Secure Xen on ARM:
Source Code Release and
        Update

           Sang-
           Sang-bum Suh
      sbuk.suh@samsung...
Xen Summit North America 2008

    Agenda
           Secure Xen on ARM: source code release
                 Source Code
 ...
Xen Summit North America 2008

   Overview
        Goal
           Light-
           Light-weight secure virtualization te...
Xen Summit North America 2008

     Environments
           HW and SW Environments
                 A Reference System for...
Xen Summit North America 2008

    Source Code Tree
           Samsung newly added about 20,000 loc on Xen 3.0.2
         ...
Xen Summit North America 2008

    ARM Specific Files
          Path name              File name                          ...
Xen Summit North America 2008

     Modified Common Files
                          Path                          File nam...
Xen Summit North America 2008

    New Hypercalls
           We introduce new 8 hypercalls in order to
             Suppor...
Xen Summit North America 2008

    Roadmap: release of source code
                                  2008                 ...
Xen Summit North America 2008

    Agenda
           Secure Xen on ARM: source code release
                 Source Code
 ...
Xen Summit North America 2008

    Vision: service/UI migration
Xen Summit North America 2008

    Current Status: early stage
      HW and SW Environments
           A Reference System ...
Xen Summit North America 2008




           Thank you!
           Welcome Xen developers and eco-system
                 ...
Upcoming SlideShare
Loading in...5
×

XS Boston 2008 ARM

551

Published on

Sang-bum Suh: Update of Secure Xen on ARM

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
551
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

XS Boston 2008 ARM

  1. 1. Secure Xen on ARM: Source Code Release and Update Sang- Sang-bum Suh sbuk.suh@samsung.com Software Lab. SAIT, Samsung Electronics June 24, 2008 Xen Summit North America 2008
  2. 2. Xen Summit North America 2008 Agenda Secure Xen on ARM: source code release Source Code Overview Source Code Tree ARM Specific Files Modified Common Files New Hypercalls Roadmap Migration for Interface Virtualization Vision Current Status: Demo Appendix
  3. 3. Xen Summit North America 2008 Overview Goal Light- Light-weight secure virtualization technology for 3G/4G mobile phone History Secure Xen architecture and Xen on ARM demo presented at Xen Summit April 2007 Secure Xen on ARM demo presented at Xen Summit November 2007 Release of source code: Xen Summit North America 2008 Xen on ARM, the associated Access Control, mini-OS mini- Dom U Dom 0 Application Application Application Application Front- Front-end Drivers Back- Back-end Drivers Access Access Control Control Native Drivers VM Interface VM Interface Access Control Resource Allocator Domain Manager Peripheral Devices CPU System Memory Flash Memory Peripheral Devices Secure Xen on ARM Architecture 1.0
  4. 4. Xen Summit North America 2008 Environments HW and SW Environments A Reference System for Implementation SW Xen : Xen-3.0.2 Xen- HW Processor : ARM-9 266Mhz (Freescale i.MX21) ARM- Memory : 64MB Flash : NOR 32MB / NAND 64MB LCD : 3.5 inch Network : CS8900A 10Base-T Ethernet Controller 10Base- For details: http://wiki.xensource.com/xenwiki/XenARM
  5. 5. Xen Summit North America 2008 Source Code Tree Samsung newly added about 20,000 loc on Xen 3.0.2 Added codes are for ARM support and security features Some common files are modified for ARM support ARM/Board support files ARM/Board support Header files Security support Header files Mini- Mini-OS for Secure Xen Security support files Samsung’s work
  6. 6. Xen Summit North America 2008 ARM Specific Files Path name File name Path name File name Path name uaccess.Sname File xensetup.c xen/arch/arm asm-offsets.s arch_domain.c xen/arch/arm asm-offsets.s xen/arch/arm asm-offsets.s Aci_generator.c asm-offsets.c debug.S cache.c platform.c Acm_hooks.c copypage-v4wb.S start.S core-arm926.S xen/arch/arm/arch-imx21 system.c Acm_integrator.c dma-op.c time.c dom0_ops.c Xen/security/acm Blp.c uart.c domain_build.c Decision_cache.c domain_page.c clearbit.S entry.S delay.S xen/arch/arm/xen flushtlb.c div64.S hypercalls.S findbit.S irq.c getuser.S mm.c lib1funcs.S physdev.c time.c memchr.S tlb-v4wbi.S memcpy.S traps.c memset.S xen/arch/arm/lib xen.lds.S memzero.S xensetup.c muldi3.c Aci_generator.c putuser.S setbit.S Acm_hooks.c strchr.S testchangebit.S Acm_integrator.c testclearbit.S Xen/security/acm Blp.c testsetbit.S * Header files are not shown Decision_cache.c uaccess.S arch_domain.c
  7. 7. Xen Summit North America 2008 Modified Common Files Path File name Path File name dom0_ops.c dom0_ops.c io.c elf.c xen-3.0.2/tools/console/daemon main.c (57) event_channel.c utils.c grant_table.c xc_domain.c memory.c xc_evtchn.c xen-3.0.2/common page_alloc.c xc_linux_build.c sched_bvt.c xc_linux_restore.c schedule.c xc_linux_save.c softirq.c xc_load_aout9.c xen-3.0.2/tools/libxc timer.c xc_load_elf.c (1346 lines are modified) xmalloc.c xc_misc.c console.c xc_private.c xen-3.0.2/drivers/char (86) serial.c xenctrl.h acm_ops.h xenguest.h (198) dom0_ops.h xg_private.h event_channel.h xen-3.0.2/tools/python/xen __init__.py xen-3.0.2/include/public grant_table.h xen-3.0.2/tools/python/xen/lowlevel __init__.py sched.h xen-3.0.2/tools/python/xen/sv __init__.py (278) xen.h __init__.py xen-3.0.2/tools/python/xen/util (220) config.h auxbin.py hypercall.h xen-3.0.2/tools/python/xen/web __init__.py iocap.h XendDomainInfo.py xen-3.0.2/tools/python/xen/xend xen-3.0.2/include/xen irq.h XendRoot.py sched.h DevController.py smp.h xen-3.0.2/tools/python/xen/xend/server SrvDaemon.py (138) softirq.h __init__.py (20) (244) __init__.py xen-3.0.2/tools/console/client main.c xen-3.0.2/tools/python/xen/xend/xenstore
  8. 8. Xen Summit North America 2008 New Hypercalls We introduce new 8 hypercalls in order to Support ARM architectures Enable new security features Hypercall name Description Restore CPU context stored in guest kernel stack __HYPERVISOR_restore_guest_context Dispatch profiling data __HYPERVISOR_do_print_profile Change foreground domain __HYPERVISOR_do_set_foreground_domain Register HID irq. The HID irq is only delivered to foreground domain select by __HYPERVISOR_do_set_HID_irq __HYPERVISOR_do_set_foreground_domain hypercall Request DMA operations __HYPERVISOR_dma_op Change IRQ type and attributes __HYPERVISOR_set_pirq_type Override native Xen hypercall. User can choose __HYPERVISOR_do_acm_op native or Secure Xen hypercall via menuconfig Manage secure storage data __HYPERVISOR_sra_op
  9. 9. Xen Summit North America 2008 Roadmap: release of source code 2008 2009 June ~ 4Q ~ 2Q VMM • Align Xen mainline • Secure Xen on ARM 9 • Para-virtualized Linux and device drivers • Catch up Xen version •Static domain memory • ARM 11 support partition • Xen tools for ARM: interface compatible with Xen-x86 • Power management • Mini-OS Security • Access Control (TE, BLP) • GUI Policy Manager: access • TPM support control • Physical I/O, logical resources • Secure boot/ secure storage
  10. 10. Xen Summit North America 2008 Agenda Secure Xen on ARM: source code release Source Code Overview Source Code Tree ARM Specific Files Modified Common Files New Hypercalls Roadmap Migration for Interface Virtualization Vision Current Status: Demo Appendix
  11. 11. Xen Summit North America 2008 Vision: service/UI migration
  12. 12. Xen Summit North America 2008 Current Status: early stage HW and SW Environments A Reference System for Implementation SW Xen: Secure Xen on ARM, OS: ARM Linux 2.6.11 Video clip (Game) HW (Board A,B) Processor: ARM-9 266Mhz (Freescale i.MX21) ARM- Memory: 64MB NFS is used for sharing root file system Video clip (Movie) Demo Scenarios Suspend guest domain of target board A Check- Check-point data file is saved on USB flash drive (UFD) Resume the guest domain at target board B UFD has a check-point file check- Restore check-point file check- Save check-point file check- Dom1 Dom1 Dom0 Dom0 VMM VMM Device Device Root file system (NFS) * Board A, B are identical.
  13. 13. Xen Summit North America 2008 Thank you! Welcome Xen developers and eco-system eco- companies who are interested in making contributions to Secure Xen on ARM! Contact: Sang-bum Suh Sang- email: sbuk.suh@samsung.com Software Lab, SAIT Samsung Electronics
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×