• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
XS Boston 2008 ARM
 

XS Boston 2008 ARM

on

  • 955 views

Sang-bum Suh: Update of Secure Xen on ARM

Sang-bum Suh: Update of Secure Xen on ARM

Statistics

Views

Total Views
955
Views on SlideShare
955
Embed Views
0

Actions

Likes
0
Downloads
12
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    XS Boston 2008 ARM XS Boston 2008 ARM Presentation Transcript

    • Secure Xen on ARM: Source Code Release and Update Sang- Sang-bum Suh sbuk.suh@samsung.com Software Lab. SAIT, Samsung Electronics June 24, 2008 Xen Summit North America 2008
    • Xen Summit North America 2008 Agenda Secure Xen on ARM: source code release Source Code Overview Source Code Tree ARM Specific Files Modified Common Files New Hypercalls Roadmap Migration for Interface Virtualization Vision Current Status: Demo Appendix
    • Xen Summit North America 2008 Overview Goal Light- Light-weight secure virtualization technology for 3G/4G mobile phone History Secure Xen architecture and Xen on ARM demo presented at Xen Summit April 2007 Secure Xen on ARM demo presented at Xen Summit November 2007 Release of source code: Xen Summit North America 2008 Xen on ARM, the associated Access Control, mini-OS mini- Dom U Dom 0 Application Application Application Application Front- Front-end Drivers Back- Back-end Drivers Access Access Control Control Native Drivers VM Interface VM Interface Access Control Resource Allocator Domain Manager Peripheral Devices CPU System Memory Flash Memory Peripheral Devices Secure Xen on ARM Architecture 1.0
    • Xen Summit North America 2008 Environments HW and SW Environments A Reference System for Implementation SW Xen : Xen-3.0.2 Xen- HW Processor : ARM-9 266Mhz (Freescale i.MX21) ARM- Memory : 64MB Flash : NOR 32MB / NAND 64MB LCD : 3.5 inch Network : CS8900A 10Base-T Ethernet Controller 10Base- For details: http://wiki.xensource.com/xenwiki/XenARM
    • Xen Summit North America 2008 Source Code Tree Samsung newly added about 20,000 loc on Xen 3.0.2 Added codes are for ARM support and security features Some common files are modified for ARM support ARM/Board support files ARM/Board support Header files Security support Header files Mini- Mini-OS for Secure Xen Security support files Samsung’s work
    • Xen Summit North America 2008 ARM Specific Files Path name File name Path name File name Path name uaccess.Sname File xensetup.c xen/arch/arm asm-offsets.s arch_domain.c xen/arch/arm asm-offsets.s xen/arch/arm asm-offsets.s Aci_generator.c asm-offsets.c debug.S cache.c platform.c Acm_hooks.c copypage-v4wb.S start.S core-arm926.S xen/arch/arm/arch-imx21 system.c Acm_integrator.c dma-op.c time.c dom0_ops.c Xen/security/acm Blp.c uart.c domain_build.c Decision_cache.c domain_page.c clearbit.S entry.S delay.S xen/arch/arm/xen flushtlb.c div64.S hypercalls.S findbit.S irq.c getuser.S mm.c lib1funcs.S physdev.c time.c memchr.S tlb-v4wbi.S memcpy.S traps.c memset.S xen/arch/arm/lib xen.lds.S memzero.S xensetup.c muldi3.c Aci_generator.c putuser.S setbit.S Acm_hooks.c strchr.S testchangebit.S Acm_integrator.c testclearbit.S Xen/security/acm Blp.c testsetbit.S * Header files are not shown Decision_cache.c uaccess.S arch_domain.c
    • Xen Summit North America 2008 Modified Common Files Path File name Path File name dom0_ops.c dom0_ops.c io.c elf.c xen-3.0.2/tools/console/daemon main.c (57) event_channel.c utils.c grant_table.c xc_domain.c memory.c xc_evtchn.c xen-3.0.2/common page_alloc.c xc_linux_build.c sched_bvt.c xc_linux_restore.c schedule.c xc_linux_save.c softirq.c xc_load_aout9.c xen-3.0.2/tools/libxc timer.c xc_load_elf.c (1346 lines are modified) xmalloc.c xc_misc.c console.c xc_private.c xen-3.0.2/drivers/char (86) serial.c xenctrl.h acm_ops.h xenguest.h (198) dom0_ops.h xg_private.h event_channel.h xen-3.0.2/tools/python/xen __init__.py xen-3.0.2/include/public grant_table.h xen-3.0.2/tools/python/xen/lowlevel __init__.py sched.h xen-3.0.2/tools/python/xen/sv __init__.py (278) xen.h __init__.py xen-3.0.2/tools/python/xen/util (220) config.h auxbin.py hypercall.h xen-3.0.2/tools/python/xen/web __init__.py iocap.h XendDomainInfo.py xen-3.0.2/tools/python/xen/xend xen-3.0.2/include/xen irq.h XendRoot.py sched.h DevController.py smp.h xen-3.0.2/tools/python/xen/xend/server SrvDaemon.py (138) softirq.h __init__.py (20) (244) __init__.py xen-3.0.2/tools/console/client main.c xen-3.0.2/tools/python/xen/xend/xenstore
    • Xen Summit North America 2008 New Hypercalls We introduce new 8 hypercalls in order to Support ARM architectures Enable new security features Hypercall name Description Restore CPU context stored in guest kernel stack __HYPERVISOR_restore_guest_context Dispatch profiling data __HYPERVISOR_do_print_profile Change foreground domain __HYPERVISOR_do_set_foreground_domain Register HID irq. The HID irq is only delivered to foreground domain select by __HYPERVISOR_do_set_HID_irq __HYPERVISOR_do_set_foreground_domain hypercall Request DMA operations __HYPERVISOR_dma_op Change IRQ type and attributes __HYPERVISOR_set_pirq_type Override native Xen hypercall. User can choose __HYPERVISOR_do_acm_op native or Secure Xen hypercall via menuconfig Manage secure storage data __HYPERVISOR_sra_op
    • Xen Summit North America 2008 Roadmap: release of source code 2008 2009 June ~ 4Q ~ 2Q VMM • Align Xen mainline • Secure Xen on ARM 9 • Para-virtualized Linux and device drivers • Catch up Xen version •Static domain memory • ARM 11 support partition • Xen tools for ARM: interface compatible with Xen-x86 • Power management • Mini-OS Security • Access Control (TE, BLP) • GUI Policy Manager: access • TPM support control • Physical I/O, logical resources • Secure boot/ secure storage
    • Xen Summit North America 2008 Agenda Secure Xen on ARM: source code release Source Code Overview Source Code Tree ARM Specific Files Modified Common Files New Hypercalls Roadmap Migration for Interface Virtualization Vision Current Status: Demo Appendix
    • Xen Summit North America 2008 Vision: service/UI migration
    • Xen Summit North America 2008 Current Status: early stage HW and SW Environments A Reference System for Implementation SW Xen: Secure Xen on ARM, OS: ARM Linux 2.6.11 Video clip (Game) HW (Board A,B) Processor: ARM-9 266Mhz (Freescale i.MX21) ARM- Memory: 64MB NFS is used for sharing root file system Video clip (Movie) Demo Scenarios Suspend guest domain of target board A Check- Check-point data file is saved on USB flash drive (UFD) Resume the guest domain at target board B UFD has a check-point file check- Restore check-point file check- Save check-point file check- Dom1 Dom1 Dom0 Dom0 VMM VMM Device Device Root file system (NFS) * Board A, B are identical.
    • Xen Summit North America 2008 Thank you! Welcome Xen developers and eco-system eco- companies who are interested in making contributions to Secure Xen on ARM! Contact: Sang-bum Suh Sang- email: sbuk.suh@samsung.com Software Lab, SAIT Samsung Electronics