My presentation for Google Developer Group San Francisco. Step-by-step guide to turning a ThinkPad X220 into a Chromium OS Android development machine. Covers flashing modified Coreboot firmware, building and installing Chromium OS from source, and hardware upgrades.
Updated slides at https://goo.gl/ivaugY
Slide deck for my presentation at the Google Developer Group San Francisco. Step-by-step guide to turning a ThinkPad X220 into a Chromium OS Android development machine. Covers hardware, firmware and software upgrades. Dynamic up-to-date slides at https://goo.gl/ivaugY
Taiwan MOPCON2016 2016/10/30 13:00~
Hacking Linux on Android devices,
Android app and server, chroot Ubuntu debian,
OS replace, Windows Tablet, Multirom
My presentation for Google Developer Group San Francisco. Step-by-step guide to turning a ThinkPad X220 into a Chromium OS Android development machine. Covers flashing modified Coreboot firmware, building and installing Chromium OS from source, and hardware upgrades.
Updated slides at https://goo.gl/ivaugY
Slide deck for my presentation at the Google Developer Group San Francisco. Step-by-step guide to turning a ThinkPad X220 into a Chromium OS Android development machine. Covers hardware, firmware and software upgrades. Dynamic up-to-date slides at https://goo.gl/ivaugY
Taiwan MOPCON2016 2016/10/30 13:00~
Hacking Linux on Android devices,
Android app and server, chroot Ubuntu debian,
OS replace, Windows Tablet, Multirom
Presentation at October SG Android Developer Meetup by Jeff Pang.
Jeff Pang shows us how you can build your own Android Tablet using BeagleBone and a capacitive touch screen.
BeagleBone is an $89 MSRP, credit-card-sized Linux computer that connects to the Internet and runs software such as Android 4.0 and Ubuntu. With plenty of I/O and processing power for real-time analysis provided by an AM335x 720MHz ARM® processor, BeagleBone can be complemented with cape plug-in boards to augment functionality.
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...Moabi.com
Pre-boot authentication software, in particular full hard disk encryption software, play a key role in preventing information theft. In this paper, we present a new class of vulnerability affecting multiple high value pre-boot authentication software, including the latest Microsoft disk encryption technology : Microsoft Vista's Bitlocker, with TPM chip enabled. Because Pre-boot authentication software programmers commonly make wrong assumptions about the inner workings of the BIOS interruptions responsible for handling keyboard input, they typically use the BIOS API without flushing or initializing the BIOS internal keyboard buffer. Therefore, any user input including plain text passwords remains in memory at a given physical location. In this article, we first present a detailed analysis of this new class of vulnerability and generic exploits for Windows and Unix platforms under x86 architectures. Unlike current academic research aiming at extracting information from the RAM, our practical methodology does not require any physical access to the computer to extract plain text passwords from the physical memory. In a second part, we will present how this information leakage combined with usage of the BIOS API without careful initialization of the BIOS keyboard buffer can lead to computer reboot without console access and full security bypass of the pre-boot authentication pin if an attacker has enough privileges to modify the bootloader. Other related work include information leakage from CPU caches, reading physical memory thanks to firewire and switching CPU modes.
Presentation slides for running MySQL (InnoDB) on ZFS. Since most databases have analogues to optimisation targets mentioned, it is more broadly applicable.
Have a quick overview of most of the embedded linux components and their details. How ti build Embedded Linux Hardware & Software, and developing Embedded Products
Presentation at October SG Android Developer Meetup by Jeff Pang.
Jeff Pang shows us how you can build your own Android Tablet using BeagleBone and a capacitive touch screen.
BeagleBone is an $89 MSRP, credit-card-sized Linux computer that connects to the Internet and runs software such as Android 4.0 and Ubuntu. With plenty of I/O and processing power for real-time analysis provided by an AM335x 720MHz ARM® processor, BeagleBone can be complemented with cape plug-in boards to augment functionality.
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...Moabi.com
Pre-boot authentication software, in particular full hard disk encryption software, play a key role in preventing information theft. In this paper, we present a new class of vulnerability affecting multiple high value pre-boot authentication software, including the latest Microsoft disk encryption technology : Microsoft Vista's Bitlocker, with TPM chip enabled. Because Pre-boot authentication software programmers commonly make wrong assumptions about the inner workings of the BIOS interruptions responsible for handling keyboard input, they typically use the BIOS API without flushing or initializing the BIOS internal keyboard buffer. Therefore, any user input including plain text passwords remains in memory at a given physical location. In this article, we first present a detailed analysis of this new class of vulnerability and generic exploits for Windows and Unix platforms under x86 architectures. Unlike current academic research aiming at extracting information from the RAM, our practical methodology does not require any physical access to the computer to extract plain text passwords from the physical memory. In a second part, we will present how this information leakage combined with usage of the BIOS API without careful initialization of the BIOS keyboard buffer can lead to computer reboot without console access and full security bypass of the pre-boot authentication pin if an attacker has enough privileges to modify the bootloader. Other related work include information leakage from CPU caches, reading physical memory thanks to firewire and switching CPU modes.
Presentation slides for running MySQL (InnoDB) on ZFS. Since most databases have analogues to optimisation targets mentioned, it is more broadly applicable.
Have a quick overview of most of the embedded linux components and their details. How ti build Embedded Linux Hardware & Software, and developing Embedded Products
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
Talk for Facebook Systems@Scale 2021 by Brendan Gregg: "BPF (eBPF) tracing is the superpower that can analyze everything, helping you find performance wins, troubleshoot software, and more. But with many different front-ends and languages, and years of evolution, finding the right starting point can be hard. This talk will make it easy, showing how to install and run selected BPF tools in the bcc and bpftrace open source projects for some quick wins. Think like a sysadmin, not like a programmer."
An Overview of the IHK/McKernel Multi-kernel Operating SystemLinaro
By Balazs Gerofi, RIKEN Advanced Institute For Computational Science
RIKEN Advanced Institute for Computation Science is in charge of leading the development of Japan's next generation flagship supercomputer, the successor of the K. Part of this effort is to design and develop a system software stack that suits the needs of future extreme scale computing. In this talk, we focus on operating system (OS) requirements for HPC and discuss IHK/McKernel, a multi-kernel based operating system framework. IHK/McKernel runs Linux with a light-weight kernel (LWK) side-by-side on compute nodes with the primary motivation of providing scalable, consistent performance for large scale HPC simulations, but at the same time to retain a fully Linux compatible execution environment. We provide an overview of the project and discuss the status of its support for ARM architecture.
Balazs Gerofi Bio
Research Scientist at RIKEN Advanced Institute For Computational Science.
Email
bgerofi@riken.jp
For more info on The Linaro High Performance Computing (HPC) visit https://www.linaro.org/sig/hpc/
XGBoost Developer 1.3.0 released on April 13, 2021
- GGBoost Python Package, XGBoost R Package, XGBoost C++ API, XGBoost Parameters, XGBoost GPU support, XGBoost JVM Package, XGBoost.jl, XGBoost C Package
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Corporate Management | Session 3 of 3 | Tendenci AMS
Getting started with LinuxBoot Firmware on AArch64 Server
1. Naohiro Tamura (naohirot@fujitsu.com)
Professional Engineer
Fujitsu Limited
Getting started with LinuxBoot Firmware
on AArch64 Server
Sysadmin Miniconf at Linux.conf.au 2021
Saturday, Jan 23 • 15:45 – 16:05 UTC+11
Slides: https://github.com/NaohiroTamura/LCA2021
Copyright 2021 FUJITSU LIMITED
2. Outline
◼ My Motivation, Your Merit, and Our Goal
◼ What is LinuxBoot and its 2 Pitfalls?
◼ Solution
◼ How to create, boot and debug Flashrom
◼ Tip 1: Create AArch64 OVMF 32MB Firmware File System
◼ Tip 2: Configure LinuxBoot Kernel and Initramfs
◼ Tip 3: Inject LinuxBoot into QEMU 64MB Flashrom
◼ Tip 4: Boot Final OS from Local Disk
◼ Tip 5: Debug LinuxBoot AArch64 Kernel using QEMU and GDB on x86_64
◼ What To Do Next?
◼ Summary
Copyright 2021 FUJITSU LIMITED
1
Key Words
2 Pitfalls
1 Solution
5 Tips
3. My Motivation, Your Merit and Our Goal
◼ My Motivation
◼ Don’t Repeat My Struggle by sharing 2 Pitfalls, 1 Solution and 5 Tips.
• Last year I investigated LinuxBoot for AArch64 Server Project.
• Because LinuxBoot is Mega Datacenter Customer’s Requirement for Security.
◼ Your Merit
◼ Be able to explain LinuxBoot AArch64 to your Boss and Colleagues with 100% Confidence.
• Because of getting LinuxBoot AArch64 Box Today without purchasing any additional HW at all.
◼ Our Goal
◼ Boot Final OS, CentOS 8.2 AArch64, from LinuxBoot Flashrom using QEMU by Ourselves
• Consider CentOS 8.2 as RHEL 8.2 which enterprise customers mostly use
• All steps to reproduce are available at https://github.com/NaohiroTamura/LCA2021
Copyright 2021 FUJITSU LIMITED
2
ARMv8 is becoming important for SysAdmin.
Fujitsu A64FX won HPC Top500 last Jun. and Nov.
Apple M1 and AWS Graviton2 became available.
Bloomberg said Microsoft is planning.*
* Source: https://www.bloomberg.com/news/articles/2020-12-18/microsoft-is-designing-its-own-chips-for-servers-surface-pcs
4. What is LinuxBoot?
◼ “LinuxBoot” has Three Meanings depending on Contexts.
◼ We focus on LinuxBoot 3rd Meaning (UEFI PEI to LinuxBoot 2nd) because it’s for Server
Copyright 2021 FUJITSU LIMITED
Source: https://www.linuxboot.org/
LinuxBoot 1st
Meaning
as a whole
Glossary
SPI: Serial Peripheral Interface
PEI: Pre-EFI Initialization
SPL: Secondary Program Loader
BDS: Boot Device Selector
LinuxBoot 2nd
Meaning
(Linux Kernel + Initramfs)
LinuxBoot 3rd
Meaning
(“LinuxBoot” is used as Repo Name)
https://github.com/linuxboot/linuxboot
3
HW Init FW
LinuxBoot FW
1st
Meaning
as a whole
2nd
Meaning
3rd
Meaning
as an arrow
Essence of LinuxBoot
for Server for Laptop for x86_64
for Edge Device
5. The 1st Pitfall: No BDS Kernel Param and Patch for AArch64
◼ No such Kernel Param CONFIG_EFI_BDS
◼ The GitHub provides no further instructions
◼ But found BDS Kernel Patch in HEADS repo
◼ This Kernel Patch is to x86_64 arch dependent
code, so it’s NOT applicable to AArch64
• https://github.com/osresearch/heads/blob/master/patches/linux-
4.14.62/0000-efi_bds.patch
◼ Basically What is BDS ?
◼ BDS (Boot Device Selector)
Copyright 2021 FUJITSU LIMITED
Source: https://www.linuxboot.org/
https://github.com/linuxboot/linuxboot
4
The Kernel must be built with
CONFIG_EFI_BDS.
Follow further instructions
on our GitHub.
6. The 2nd Pitfall: No LinuxBoot BDS Source Code for AArch64
◼ BDS is a phase of UEFI Boot. LinuxBoot BDS selects Flashrom Device and boot
◼ https://github.com/linuxboot/linuxboot/blob/master/dxe/linuxboot.c
Copyright 2021 FUJITSU LIMITED
Figure Source: https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discussion/23_boot_sequence
LinuxBoot 3rd
BDS
LinuxBoot 2nd
BDS Patched Kernel
+ Initramfs
Final OS
kexec
2nd
Pitfall is that
BDS Source Code is for
x86_64, but not AArch64
So What should we do?
5
Only for x86_64
Remove
Unused
DXE
7. Solution: Replace UEFI Shell with LinuxBoot in Flashrom
◼ Fiano replaces UEFI Shell with LinuxBoot then BootManager calls LinuxBoot 2nd
◼ https://github.com/linuxboot/fiano
Copyright 2021 FUJITSU LIMITED
Figure Source: https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discussion/23_boot_sequence
LinuxBoot 2nd
as UEFI Shell
Kernel (no patched)
+ Initramfs
Final OS
kexec
This is the Solution to
the 1st
and 2nd
Pitfalls
because Kernel Patch
and BDS Source Code
are NOT necessary
6
Remove
Unused
DXE
Put UEFI Shell in the first priority
Solution for AArch64
How do we create, boot
and debug Flashrom?
8. 5 Tips for LinuxBoot AArch64
◼ How to create, boot and debug Flashrom
◼ Tip 1: Create AArch64 OVMF 32MB Firmware File System
◼ Tip 2: Configure LinuxBoot Kernel and Initramfs
◼ Tip 3: Inject LinuxBoot into QEMU 64MB Flashrom
◼ Tip 4: Boot Final OS from Local Disk
◼ Tip 5: Debug LinuxBoot AArch64 Kernel using QEMU and GDB on x86_64
◼ Flashrom Size Requirement and Challenge
◼ Flashrom Size is 32MB
• Low End Physical AArch64 Server has only 32MB Flashrom.
• Trusted Firmware (8MB)+ UEFI(8MB) + LinuxBoot (Kernel + Initramfs) < 32MB
◼ AArch64 Kernel has to be stored in uncompressed (3 times larger than compressed)
• Because AArch64 doesn’t support Self Decompression PE/COFF Kernel Image, but X86, x86_64 and AArch32 do
• FYI, CentOS 8.2 generic kernel size gzip 8MB and gunzip 25MB
Copyright 2021 FUJITSU LIMITED
LinuxBoot 2nd
(Kernel + Initramfs) has to be
less than 16MB without Kernel Compression
7
9. Tip 1: Create AArch64 OVMF 32MB Firmware File System
◼ OVMF File Size is only 2MB, so no room to replace UEFI Shell with LinuxBoot 2nd
◼ OVMF (Open Virtual Machine Firmware) is UEFI implementation for QEMU and KVM
• AArch64 https://github.com/tianocore/edk2/tree/master/ArmVirtPkg
◼ How to extend Firmware File System to 32MB?
◼ Increase Flash Device # of Blocks in OVMF Source Code
• FD Block Size = 4096 Byte
• FD Size 2MB = 512 Blocks
• FD Size 32MB = 8,192 Blocks
• https://github.com/NaohiroTamura/edk2/compare/edk2-stable202008...aarch64-flashrom.patch
ArmVirtPkg/ArmVirt.dsc.inc | 7 ++++++-
ArmVirtPkg/ArmVirtQemu.fdf | 4 ++++
2 files changed, 10 insertions(+), 1 deletion(-)
Copyright 2021 FUJITSU LIMITED
8
Apply Patch and Rebuild OVMF
10. Tip 2: Configure LinuxBoot Kernel and Initramfs
◼ LinixBoot 2nd (Kernel + Initramfs) has to be One File, and Size < 16MB
◼ How to Minimize Kernel with embedded Initramfs?
◼ Repeat Kernel Config Trial and Error using GDB
• CONFIG_EFI_STUB=y
• CONFIG_INITRAMFS_SOURCE="../initramfs.linux_arm64.cpio.xz“
• CONFIG_INITRAMFS_COMPRESSION_XZ=y
• # CONFIG_MODULES is not set
• Enable ACPI Support
• Minimized Kernel Defconf is available (https://github.com/NaohiroTamura/LCA2021/blob/master/linuxboot-5.9.0-aarch64_defconfig)
◼ Chose u-root as Initramfs
• u-root is implemented in Golang for Security (https://github.com/u-root/u-root)
• Build with minimum commands
$ GOARCH=arm64 u-root -build=bb -o=initramfs.linux_arm64.cpio -uinitcmd=boot core github.com/u-root/u-root/cmds/boot/boot
• XZ compress to 3.5MB
$ xz --check=crc32 -9 --lzma2=dict=1MiB --stdout initramfs.linux_arm64.cpio | dd conv=sync bs=512 of=initramfs.linux_arm64.cpio.xz
Copyright 2021 FUJITSU LIMITED
9
LinuxBoot 2nd
became15MB
(Kernel 5.9 with embedded u-root)
11. Tip 3: Inject LinuxBoot into QEMU 64MB Flashrom
◼ QEMU ‘virt’ machine requires 64MB Flashrom, but not 32MB
◼ How to replace UEFI Shell with LinuxBoot 2nd?
◼ First use ‘dd’ to extend 32MB Flashrom to 64MB by just filling out Zero
• OVMF RPM Spec file https://src.fedoraproject.org/rpms/edk2/blob/master/f/edk2.spec#_384-386
$ dd of="arm/QEMU_EFI-pflash.raw" if="/dev/zero" bs=1M count=64
$ dd of="arm/QEMU_EFI-pflash.raw" if="arm/QEMU_EFI.fd" conv=notrunc
◼ Then use ‘replace_pe32’ subcommand of Fiano ‘utk’
• https://github.com/linuxboot/fiano
$ utk QEMU_EFI-pflash.raw replace_pe32 Shell build-5.9.15/arch/arm64/boot/Image ¥
> save QEMU_EFI-pflash-linux.raw
Copyright 2021 FUJITSU LIMITED
10
Output: Linux Boot Flashrom 64MB
Input: OVMF Flashrom 64MB
LinuxBoot 2nd
PE/COFF Image 15MB
(Kernel 5.9 with embedded u-root)
12. Tip 4: Boot Final OS from Local Disk
◼ CentOS 8 follows Boot Loader Spec that u-root (Initramfs) hasn’t implemented yet
◼ Boot Configuration Format, Grub2 ‘menuentry’, is changed
• https://systemd.io/BOOT_LOADER_SPECIFICATION/
◼ How to boot Final OS, CentOS 8.2 from Local Disk using QEMU?
◼ Apply Quick Hack Patch to u-root and rebuild LinuxBoot Flashrom
• https://github.com/NaohiroTamura/u-root/compare/04f343dd1922457c530a90b566789fe1707d591d...centos8-bls-support.patch
$ /opt/qemu-5.1.0/bin/qemu-system-aarch64 -m 8192 ¥
-drive if=pflash,format=raw,readonly,file=QEMU_EFI-pflash-linux.raw ¥
-drive if=pflash,format=raw,file=vars-template-pflash.raw ¥
-device virtio-rng-pci -nographic -serial mon:stdio ¥
-machine virt,accel=tcg -cpu cortex-a72 -smp 4 ¥
-hda centos8-aarch64-lvm.qcow2
Copyright 2021 FUJITSU LIMITED
LinuxBoot Flashrom
Linux Kernel 5.9 (embedded u-root Initramfs)
Final OS CentOS 8.2
‘virt’ machine supports ACPI
11
13. Tip 4: Boot Final OS from Local Disk (Console Log)
12 Copyright 2021 FUJITSU LIMITED
14. Tip 5: Debug LinuxBoot AArch64 using QEMU and GDB
◼ Terminal 1
$ /opt/qemu-5.1.0/bin/qemu-system-aarch64 -s -S -m 8192 ¥
-drive if=pflash,format=raw,readonly,file=QEMU_EFI-pflash-linux.raw ¥
-drive if=pflash,format=raw,file=vars-template-pflash.raw ¥
-device virtio-rng-pci -nographic -serial mon:stdio ¥
-machine virt,accel=tcg -cpu cortex-a72 ¥
-hda centos8-aarch64-lvm.qcow2
◼ Terminal 2
$ /opt/gdb-9.2/bin/aarch64-gnu-linux-gnu-gdb build-5.9.15/vmlinux
...
Reading symbols from build-5.9.15/vmlinux...
(gdb) target remote :1234
Remote debugging using :1234
0x0000000000000000 in ?? ()
(gdb) b start_kernel
Breakpoint 1 at 0xfffffe0010990da4: file /home/ubuntu/LCA2021/linux-5.9.15/init/main.c, line 847.
(gdb) c
Continuing.
Breakpoint 1, start_kernel () at /home/ubuntu/LCA2021/linux-5.9.15/init/main.c:847
847 {
(gdb)
Copyright 2021 FUJITSU LIMITED
When LinuxBoot Kernel doesn’t start,
GDB debug helps us find missing driver.
13
Default Port 1234
15. What TO DO Next?
◼ Develop Kernel Decompressor UEFI Application for Fiano
◼ Fiano replaces UEFI Shell with the Decompressor, then the Decompressor calls LinuxBoot 2nd
◼ It’ really peculiar why NOT only AArch64 kernel self-decompressor implemented
• Because each loader such as Grub2, u-root and etc has to implement decompressor repeatedly
• Found discussion once on the mailing list in Jan 2014 (http://lists.infradead.org/pipermail/linux-arm-kernel/2014-January/224746.html), but no more
◼ Watch LinuxBoot 3rd ARM Company is implementing
◼ At OCP Summit 2020 ARM presented LinuxBoot which
Trusted Firmware calls Kernel Decompressor skipping UEFI
◼ When it’s ready, we can try it using QEMU SABA-Ref machine
• SABA (Server Base System Architecture)
• https://github.com/tianocore/edk2-platforms/tree/master/Platform/Qemu/SbsaQemu
Copyright 2021 FUJITSU LIMITED
Source: https://2020ocpvirtualsummit.sched.com/event/bXVn/open-system-firmware-on-arm
14
Trusted Firmware-A directly calls
Decompressor without UEFI
16. Summary
◼ Explained 2 Pitfalls, 1 Solution and 5 Tips.
◼ You can boot Final OS, CentOS 8.2, from LinuxBoot Flashrom using QEMU
◼ All steps to reproduce are available at https://github.com/NaohiroTamura/LCA2021
◼ Try it by yourself and explain LinuxBoot AArch64 to your Boss and Colleagues
◼ Please send me an email or submit an Issue to the GitHub if you had any problem.
Copyright 2021 FUJITSU LIMITED
15
17. References
◼ Arm SystemReady and the UEFI firmware ecosystem
◼ https://cfp.osfc.io/osfc2020/talk/KB3H9V/
◼ Open System Firmware on Arm *
◼ https://2020ocpvirtualsummit.sched.com/event/bXVn/open-system-firmware-on-arm
◼ Go Forth and Modify: Fiano *
◼ https://2020ocpvirtualsummit.sched.com/event/bXWK/go-forth-and-modify-fiano
◼ Firmware security, why it matters and how you can have it
◼ https://2019.linux.conf.au/schedule/presentation/110/
◼ EDKII OVMF AArch64
◼ https://github.com/tianocore/edk2/tree/master/ArmVirtPkg
◼ u-root
◼ https://github.com/u-root/u-root
◼ LinuxBoot
◼ https://github.com/linuxboot/linuxboot
◼ fiano
◼ https://github.com/linuxboot/fiano
Copyright 2021 FUJITSU LIMITED
*) Downloading slide needs to enter the OCP Virtual Summit from
https://www.opencompute.org/summit/virtual-summit
16