domain fault Client b01 Accesses are checked based on the page table entry’s AP flag setting Reserved b10 Any access generates a domain fault Manager b11 Accesses are not checked against the access permission bits in the TLB entry, so a permission fault cannot be generated.
  • 15. Memory Virtualization VMM mode D0 D0 D1 D2 Kernel mode D1 VMM Client Client Client Kernel Client Client Client User process User No access No access D2 mode
  • 16. Memory Virtualization  Keep Xen address translation info from being flushed.  After page table changes (domain/process switching),  TLB entries are flushed explicitly.  TLB lockdown mechanism provided by processor can be used to avoid TLB flushing and reloading  Two lockdown TLB entries used for Xen pages ○ ARM926 provides 8 lockdown TLB entries
  • 18. System Boot Procedure  Xen and dom 0 kernel images are loaded at predefined memory location. Hardware Initialization Load kernel image for Dom 0 Load and jump to Xen image Initialize system resources (Timer, UART, Memory, IRQ) Create Dom 0 Execute Dom 0 Create / Load guest Domains
  • 19. System Boot Procedure NOR Flash Partition for Dom 0 Partition 0 Partition 1 Partition 2 Xen Kernel Image File System Virtual space address Platform Load Address Xen Dom 0 I.MX21 0xC0008000 0xC1C00000
  • 20. VM Create / Destroy  Guest domains (dom U) are created and destroyed by a user level application, dom0_util.  Dom0_util supports only create and destroy functions. Control guest domain Dom0_util Request Xen to create and execute / destroy dom U kernel, where this Domain control driver driver loads the kernel image. Xen Create and execute dom U / destroy dom U
  • 21. VM Create / Destroy NAND Flash Partition for Dom 1 Partition 0 Partition 1 Kernel Image File System Virtual space address Platform Load Address I.MX21 0xc3c00000
  • 22. Experiment  Host OS: Ubuntu 10.04  Emulator: Goldfish emulator platform(QEMU 0.82 based Android emulator)  Guest OS: mini-OS (it is used to test if Xen can work)  Supported OS: uc OS II
  • 23. Experiment  Screenshot

Hinweis der Redaktion

  1. http://en.wikipedia.org/wiki/Memory_management_unit
  2. http://en.wikipedia.org/wiki/CPU_cache