SlideShare a Scribd company logo

How to enable AMD IOMMU in coreboot?

Piotr Król
Piotr Król

The idea for this talk born from fascination about the philosophy behind QubesOS, OpenXT and ViryaOS. The underlying technology for those OSes is Xen. Xen is a well-known project under the Linux Foundation umbrella, but what is most interesting in it from open source firmware perspective are high-end virtualization features like: * DMA protection * PCI pass-through * Interrupt remapping * SR-IOV * TPM and vTPM * others With automotive market hypervisors slowly move into embedded space, what means underlying firmware will have to expose right infrastructure to provide initial configuration and security. Most features have to be configured and exposed in a well-defined way by firmware. IOMMU is the system component that some of the mentioned features rely on. As maintainers of PC Engines apuX platforms, we decided to work on AMD IOMMU enabling to create right infrastructure for hypervisors and operating systems. In this presentation we want to: * explain features of AMD IOMMU * present recommended methods of AMD IOMMU enabling * demonstrate current status of our work * discuss future user needs and implementation plans

Technology
1 of 42
Download to read offline
How to enable AMD IOMMU in coreboot OSFC 2018 Piotr Król 1 / 42
Introduction Motivation What is IOMMU and why we may need it? AMD IOMMU features ACPI tables brief explanation Implementation state Broken IVRS from AGESA Initial patches Current state and further work Summary Agenda 2 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
PC Engines platforms maintainer interested in: advanced hardware and firmware features security and updateability @pietrushnic piotr.krol@3mdeb.com linkedin.com/in/krolpiotr facebook.com/piotr.krol.756859 Piotr Król Founder & Embedded Systems Consultant Introduction 3 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Fascination with security-focused OSes - QubesOS - personal computing - OpenXT - critical infrastructure - ViryaOS - automotive Customer requests - isolation of user facing web from rest of the system - separation of NICs for different purposes Community work - virtualized firewalls (pfSense, OPNSense, IPfire) - Proxmox - CoreOS - KVM Motivation 4 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
MMU DMA Virtualization IOMMU Short terminology intro 5 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
MMU (Memory Management Unit) virtual memory management memory protection cache control bus arbitration MMU 6 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
System bus CPU DMA controller IO controller Main memory Address Count Control 1. Program DMA controller 2. DMA request transfer to memory 3. Data transfer 4. ACK Interrupt when finished DMA (Direct Memory Access) provide performance optimization for IO reads and writes DMA 7 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
System Hardware Type 1 hypervisor (e.g. Xen) Guest OS (Linux) ... System Hardware Host OS (Windows, Linux, ...) Type 2 hypervisor (KVM) ... Guest OS (Linux) Host OS process Virtualization 8 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
IOTLB is TLB for IO devices TLB is cache of entries that matching virtual address to physical address there 2 important things about TLB: when match was found in TLB (hit) - we're good when it was not found (miss) - things complicate little bit and behavior may be platform depending Wikipedia IOTLB 9 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
I/O Memory Management Unit (IOMMU): MMU for I/O devices most important features: hardware enforced memory protection - security virtual address translation for DMA - performance interrupts remapping and virtualization - performance page table sharing - e.g. graphics performance PCI passthrough - security and performance Device addresses Virtual addresses Main Memory Physical addresses IOMMU MMU CPUDevice Wikipedia IOMMU 10 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU Space allocated for DMA Arbitrary memory region DMA attack 11 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU Space allocated for DMA Arbitrary memory region DMA attack 12 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU 1. Virtual address Space allocated for DMA Arbitrary memory region DMA attack 13 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU 1. Virtual address 2. Protection checks Space allocated for DMA Arbitrary memory region DMA attack 14 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address Space allocated for DMA Arbitrary memory region DMA attack 15 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup Space allocated for DMA Arbitrary memory region DMA attack 16 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup 5. DMA Request /ACK Space allocated for DMA Arbitrary memory region DMA attack 17 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup 5. DMA Request /ACK Space allocated for DMA Arbitrary memory region 6. Physical address DMA attack 18 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup 5. DMA Request /ACK Space allocated for DMA Arbitrary memory region 7. Physical address 6. Physical address DMA attack 19 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup 5. DMA Request /ACK Space allocated for DMA Arbitrary memory region 7. Physical address 6. Physical address IOMMU can be initiated by malicious device buggy device driver hardware enforced memory protection mitigate DMA attacks - its one of main functions of IOMMU DMA attack 20 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
each guest need access to interrupt controller for IPI and device interrupts high rate of device and interprocessor interrupts may cause significant overhead IOMMU accelerates delivery of virtual interrupts from I/O devices to virtual processor virtualized interrupts are delivered to VM without hypervisor intervention CPU and IOMMU maintain interrupt state in Guest Virtual APIC table Interrupt remapping and virtualization 21 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Virtual address translation for DMA - this is for guest operating systems under hypervisor control, if guest OS want to perform DMA operation for given device, this operation needs continuous supervision of hypervisor, what cause big overhead (even 30%), having IOMMU gives ability to program DMA operation once and make it work without performance overhead Page tables sharing - if 2 or more devices can use the same physical memory, what essentially means both can use VA which translate to the same PA, then it can simplify programming, IOMMU gives that ability PCI passthrough - using mentioned features we can assign given hardware (example NIC) to one VM and do not give access to that hardware to anything else, that means PCI passthrough, performance of this device should be not much different then real hardware IOMMU features 22 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
AMD I/O Virtualization Technology (IOMMU) Specification AMD IOMMU 23 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
All AMD IOMMU implementations support basic features device virtual to physical address translation interrupt remapping access permission checking Extended features are described through IOMMU Extended Feature Register (EFRSup) AMD I/O Virtualization Technology (IOMMU) Specification AMD IOMMU features 24 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
AMD IOMMU spec mention 28 software-visible features Base support: I/O Page Tables for Host Translations, Interrupt Remapping Capabilities header: EFRSup enable/disable, IotlbSup enable/disable EFRSup: all other features not enough time to present all, but we will mention most interesting ones SMI Filter intercept unexpected SMIs blocks or defers suspected SMI sources Guest Page Table NX and Access Protection works the same as usual protection but applied to I/O initiated by device Memory Address Routing and Control (MARC) give device ability to bypass IOMMU for low-latency needs AMD IOMMU extended features 25 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Disable IOMMU simply pass whole traffic Enabled IOMMU intercepts traffic from downstream devices perform permission checks translate addresses on the request send translated to system memory IOMMU reads 3 tables to perform above functions permission checks table address translation table interrupt remapping table all tables are cached and it is software responsibility to invalidate cache when configuration changes IOMMU detects following events and log them in system memory IOMMU event responses - all IOMMU responses are logged I/O Page Faults - e.g. lack of permissions, page not present Memory Access Errors - e.g. uncorrectable ECC errors Basic operation 26 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
there is no way one system can utilize all features and options it is recommended that: IOMMU initialization is performed by firmware - system software/hypervisor should face configured IOMMU firmware should describe IOMMU in dedicated ACPI tables firmware must preserve or restore IOMMU configuration across power management state transition IOMMU configuration should be performed as early as possible ACPI tables creation have to be done after PCI enumeration Implementation consideration 27 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
AMD ACPI tables 28 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
March 2016 -Initial work published by Kyösti Mälkki relied on AGESA returned values custom IVRS patching single isolation domain not stable across reboots June 2016 - Independent implementation by Timothy Pearson from Raptor Engineering deeply nested and recursive code quite a lot of hard coded values IVHD Type 10 used Both implementation had its own problems, but without above work we would not be able to move forward, so thanks to initial authors June 2018 - patches picked by 3mdeb based on combined work - some values came from AGESA and some came from hand-crafted ACPI tables tested under Xen 4.8 and Debian with 4.14.y Dom0 Implementation history 29 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Code path src/include/device/pci_ids.h src/mainboard/pcengines/apu2/variants/apu{2,3,4,5}/devicetree.cb src/northbridge/amd/pi/00730F01/Makefile.inc src/northbridge/amd/pi/00730F01/iommu.c src/northbridge/amd/pi/00730F01/northbridge.c src/northbridge/amd/pi/agesawrapper.c 9 files changed, 326 insertions(+), 17 deletions(-) IOMMU PCI ID Enable IOMMU Add IOMMU driver compilation Basic IOMMU driver Key changes (IVRS ACPI table) Correct AGESA init Implementation 30 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
static struct boot_state boot_states[] = { BS_INIT_ENTRY(BS_PRE_DEVICE, bs_pre_device), BS_INIT_ENTRY(BS_DEV_INIT_CHIPS, bs_dev_init_chips), BS_INIT_ENTRY(BS_DEV_ENUMERATE, bs_dev_enumerate), BS_INIT_ENTRY(BS_DEV_RESOURCES, bs_dev_resources), BS_INIT_ENTRY(BS_DEV_ENABLE, bs_dev_enable), BS_INIT_ENTRY(BS_DEV_INIT, bs_dev_init), BS_INIT_ENTRY(BS_POST_DEVICE, bs_post_device), BS_INIT_ENTRY(BS_OS_RESUME_CHECK, bs_os_resume_check), BS_INIT_ENTRY(BS_OS_RESUME, bs_os_resume), BS_INIT_ENTRY(BS_WRITE_TABLES, bs_write_tables), <- HERE BS_INIT_ENTRY(BS_PAYLOAD_LOAD, bs_payload_load), BS_INIT_ENTRY(BS_PAYLOAD_BOOT, bs_payload_boot), }; bs_write_tables - src/lib/hardwaremain.c -> write_tables - src/lib/coreboot_table.c -> arch_write_tables - src/arch/x86/tables.c -> write_acpi_table - src/arch/x86/acpi.c -> write_acpi_tables (aka agesa_write_acpi_tables) - src/northbridge/amd/pi/00730F01/northbridge.c Call stack 31 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Broken IVRS from AGESA 32 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
install Xen or boot over PXE setup selected device for PCI passthrough modprobe xen-pciback xl pci-assignable-add 02:00.0 after above operations device should not be visible from dom0 create Xen HVM guest config for installation purposes and perform OS installation in VM boot VM and verify lspci How to test IOMMU on Xen? 33 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
How to test IOMMU on Xen? 34 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
name = "debian-9.5.0" builder = "hvm" vcpus = 2 memory = 2048 pci = [ '02:00.0' ] disk=[ '/root/debian-9.5.0-amd64-netinst.iso,,hdc,cdrom', '/dev/vg0/debian,,hdb,rw' ] vnc=1 vnclisten='apu2_ip_addr' boot='d' Sample Xen config 35 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Xen 4.8 Debian stretch Linux 4.14.59 - requires well-crafted kernel with all Xen requirements filled pfSense HVM guest iperf Detailed configuration you can find in blog post "pfSense as HVM guest on PC Engines apu2" on 3mdeb website. Xen PCI passthrough 36 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Passthrough in VM Server (speedtest-venv) root@apu2:~# iperf -s -B 192.168.3.101 ------------------------------------------------------------ Server listening on TCP port 5001 Binding to local address 192.168.3.101 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4 ] local 192.168.3.101 port 5001 connected with 192.168.3.102 port 34004 [ ID ] Interval Transfer Bandwidth [ 4 ] 0.0-10.0 sec 1.10 GBytes 941 Mbits/sec Xen PCI passthrough performance 37 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
DMA attack protection verification is not trivial after consulting PCILeech maintainer we are in process of using PCIeScreamer to exercise PC Engines and test it against DMA attacks Google fuzzed Intel VT-d to check if it correctly protect memory, but no details about tools and methodology maybe good idea for next talk DMA attack 38 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
PCI pass through tested on Debian and pfSense performance prove that feature works correctly there were no longevity testing sporadic hangs in Xen hypervisor (XEN) CPU1: No irq handler for vector e7 (IRQ -2147483648) (XEN) CPU2: No irq handler for vector e7 (IRQ -2147483648) we are not sure what are the correct IOMMU setting - there are lot of them and correct configuration should be enforced as soon as possible there are still bugs that can cause problems Current state 39 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
AMD I/O Virtualization Technology (IOMMU) Specification - 48882 Rev 3.00 December 2016 AMD64 Architecture Programmer’s Manual Volume 2: System Programming - 24593 Rev 3.29 December 2017 References 40 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
binary blobs are bad and working around defects they may introduce is time consuming Future work stabilize the code and merge mainline enable and verify advanced IOMMU features GPU passthrough (?) prove that AMD IOMMU protects against DMA attacks "towards reasonably secure" router/IoT gateway Summary 41 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
Q&A 42 / 42 OSFC 2018 CC BY 4.0 | Piotr Król

Recommended

Hardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsHardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsThe Linux Foundation
 
Day1
Day1Day1
Day1محمدعبد الحى
 
I2C Drivers
I2C DriversI2C Drivers
I2C DriversSysPlay eLearning Academy for You
 
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_Architecture
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_ArchitectureARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_Architecture
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_ArchitectureRaahul Raghavan
 
Spike yuan server ras and uefi cper final
Spike yuan server ras and uefi cper finalSpike yuan server ras and uefi cper final
Spike yuan server ras and uefi cper finalparth bera
 
ARM® Cortex M Boot & CMSIS Part 1-3
ARM® Cortex M Boot & CMSIS Part 1-3ARM® Cortex M Boot & CMSIS Part 1-3
ARM® Cortex M Boot & CMSIS Part 1-3Raahul Raghavan
 
Embedded Applications
Embedded ApplicationsEmbedded Applications
Embedded ApplicationsAnil Kumar Pugalia
 
SPI Drivers
SPI DriversSPI Drivers
SPI DriversSysPlay eLearning Academy for You
 

Recommended

Hardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsHardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsThe Linux Foundation
 
Day1
Day1Day1
Day1محمدعبد الحى
 
I2C Drivers
I2C DriversI2C Drivers
I2C DriversSysPlay eLearning Academy for You
 
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_Architecture
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_ArchitectureARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_Architecture
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_ArchitectureRaahul Raghavan
 
Spike yuan server ras and uefi cper final
Spike yuan server ras and uefi cper finalSpike yuan server ras and uefi cper final
Spike yuan server ras and uefi cper finalparth bera
 
ARM® Cortex M Boot & CMSIS Part 1-3
ARM® Cortex M Boot & CMSIS Part 1-3ARM® Cortex M Boot & CMSIS Part 1-3
ARM® Cortex M Boot & CMSIS Part 1-3Raahul Raghavan
 
Embedded Applications
Embedded ApplicationsEmbedded Applications
Embedded ApplicationsAnil Kumar Pugalia
 
SPI Drivers
SPI DriversSPI Drivers
SPI DriversSysPlay eLearning Academy for You
 
Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible DefconRussia
 
1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC
1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC 1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC
1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC IEEE SSCS AlexSC
 
SPI Drivers
SPI DriversSPI Drivers
SPI DriversSysPlay eLearning Academy for You
 
ARM® Cortex™ M Energy Optimization - Using Instruction Cache
ARM® Cortex™ M Energy Optimization - Using Instruction CacheARM® Cortex™ M Energy Optimization - Using Instruction Cache
ARM® Cortex™ M Energy Optimization - Using Instruction CacheRaahul Raghavan
 
OSDC 2010 | The Power of IPMI by Werner Fischer
OSDC 2010 | The Power of IPMI by Werner FischerOSDC 2010 | The Power of IPMI by Werner Fischer
OSDC 2010 | The Power of IPMI by Werner FischerNETWAYS
 
ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3Raahul Raghavan
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
 
Linux Porting
Linux PortingLinux Porting
Linux PortingAnil Kumar Pugalia
 
Device Revisions Management - Best Practices
Device Revisions Management - Best PracticesDevice Revisions Management - Best Practices
Device Revisions Management - Best PracticesEmerson Exchange
 
DeltaV Virtualization
DeltaV VirtualizationDeltaV Virtualization
DeltaV VirtualizationEmerson Exchange
 
HKG18-116 - RAS Solutions for Arm64 Servers
HKG18-116 - RAS Solutions for Arm64 ServersHKG18-116 - RAS Solutions for Arm64 Servers
HKG18-116 - RAS Solutions for Arm64 ServersLinaro
 
AAME ARM Techcon2013 001v02 Architecture and Programmer's model
AAME ARM Techcon2013 001v02 Architecture and Programmer's modelAAME ARM Techcon2013 001v02 Architecture and Programmer's model
AAME ARM Techcon2013 001v02 Architecture and Programmer's modelAnh Dung NGUYEN
 
2015.1.5 os.server.keyterms
2015.1.5 os.server.keyterms2015.1.5 os.server.keyterms
2015.1.5 os.server.keytermsChung-Hsiang Ofa Hsueh
 
Computer System Architecture Lecture Note 1: introduction
Computer System Architecture Lecture Note 1: introductionComputer System Architecture Lecture Note 1: introduction
Computer System Architecture Lecture Note 1: introductionBudditha Hettige
 
OPC .NET 3.0 Simplifies Client Access to DeltaV
OPC .NET 3.0 Simplifies Client Access to DeltaVOPC .NET 3.0 Simplifies Client Access to DeltaV
OPC .NET 3.0 Simplifies Client Access to DeltaVEmerson Exchange
 
IMS12 ims performance tools
IMS12 ims performance toolsIMS12 ims performance tools
IMS12 ims performance toolsRobert Hain
 
Linux DMA Engine
Linux DMA EngineLinux DMA Engine
Linux DMA EngineSysPlay eLearning Academy for You
 
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeVisão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeAnderson Bassani
 
An Essential Relationship between Real-time and Resource Partitioning
An Essential Relationship between Real-time and Resource PartitioningAn Essential Relationship between Real-time and Resource Partitioning
An Essential Relationship between Real-time and Resource PartitioningYoshitake Kobayashi
 
Embedded system
Embedded systemEmbedded system
Embedded systemzdyhit
 
Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...
Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...
Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...Ingria. Technopark St. Petersburg
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016Kuniyasu Suzaki
 

More Related Content

What's hot

Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible DefconRussia
 
1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC
1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC 1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC
1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC IEEE SSCS AlexSC
 
ARM® Cortex™ M Energy Optimization - Using Instruction Cache
ARM® Cortex™ M Energy Optimization - Using Instruction CacheARM® Cortex™ M Energy Optimization - Using Instruction Cache
ARM® Cortex™ M Energy Optimization - Using Instruction CacheRaahul Raghavan
 
OSDC 2010 | The Power of IPMI by Werner Fischer
OSDC 2010 | The Power of IPMI by Werner FischerOSDC 2010 | The Power of IPMI by Werner Fischer
OSDC 2010 | The Power of IPMI by Werner FischerNETWAYS
 
ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3Raahul Raghavan
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
 
Device Revisions Management - Best Practices
Device Revisions Management - Best PracticesDevice Revisions Management - Best Practices
Device Revisions Management - Best PracticesEmerson Exchange
 
HKG18-116 - RAS Solutions for Arm64 Servers
HKG18-116 - RAS Solutions for Arm64 ServersHKG18-116 - RAS Solutions for Arm64 Servers
HKG18-116 - RAS Solutions for Arm64 ServersLinaro
 
AAME ARM Techcon2013 001v02 Architecture and Programmer's model
AAME ARM Techcon2013 001v02 Architecture and Programmer's modelAAME ARM Techcon2013 001v02 Architecture and Programmer's model
AAME ARM Techcon2013 001v02 Architecture and Programmer's modelAnh Dung NGUYEN
 
Computer System Architecture Lecture Note 1: introduction
Computer System Architecture Lecture Note 1: introductionComputer System Architecture Lecture Note 1: introduction
Computer System Architecture Lecture Note 1: introductionBudditha Hettige
 
OPC .NET 3.0 Simplifies Client Access to DeltaV
OPC .NET 3.0 Simplifies Client Access to DeltaVOPC .NET 3.0 Simplifies Client Access to DeltaV
OPC .NET 3.0 Simplifies Client Access to DeltaVEmerson Exchange
 
IMS12 ims performance tools
IMS12 ims performance toolsIMS12 ims performance tools
IMS12 ims performance toolsRobert Hain
 

What's hot (17)

Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible
 
1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC
1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC 1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC
1: Interfacing using ARM Cortex M4 || IEEE SSCS AlexSC
 
SPI Drivers
SPI DriversSPI Drivers
SPI Drivers
 
ARM® Cortex™ M Energy Optimization - Using Instruction Cache
ARM® Cortex™ M Energy Optimization - Using Instruction CacheARM® Cortex™ M Energy Optimization - Using Instruction Cache
ARM® Cortex™ M Energy Optimization - Using Instruction Cache
 
OSDC 2010 | The Power of IPMI by Werner Fischer
OSDC 2010 | The Power of IPMI by Werner FischerOSDC 2010 | The Power of IPMI by Werner Fischer
OSDC 2010 | The Power of IPMI by Werner Fischer
 
ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
 
Linux Porting
Linux PortingLinux Porting
Linux Porting
 
Device Revisions Management - Best Practices
Device Revisions Management - Best PracticesDevice Revisions Management - Best Practices
Device Revisions Management - Best Practices
 
DeltaV Virtualization
DeltaV VirtualizationDeltaV Virtualization
DeltaV Virtualization
 
HKG18-116 - RAS Solutions for Arm64 Servers
HKG18-116 - RAS Solutions for Arm64 ServersHKG18-116 - RAS Solutions for Arm64 Servers
HKG18-116 - RAS Solutions for Arm64 Servers
 
AAME ARM Techcon2013 001v02 Architecture and Programmer's model
AAME ARM Techcon2013 001v02 Architecture and Programmer's modelAAME ARM Techcon2013 001v02 Architecture and Programmer's model
AAME ARM Techcon2013 001v02 Architecture and Programmer's model
 
2015.1.5 os.server.keyterms
2015.1.5 os.server.keyterms2015.1.5 os.server.keyterms
2015.1.5 os.server.keyterms
 
Computer System Architecture Lecture Note 1: introduction
Computer System Architecture Lecture Note 1: introductionComputer System Architecture Lecture Note 1: introduction
Computer System Architecture Lecture Note 1: introduction
 
OPC .NET 3.0 Simplifies Client Access to DeltaV
OPC .NET 3.0 Simplifies Client Access to DeltaVOPC .NET 3.0 Simplifies Client Access to DeltaV
OPC .NET 3.0 Simplifies Client Access to DeltaV
 
IMS12 ims performance tools
IMS12 ims performance toolsIMS12 ims performance tools
IMS12 ims performance tools
 
Linux DMA Engine
Linux DMA EngineLinux DMA Engine
Linux DMA Engine
 

Similar to How to enable AMD IOMMU in coreboot?

Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeVisão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeAnderson Bassani
 
An Essential Relationship between Real-time and Resource Partitioning
An Essential Relationship between Real-time and Resource PartitioningAn Essential Relationship between Real-time and Resource Partitioning
An Essential Relationship between Real-time and Resource PartitioningYoshitake Kobayashi
 
Embedded system
Embedded systemEmbedded system
Embedded systemzdyhit
 
Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...
Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...
Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...Ingria. Technopark St. Petersburg
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016Kuniyasu Suzaki
 
Reliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on LinuxReliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on LinuxSamsung Open Source Group
 
2014/09/02 Cisco UCS HPC @ ANL
2014/09/02 Cisco UCS HPC @ ANL2014/09/02 Cisco UCS HPC @ ANL
2014/09/02 Cisco UCS HPC @ ANLdgoodell
 
BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017Kuniyasu Suzaki
 
S-RTM for Qubes OS VMs
S-RTM for Qubes OS VMsS-RTM for Qubes OS VMs
S-RTM for Qubes OS VMsPiotr Król
 
Supermicro’s Universal GPU: Modular, Standards Based and Built for the Future
Supermicro’s Universal GPU: Modular, Standards Based and Built for the FutureSupermicro’s Universal GPU: Modular, Standards Based and Built for the Future
Supermicro’s Universal GPU: Modular, Standards Based and Built for the FutureRebekah Rodriguez
 
TI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBootTI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBootandrewmurraympc
 
RAD Industrial Automation, Labs, and Instrumentation
RAD Industrial Automation, Labs, and InstrumentationRAD Industrial Automation, Labs, and Instrumentation
RAD Industrial Automation, Labs, and InstrumentationEmbarcadero Technologies
 
System_on_Chip_SOC.ppt
System_on_Chip_SOC.pptSystem_on_Chip_SOC.ppt
System_on_Chip_SOC.pptzahixdd
 
LF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK
 
directCell - Cell/B.E. tightly coupled via PCI Express
directCell - Cell/B.E. tightly coupled via PCI ExpressdirectCell - Cell/B.E. tightly coupled via PCI Express
directCell - Cell/B.E. tightly coupled via PCI ExpressHeiko Joerg Schick
 
Ec8791 unit 5 processes and operating systems
Ec8791 unit 5 processes and operating systemsEc8791 unit 5 processes and operating systems
Ec8791 unit 5 processes and operating systemsRajalakshmiSermadurai
 
Time is ready for the Civil Infrastructure Platform
Time is ready for the Civil Infrastructure PlatformTime is ready for the Civil Infrastructure Platform
Time is ready for the Civil Infrastructure PlatformYoshitake Kobayashi
 
Acpi and smi handlers some limits to trusted computing
Acpi and smi handlers some limits to trusted computingAcpi and smi handlers some limits to trusted computing
Acpi and smi handlers some limits to trusted computingUltraUploader
 

Similar to How to enable AMD IOMMU in coreboot? (20)

Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeVisão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
 
An Essential Relationship between Real-time and Resource Partitioning
An Essential Relationship between Real-time and Resource PartitioningAn Essential Relationship between Real-time and Resource Partitioning
An Essential Relationship between Real-time and Resource Partitioning
 
Embedded system
Embedded systemEmbedded system
Embedded system
 
Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...
Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...
Вадим Сухомлинов _Платформы Intel(r) Atom(tm) – новые возможности для социаль...
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016
 
Reliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on LinuxReliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on Linux
 
2014/09/02 Cisco UCS HPC @ ANL
2014/09/02 Cisco UCS HPC @ ANL2014/09/02 Cisco UCS HPC @ ANL
2014/09/02 Cisco UCS HPC @ ANL
 
BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017
 
S-RTM for Qubes OS VMs
S-RTM for Qubes OS VMsS-RTM for Qubes OS VMs
S-RTM for Qubes OS VMs
 
Supermicro’s Universal GPU: Modular, Standards Based and Built for the Future
Supermicro’s Universal GPU: Modular, Standards Based and Built for the FutureSupermicro’s Universal GPU: Modular, Standards Based and Built for the Future
Supermicro’s Universal GPU: Modular, Standards Based and Built for the Future
 
TI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBootTI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBoot
 
RAD Industrial Automation, Labs, and Instrumentation
RAD Industrial Automation, Labs, and InstrumentationRAD Industrial Automation, Labs, and Instrumentation
RAD Industrial Automation, Labs, and Instrumentation
 
System_on_Chip_SOC.ppt
System_on_Chip_SOC.pptSystem_on_Chip_SOC.ppt
System_on_Chip_SOC.ppt
 
CCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukarCCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukar
 
LF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IO
 
ucOS
ucOSucOS
ucOS
 
directCell - Cell/B.E. tightly coupled via PCI Express
directCell - Cell/B.E. tightly coupled via PCI ExpressdirectCell - Cell/B.E. tightly coupled via PCI Express
directCell - Cell/B.E. tightly coupled via PCI Express
 
Ec8791 unit 5 processes and operating systems
Ec8791 unit 5 processes and operating systemsEc8791 unit 5 processes and operating systems
Ec8791 unit 5 processes and operating systems
 
Time is ready for the Civil Infrastructure Platform
Time is ready for the Civil Infrastructure PlatformTime is ready for the Civil Infrastructure Platform
Time is ready for the Civil Infrastructure Platform
 
Acpi and smi handlers some limits to trusted computing
Acpi and smi handlers some limits to trusted computingAcpi and smi handlers some limits to trusted computing
Acpi and smi handlers some limits to trusted computing
 

More from Piotr Król

D-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsD-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsPiotr Król
 
Qubes hardware certification
Qubes hardware certificationQubes hardware certification
Qubes hardware certificationPiotr Król
 
Qubes OS and TPM 2.0
Qubes OS and TPM 2.0Qubes OS and TPM 2.0
Qubes OS and TPM 2.0Piotr Król
 
Lightning talks - Qubes OS and 3mdeb "minisummit" 2019
Lightning talks - Qubes OS and 3mdeb "minisummit" 2019Lightning talks - Qubes OS and 3mdeb "minisummit" 2019
Lightning talks - Qubes OS and 3mdeb "minisummit" 2019Piotr Król
 
Status of AEM for Intel and AMD
Status of AEM for Intel and AMDStatus of AEM for Intel and AMD
Status of AEM for Intel and AMDPiotr Król
 
RTE v1.0.0 specification
RTE v1.0.0 specificationRTE v1.0.0 specification
RTE v1.0.0 specificationPiotr Król
 
BITS and CHIPSEC as coreboot payloads
BITS and CHIPSEC as coreboot payloadsBITS and CHIPSEC as coreboot payloads
BITS and CHIPSEC as coreboot payloadsPiotr Król
 
Enabling TPM 2.0 on coreboot based devices
Enabling TPM 2.0 on coreboot based devicesEnabling TPM 2.0 on coreboot based devices
Enabling TPM 2.0 on coreboot based devicesPiotr Król
 
Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"
Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"
Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"Piotr Król
 
How to build IoT solution using cloud infrastructure?
How to build IoT solution using cloud infrastructure?How to build IoT solution using cloud infrastructure?
How to build IoT solution using cloud infrastructure?Piotr Król
 

More from Piotr Król (10)

D-RTM for Qubes OS VMs
D-RTM for Qubes OS VMsD-RTM for Qubes OS VMs
D-RTM for Qubes OS VMs
 
Qubes hardware certification
Qubes hardware certificationQubes hardware certification
Qubes hardware certification
 
Qubes OS and TPM 2.0
Qubes OS and TPM 2.0Qubes OS and TPM 2.0
Qubes OS and TPM 2.0
 
Lightning talks - Qubes OS and 3mdeb "minisummit" 2019
Lightning talks - Qubes OS and 3mdeb "minisummit" 2019Lightning talks - Qubes OS and 3mdeb "minisummit" 2019
Lightning talks - Qubes OS and 3mdeb "minisummit" 2019
 
Status of AEM for Intel and AMD
Status of AEM for Intel and AMDStatus of AEM for Intel and AMD
Status of AEM for Intel and AMD
 
RTE v1.0.0 specification
RTE v1.0.0 specificationRTE v1.0.0 specification
RTE v1.0.0 specification
 
BITS and CHIPSEC as coreboot payloads
BITS and CHIPSEC as coreboot payloadsBITS and CHIPSEC as coreboot payloads
BITS and CHIPSEC as coreboot payloads
 
Enabling TPM 2.0 on coreboot based devices
Enabling TPM 2.0 on coreboot based devicesEnabling TPM 2.0 on coreboot based devices
Enabling TPM 2.0 on coreboot based devices
 
Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"
Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"
Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"
 
How to build IoT solution using cloud infrastructure?
How to build IoT solution using cloud infrastructure?How to build IoT solution using cloud infrastructure?
How to build IoT solution using cloud infrastructure?
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

How to enable AMD IOMMU in coreboot?

  • 1. How to enable AMD IOMMU in coreboot OSFC 2018 Piotr Król 1 / 42
  • 2. Introduction Motivation What is IOMMU and why we may need it? AMD IOMMU features ACPI tables brief explanation Implementation state Broken IVRS from AGESA Initial patches Current state and further work Summary Agenda 2 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 3. PC Engines platforms maintainer interested in: advanced hardware and firmware features security and updateability @pietrushnic piotr.krol@3mdeb.com linkedin.com/in/krolpiotr facebook.com/piotr.krol.756859 Piotr Król Founder & Embedded Systems Consultant Introduction 3 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 4. Fascination with security-focused OSes - QubesOS - personal computing - OpenXT - critical infrastructure - ViryaOS - automotive Customer requests - isolation of user facing web from rest of the system - separation of NICs for different purposes Community work - virtualized firewalls (pfSense, OPNSense, IPfire) - Proxmox - CoreOS - KVM Motivation 4 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 5. MMU DMA Virtualization IOMMU Short terminology intro 5 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 6. MMU (Memory Management Unit) virtual memory management memory protection cache control bus arbitration MMU 6 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 7. System bus CPU DMA controller IO controller Main memory Address Count Control 1. Program DMA controller 2. DMA request transfer to memory 3. Data transfer 4. ACK Interrupt when finished DMA (Direct Memory Access) provide performance optimization for IO reads and writes DMA 7 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 8. System Hardware Type 1 hypervisor (e.g. Xen) Guest OS (Linux) ... System Hardware Host OS (Windows, Linux, ...) Type 2 hypervisor (KVM) ... Guest OS (Linux) Host OS process Virtualization 8 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 9. IOTLB is TLB for IO devices TLB is cache of entries that matching virtual address to physical address there 2 important things about TLB: when match was found in TLB (hit) - we're good when it was not found (miss) - things complicate little bit and behavior may be platform depending Wikipedia IOTLB 9 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 10. I/O Memory Management Unit (IOMMU): MMU for I/O devices most important features: hardware enforced memory protection - security virtual address translation for DMA - performance interrupts remapping and virtualization - performance page table sharing - e.g. graphics performance PCI passthrough - security and performance Device addresses Virtual addresses Main Memory Physical addresses IOMMU MMU CPUDevice Wikipedia IOMMU 10 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 11. Main Memory Device CPU MMU Space allocated for DMA Arbitrary memory region DMA attack 11 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 12. Main Memory Device CPU MMU Space allocated for DMA Arbitrary memory region DMA attack 12 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 13. Main Memory Device CPU MMU 1. Virtual address Space allocated for DMA Arbitrary memory region DMA attack 13 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 14. Main Memory Device CPU MMU 1. Virtual address 2. Protection checks Space allocated for DMA Arbitrary memory region DMA attack 14 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 15. Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address Space allocated for DMA Arbitrary memory region DMA attack 15 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 16. Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup Space allocated for DMA Arbitrary memory region DMA attack 16 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 17. Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup 5. DMA Request /ACK Space allocated for DMA Arbitrary memory region DMA attack 17 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 18. Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup 5. DMA Request /ACK Space allocated for DMA Arbitrary memory region 6. Physical address DMA attack 18 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 19. Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup 5. DMA Request /ACK Space allocated for DMA Arbitrary memory region 7. Physical address 6. Physical address DMA attack 19 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 20. Main Memory Device CPU MMU 1. Virtual address 2. Protection checks 3. Physical address 4. DMA Setup 5. DMA Request /ACK Space allocated for DMA Arbitrary memory region 7. Physical address 6. Physical address IOMMU can be initiated by malicious device buggy device driver hardware enforced memory protection mitigate DMA attacks - its one of main functions of IOMMU DMA attack 20 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 21. each guest need access to interrupt controller for IPI and device interrupts high rate of device and interprocessor interrupts may cause significant overhead IOMMU accelerates delivery of virtual interrupts from I/O devices to virtual processor virtualized interrupts are delivered to VM without hypervisor intervention CPU and IOMMU maintain interrupt state in Guest Virtual APIC table Interrupt remapping and virtualization 21 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 22. Virtual address translation for DMA - this is for guest operating systems under hypervisor control, if guest OS want to perform DMA operation for given device, this operation needs continuous supervision of hypervisor, what cause big overhead (even 30%), having IOMMU gives ability to program DMA operation once and make it work without performance overhead Page tables sharing - if 2 or more devices can use the same physical memory, what essentially means both can use VA which translate to the same PA, then it can simplify programming, IOMMU gives that ability PCI passthrough - using mentioned features we can assign given hardware (example NIC) to one VM and do not give access to that hardware to anything else, that means PCI passthrough, performance of this device should be not much different then real hardware IOMMU features 22 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 23. AMD I/O Virtualization Technology (IOMMU) Specification AMD IOMMU 23 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 24. All AMD IOMMU implementations support basic features device virtual to physical address translation interrupt remapping access permission checking Extended features are described through IOMMU Extended Feature Register (EFRSup) AMD I/O Virtualization Technology (IOMMU) Specification AMD IOMMU features 24 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 25. AMD IOMMU spec mention 28 software-visible features Base support: I/O Page Tables for Host Translations, Interrupt Remapping Capabilities header: EFRSup enable/disable, IotlbSup enable/disable EFRSup: all other features not enough time to present all, but we will mention most interesting ones SMI Filter intercept unexpected SMIs blocks or defers suspected SMI sources Guest Page Table NX and Access Protection works the same as usual protection but applied to I/O initiated by device Memory Address Routing and Control (MARC) give device ability to bypass IOMMU for low-latency needs AMD IOMMU extended features 25 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 26. Disable IOMMU simply pass whole traffic Enabled IOMMU intercepts traffic from downstream devices perform permission checks translate addresses on the request send translated to system memory IOMMU reads 3 tables to perform above functions permission checks table address translation table interrupt remapping table all tables are cached and it is software responsibility to invalidate cache when configuration changes IOMMU detects following events and log them in system memory IOMMU event responses - all IOMMU responses are logged I/O Page Faults - e.g. lack of permissions, page not present Memory Access Errors - e.g. uncorrectable ECC errors Basic operation 26 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 27. there is no way one system can utilize all features and options it is recommended that: IOMMU initialization is performed by firmware - system software/hypervisor should face configured IOMMU firmware should describe IOMMU in dedicated ACPI tables firmware must preserve or restore IOMMU configuration across power management state transition IOMMU configuration should be performed as early as possible ACPI tables creation have to be done after PCI enumeration Implementation consideration 27 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 28. AMD ACPI tables 28 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 29. March 2016 -Initial work published by Kyösti Mälkki relied on AGESA returned values custom IVRS patching single isolation domain not stable across reboots June 2016 - Independent implementation by Timothy Pearson from Raptor Engineering deeply nested and recursive code quite a lot of hard coded values IVHD Type 10 used Both implementation had its own problems, but without above work we would not be able to move forward, so thanks to initial authors June 2018 - patches picked by 3mdeb based on combined work - some values came from AGESA and some came from hand-crafted ACPI tables tested under Xen 4.8 and Debian with 4.14.y Dom0 Implementation history 29 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 30. Code path src/include/device/pci_ids.h src/mainboard/pcengines/apu2/variants/apu{2,3,4,5}/devicetree.cb src/northbridge/amd/pi/00730F01/Makefile.inc src/northbridge/amd/pi/00730F01/iommu.c src/northbridge/amd/pi/00730F01/northbridge.c src/northbridge/amd/pi/agesawrapper.c 9 files changed, 326 insertions(+), 17 deletions(-) IOMMU PCI ID Enable IOMMU Add IOMMU driver compilation Basic IOMMU driver Key changes (IVRS ACPI table) Correct AGESA init Implementation 30 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 31. static struct boot_state boot_states[] = { BS_INIT_ENTRY(BS_PRE_DEVICE, bs_pre_device), BS_INIT_ENTRY(BS_DEV_INIT_CHIPS, bs_dev_init_chips), BS_INIT_ENTRY(BS_DEV_ENUMERATE, bs_dev_enumerate), BS_INIT_ENTRY(BS_DEV_RESOURCES, bs_dev_resources), BS_INIT_ENTRY(BS_DEV_ENABLE, bs_dev_enable), BS_INIT_ENTRY(BS_DEV_INIT, bs_dev_init), BS_INIT_ENTRY(BS_POST_DEVICE, bs_post_device), BS_INIT_ENTRY(BS_OS_RESUME_CHECK, bs_os_resume_check), BS_INIT_ENTRY(BS_OS_RESUME, bs_os_resume), BS_INIT_ENTRY(BS_WRITE_TABLES, bs_write_tables), <- HERE BS_INIT_ENTRY(BS_PAYLOAD_LOAD, bs_payload_load), BS_INIT_ENTRY(BS_PAYLOAD_BOOT, bs_payload_boot), }; bs_write_tables - src/lib/hardwaremain.c -> write_tables - src/lib/coreboot_table.c -> arch_write_tables - src/arch/x86/tables.c -> write_acpi_table - src/arch/x86/acpi.c -> write_acpi_tables (aka agesa_write_acpi_tables) - src/northbridge/amd/pi/00730F01/northbridge.c Call stack 31 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 32. Broken IVRS from AGESA 32 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 33. install Xen or boot over PXE setup selected device for PCI passthrough modprobe xen-pciback xl pci-assignable-add 02:00.0 after above operations device should not be visible from dom0 create Xen HVM guest config for installation purposes and perform OS installation in VM boot VM and verify lspci How to test IOMMU on Xen? 33 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 34. How to test IOMMU on Xen? 34 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 35. name = "debian-9.5.0" builder = "hvm" vcpus = 2 memory = 2048 pci = [ '02:00.0' ] disk=[ '/root/debian-9.5.0-amd64-netinst.iso,,hdc,cdrom', '/dev/vg0/debian,,hdb,rw' ] vnc=1 vnclisten='apu2_ip_addr' boot='d' Sample Xen config 35 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 36. Xen 4.8 Debian stretch Linux 4.14.59 - requires well-crafted kernel with all Xen requirements filled pfSense HVM guest iperf Detailed configuration you can find in blog post "pfSense as HVM guest on PC Engines apu2" on 3mdeb website. Xen PCI passthrough 36 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 37. Passthrough in VM Server (speedtest-venv) root@apu2:~# iperf -s -B 192.168.3.101 ------------------------------------------------------------ Server listening on TCP port 5001 Binding to local address 192.168.3.101 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4 ] local 192.168.3.101 port 5001 connected with 192.168.3.102 port 34004 [ ID ] Interval Transfer Bandwidth [ 4 ] 0.0-10.0 sec 1.10 GBytes 941 Mbits/sec Xen PCI passthrough performance 37 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 38. DMA attack protection verification is not trivial after consulting PCILeech maintainer we are in process of using PCIeScreamer to exercise PC Engines and test it against DMA attacks Google fuzzed Intel VT-d to check if it correctly protect memory, but no details about tools and methodology maybe good idea for next talk DMA attack 38 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 39. PCI pass through tested on Debian and pfSense performance prove that feature works correctly there were no longevity testing sporadic hangs in Xen hypervisor (XEN) CPU1: No irq handler for vector e7 (IRQ -2147483648) (XEN) CPU2: No irq handler for vector e7 (IRQ -2147483648) we are not sure what are the correct IOMMU setting - there are lot of them and correct configuration should be enforced as soon as possible there are still bugs that can cause problems Current state 39 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 40. AMD I/O Virtualization Technology (IOMMU) Specification - 48882 Rev 3.00 December 2016 AMD64 Architecture Programmer’s Manual Volume 2: System Programming - 24593 Rev 3.29 December 2017 References 40 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 41. binary blobs are bad and working around defects they may introduce is time consuming Future work stabilize the code and merge mainline enable and verify advanced IOMMU features GPU passthrough (?) prove that AMD IOMMU protects against DMA attacks "towards reasonably secure" router/IoT gateway Summary 41 / 42 OSFC 2018 CC BY 4.0 | Piotr Król
  • 42. Q&A 42 / 42 OSFC 2018 CC BY 4.0 | Piotr Król