HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor

Linaro
LinaroLinaro
Unrestricted © Siemens AG 2018 Jan Kiszka | Linaro Connect, March 19, 2018 Partitioning ARM Systems With the Jailhouse Hypervisor
Unrestricted © Siemens AG 2017 Page 2 Corporate Technology About /me, about this project • Jan Kiszka <jan.kiszka@siemens.com> • Member of embedded Linux team at Siemens Corporate Technology • (In-house) consultant, architect, developer for OSS • Focus on kernel, real-time, virtualization, embedded build systems • Upstream contributor • https://github.com/siemens/jailhouse • Not a product of Siemens, rather an infrastructure component • Started as open source project by Siemens • Published for broader industrial usage and contributions
Unrestricted © Siemens AG 2017 Page 3 Corporate Technology Agenda Introduction to Jailhouse hypervisor Current status on ARM Architectural insights Future directions Summary Discussion
Unrestricted © Siemens AG 2017 Page 4 Corporate Technology Jailhouse: Static Partitioning for Multicore Systems • Focus on maintaining static partitions • No scheduling • 1:1 resource assignment • (Almost) no device emulation • Keep runtime code base minimal • Hard RT properties with minimal overhead • Enable / simplify safety certification Design Goals RTOS / Bare- Metal Hardware Linux Core 4Core 3Core 1 Core 2 Jailhouse Hypervisor Device A Device B Device C Device D Stahlkocher, CC BY-SA 3.0 2nd Linux
Unrestricted © Siemens AG 2017 Page 5 Corporate Technology Boot Process of Jailhouse Power-On Boot Loader Typical Hypervisor Partition 1 OS Partition n OS Jailhouse Boot Loader Partition 2 OS Partition n OS Partition 2 OS Power-On Root LinuxLinux (Yet Another Boot Loader) ... ...
Unrestricted © Siemens AG 2017 Page 6 Corporate Technology Management Interface via Linux linux # jailhouse enable system.cell linux # jailhouse cell create realtime.cell linux # jailhouse cell load my-cell rtos.bin linux # jailhouse cell start my-cell linux # jailhouse cell destroy my-cell linux # jailhouse cell linux linux.cell kernel -i initrd -d dtb linux # jailhouse disable
Unrestricted © Siemens AG 2017 Page 7 Corporate Technology Modes of Operation – Trusting Linux? Linux Jailhouse Cell 1 Cell 2 Cell 3 Linux Jailhouse Cell 1 Cell 3 Cell 2 Open Model Safety Model • Linux (root cell) is in control • Cells not involved in management decisions • Sufficient if root cell is trusted • Linux controls, but... • Cells can be configured to vote over management decisions • Building block for safe operation
Unrestricted © Siemens AG 2017 Page 8 Corporate Technology Jailhouse Status on ARM ARMv7 • Support for Banana-Pi, Orange-Pi, NVIDIA Jetson TK1, VExpress, emtrion emCON-RZ/G1x • Non-upstream: TI Sitara AM572x-EVM • GICv2 and v3 • SMMU on to-do list ARMv8 • Support for AMD Seattle, LeMaker HiKey, Xilinx ZynqMP, NVIDIA Jetson TX1, ESPRESSObin, NXP i.MX8MQ • Works inside QEMU (via virt machine and GICv3) It's small • Currently ~7k lines of code (ARMv8)
Unrestricted © Siemens AG 2017 Page 9 Corporate Technology Architectural Overview Hypervisor Hardware Page MappingPage Allocator Virtual CPU IOMMU HW Access Filters IRQ Controller Arch. Specifics: Mapping, PCI, Life Cycle, ... Inter-Cell Communication PCI Access Life Cycle Management MMIO Access Debug Output VM, IRQ, Exception Entry UART Output Minimal libc Jailhouse Management Tool /sys/devices/jailhouse /dev/jailhouse Cell Image Cell Config Jailhouse Image Cell ConfigCell Image System Config Linux Kernel Jailhouse Driver Module
Unrestricted © Siemens AG 2017 Page 10 Corporate Technology Sharing Devices under Jailhouse Jailhouse Guest B Hardware Core 1 Core 2 Storage Core 3 Core 4 LAN Guest A Shared Memory Device IRQ vETH ivshmem-net vETH ivshmem-net NFS etc. Open issue: ivshmem (v2.0) vs. vhost-pci (virtio)
Unrestricted © Siemens AG 2017 Page 11 Corporate Technology Secure Boot with Jailhouse – Static Chain Boot Loader Partition n OS Partition 2 OS Power-On Full-featured Linux Minimal Linux (kernel + initrd with Jailhouse) ... Jailhouse • Simple model, feasible with all architectures • Prevents undesired hardware access of full-featured Linux • To-do: cell image validation by Jailhouse (if not part of initrd)
Unrestricted © Siemens AG 2017 Page 12 Corporate Technology Ongoing Developments Generated demo & testing images • WiP at https://github.com/siemens/jailhouse-images • Currently generates Debian x86 image for QEMU/KVM • Allows easy exploration of Jailhouse “look & feel” • Planned next: ARM64 QEMU image • Then: reference board images Speculation barriers • Already well isolated in static setups • Further isolate cells inside the hypervisor → CPU-local memory views • Prototype exists for x86, to be extended to ARM now
Unrestricted © Siemens AG 2017 Page 13 Corporate Technology Future Developments Configuration format • Binary format optimized for runtime usage → should remain • Source format currently C structure → should be improved • Device Tree? Also on x86? • Custom YAML description? Non-Linux root cells • Straightforward with many RTOSes • Catch: we need stable & versioned hypervisor boot interface Early partitioning • Create cells via boot loader or EFI helper • Cell reload / restart during runtime without root cell? Clock partitioning • Provide infrastructure to help with moderating clock access • Avoid clock driver reimplementations in hypervisor → firmware service?
Unrestricted © Siemens AG 2017 Page 14 Corporate Technology Why Jailhouse? • Designed for real-time • Full CPU isolation • Minimal I/O latencies • Designed for safety & security • No emulation, no scheduling, minimal interfaces • Target code size: <10k LOC/arch (runtime even smaller) • Safety certification under preparation (waiting for safe hardware) • Designed as true Open Source • GPLv2, public for 4.5 years • Active community, including CPU vendors • Could eventually make into the kernel
Page 15 Thank you! Jan Kiszka <jan.kiszka@siemens.com>
1 sur 15

HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor

Télécharger pour lire hors ligne
Technologie

"Session ID: HKG18-115 Session Name: HKG18-115 - Partitioning ARM Systems with the Jailhouse Hypervisor Speaker: Jan Kiszka Track: Security ★ Session Summary ★ The open source hypervisor Jailhouse provides hard partitioning of multicore systems to co-locate multiple Linux or RTOS instances side by side. It aims at low complexity and minimal footprint to achieve deterministic behavior and enable certifications according to safety or security standards. In this session, we would like to look at the ARM-specific status of Jailhouse and discuss applications, to-dos and possible collaborations around it with the ARM community. The session is intended to be half presentation, half Q&A / discussion. --------------------------------------------------- ★ Resources ★ Event Page: http://connect.linaro.org/resource/hkg18/hkg18-115/ Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-115.pdf Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-115.mp4 --------------------------------------------------- ★ Event Details ★ Linaro Connect Hong Kong 2018 (HKG18) 19-23 March 2018 Regal Airport Hotel Hong Kong --------------------------------------------------- Keyword: Security 'http://www.linaro.org' 'http://connect.linaro.org' --------------------------------------------------- Follow us on Social Media https://www.facebook.com/LinaroOrg https://www.youtube.com/user/linaroorg?sub_confirmation=1 https://www.linkedin.com/company/1026961"

Linaro
LinaroLinaro

Recommandé

Xen in Safety-Critical Systems - Critical Summit 2022 par
Xen in Safety-Critical Systems - Critical Summit 2022Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Stefano Stabellini
389 vues31 diapositives
Embedded Hypervisor for ARM par
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARMNational Cheng Kung University
12.2K vues85 diapositives
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam... par
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Stefano Stabellini
877 vues32 diapositives
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx par
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
5.7K vues23 diapositives
Xen Memory Management par
Xen Memory ManagementXen Memory Management
Xen Memory ManagementThe Linux Foundation
10.6K vues16 diapositives
Project ACRN hypervisor introduction par
Project ACRN hypervisor introduction Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN
170 vues21 diapositives

Contenu connexe

Tendances

XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM par
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMThe Linux Foundation
2.3K vues34 diapositives
Kernel Recipes 2017: Using Linux perf at Netflix par
Kernel Recipes 2017: Using Linux perf at NetflixKernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixBrendan Gregg
1.5M vues79 diapositives
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems par
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsXPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsThe Linux Foundation
1.3K vues42 diapositives
Trusted firmware deep_dive_v1.0_ par
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Linaro
10K vues55 diapositives
System Device Tree and Lopper: Concrete Examples - ELC NA 2022 par
System Device Tree and Lopper: Concrete Examples - ELC NA 2022System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
162 vues19 diapositives
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing... par
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
15.2K vues26 diapositives

Tendances(20)

XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM par The Linux Foundation
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
The Linux Foundation2.3K vues
Kernel Recipes 2017: Using Linux perf at Netflix par Brendan Gregg
Kernel Recipes 2017: Using Linux perf at NetflixKernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at Netflix
Brendan Gregg1.5M vues
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems par The Linux Foundation
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsXPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
The Linux Foundation1.3K vues
Trusted firmware deep_dive_v1.0_ par Linaro
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
Linaro10K vues
System Device Tree and Lopper: Concrete Examples - ELC NA 2022 par Stefano Stabellini
System Device Tree and Lopper: Concrete Examples - ELC NA 2022System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
Stefano Stabellini162 vues
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing... par Linaro
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro15.2K vues
Xvisor: embedded and lightweight hypervisor par National Cheng Kung University
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisor
National Cheng Kung University9K vues
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen... par The Linux Foundation
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
The Linux Foundation1.2K vues
Hardware accelerated Virtualization in the ARM Cortex™ Processors par The Linux Foundation
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsHardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ Processors
The Linux Foundation9.5K vues
Linux Internals - Kernel/Core par Shay Cohen
Linux Internals - Kernel/CoreLinux Internals - Kernel/Core
Linux Internals - Kernel/Core
Shay Cohen1.4K vues
GPU Virtualization in Embedded Automotive Solutions par GlobalLogic Ukraine
GPU Virtualization in Embedded Automotive SolutionsGPU Virtualization in Embedded Automotive Solutions
GPU Virtualization in Embedded Automotive Solutions
GlobalLogic Ukraine2.2K vues
Safety-Certifying Open Source Software: The Case of the Xen Hypervisor par Stefano Stabellini
Safety-Certifying Open Source Software: The Case of the Xen HypervisorSafety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen Hypervisor
Stefano Stabellini668 vues
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems par The Linux Foundation
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
The Linux Foundation814 vues
LCA13: Power State Coordination Interface par Linaro
LCA13: Power State Coordination InterfaceLCA13: Power State Coordination Interface
LCA13: Power State Coordination Interface
Linaro3.7K vues
SFO15-TR9: PSCI, ACPI (and UEFI to boot) par Linaro
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
Linaro3.4K vues
ZFS par mewandalmeida
ZFSZFS
ZFS
mewandalmeida11.9K vues
Xen on ARM for embedded and IoT: from secure containers to dom0less systems par Stefano Stabellini
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsXen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
Stefano Stabellini441 vues
LCU13: An Introduction to ARM Trusted Firmware par Linaro
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
Linaro30.4K vues
Device tree support on arm linux par Chih-Min Chao
Device tree support on arm linuxDevice tree support on arm linux
Device tree support on arm linux
Chih-Min Chao17.8K vues
Kdump and the kernel crash dump analysis par Buland Singh
Kdump and the kernel crash dump analysisKdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysis
Buland Singh2.5K vues

Similaire à HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor

Platform Security Summit 18: Xen Security Weather Report 2018 par
Platform Security Summit 18: Xen Security Weather Report 2018Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018The Linux Foundation
413 vues29 diapositives
Open Source Investments in Mainframe Through the Next Generation - Showcasing... par
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Mainframe Project
646 vues37 diapositives
High Performance Object Storage in 30 Minutes with Supermicro and MinIO par
High Performance Object Storage in 30 Minutes with Supermicro and MinIOHigh Performance Object Storage in 30 Minutes with Supermicro and MinIO
High Performance Object Storage in 30 Minutes with Supermicro and MinIORebekah Rodriguez
438 vues24 diapositives
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini... par
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...The Linux Foundation
1.7K vues32 diapositives
Kubernetes for HCL Connections Component Pack - Build or Buy? par
Kubernetes for HCL Connections Component Pack - Build or Buy?Kubernetes for HCL Connections Component Pack - Build or Buy?
Kubernetes for HCL Connections Component Pack - Build or Buy?Martin Schmidt
43 vues40 diapositives
Opening last bits of the infrastructure par
Opening last bits of the infrastructureOpening last bits of the infrastructure
Opening last bits of the infrastructureErwan Velu
441 vues20 diapositives

Similaire à HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor(20)

Platform Security Summit 18: Xen Security Weather Report 2018 par The Linux Foundation
Platform Security Summit 18: Xen Security Weather Report 2018Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018
The Linux Foundation413 vues
Open Source Investments in Mainframe Through the Next Generation - Showcasing... par Open Mainframe Project
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Mainframe Project646 vues
High Performance Object Storage in 30 Minutes with Supermicro and MinIO par Rebekah Rodriguez
High Performance Object Storage in 30 Minutes with Supermicro and MinIOHigh Performance Object Storage in 30 Minutes with Supermicro and MinIO
High Performance Object Storage in 30 Minutes with Supermicro and MinIO
Rebekah Rodriguez438 vues
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini... par The Linux Foundation
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
The Linux Foundation1.7K vues
Kubernetes for HCL Connections Component Pack - Build or Buy? par Martin Schmidt
Kubernetes for HCL Connections Component Pack - Build or Buy?Kubernetes for HCL Connections Component Pack - Build or Buy?
Kubernetes for HCL Connections Component Pack - Build or Buy?
Martin Schmidt43 vues
Opening last bits of the infrastructure par Erwan Velu
Opening last bits of the infrastructureOpening last bits of the infrastructure
Opening last bits of the infrastructure
Erwan Velu441 vues
Linux container & docker par ejlp12
Linux container & dockerLinux container & docker
Linux container & docker
ejlp121.5K vues
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy? par panagenda
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
panagenda1.1K vues
Affordable trustworthy-systems par microkerneldude
Affordable trustworthy-systemsAffordable trustworthy-systems
Affordable trustworthy-systems
microkerneldude1.4K vues
C++ Programming and the Persistent Memory Developers Kit par Intel® Software
C++ Programming and the Persistent Memory Developers KitC++ Programming and the Persistent Memory Developers Kit
C++ Programming and the Persistent Memory Developers Kit
Intel® Software784 vues
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM par The Linux Foundation
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARMXPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
The Linux Foundation1.1K vues
Xen revisited par Shahbaz Sidhu
Xen revisitedXen revisited
Xen revisited
Shahbaz Sidhu927 vues
The Quest for the Perfect API par microkerneldude
The Quest for the Perfect APIThe Quest for the Perfect API
The Quest for the Perfect API
microkerneldude460 vues
Introduction to openshift par MamathaBusi
Introduction to openshiftIntroduction to openshift
Introduction to openshift
MamathaBusi1.3K vues
Optimizing VM images for OpenStack with KVM/QEMU par OpenStack Foundation
Optimizing VM images for OpenStack with KVM/QEMUOptimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMU
OpenStack Foundation14.5K vues
Introduction to Virtualization par MuhammadRizkyFaza
Introduction to VirtualizationIntroduction to Virtualization
Introduction to Virtualization
MuhammadRizkyFaza6 vues
Real time Linux par navid ashrafi
Real time LinuxReal time Linux
Real time Linux
navid ashrafi786 vues
Rapid prototyping with open source par Alison Chaiken
Rapid prototyping with open sourceRapid prototyping with open source
Rapid prototyping with open source
Alison Chaiken2.2K vues
CEPH technical analysis 2014 par Erwan Quigna
CEPH technical analysis 2014CEPH technical analysis 2014
CEPH technical analysis 2014
Erwan Quigna322 vues
S016394 pendulum-swings-melbourne-v1708d par Tony Pearson
S016394 pendulum-swings-melbourne-v1708dS016394 pendulum-swings-melbourne-v1708d
S016394 pendulum-swings-melbourne-v1708d
Tony Pearson512 vues

Plus de Linaro

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo par
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloLinaro
7K vues54 diapositives
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria par
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaLinaro
3K vues8 diapositives
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora par
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraLinaro
3.7K vues20 diapositives
Bud17 113: distribution ci using qemu and open qa par
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaLinaro
662 vues63 diapositives
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018 par
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018Linaro
2.3K vues16 diapositives
HPC network stack on ARM - Linaro HPC Workshop 2018 par
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018Linaro
2.6K vues21 diapositives

Plus de Linaro(20)

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo par Linaro
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Linaro7K vues
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria par Linaro
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Linaro3K vues
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora par Linaro
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Linaro3.7K vues
Bud17 113: distribution ci using qemu and open qa par Linaro
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
Linaro662 vues
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018 par Linaro
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
Linaro2.3K vues
HPC network stack on ARM - Linaro HPC Workshop 2018 par Linaro
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
Linaro2.6K vues
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ... par Linaro
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
Linaro1.9K vues
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ... par Linaro
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro2.4K vues
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant... par Linaro
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Linaro2.4K vues
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su... par Linaro
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Linaro2.7K vues
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline par Linaro
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro4.4K vues
HKG18-100K1 - George Grey: Opening Keynote par Linaro
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
Linaro839 vues
HKG18-318 - OpenAMP Workshop par Linaro
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
Linaro606 vues
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline par Linaro
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro866 vues
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all par Linaro
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
Linaro219 vues
HKG18-TR08 - Upstreaming SVE in QEMU par Linaro
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
Linaro476 vues
HKG18-113- Secure Data Path work with i.MX8M par Linaro
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
Linaro1.4K vues
HKG18-120 - Devicetree Schema Documentation and Validation par Linaro
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
Linaro1.3K vues
HKG18-223 - Trusted FirmwareM: Trusted boot par Linaro
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro1.4K vues
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D... par Linaro
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
Linaro243 vues

Dernier

Kyo - Functional Scala 2023.pdf par
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
165 vues92 diapositives
virtual reality.pptx par
virtual reality.pptxvirtual reality.pptx
virtual reality.pptxG036GaikwadSnehal
11 vues15 diapositives
handbook for web 3 adoption.pdf par
handbook for web 3 adoption.pdfhandbook for web 3 adoption.pdf
handbook for web 3 adoption.pdfLiveplex
19 vues16 diapositives
DALI Basics Course 2023 par
DALI Basics Course 2023DALI Basics Course 2023
DALI Basics Course 2023Ivory Egg
14 vues12 diapositives
Top 10 Strategic Technologies in 2024: AI and Automation par
Top 10 Strategic Technologies in 2024: AI and AutomationTop 10 Strategic Technologies in 2024: AI and Automation
Top 10 Strategic Technologies in 2024: AI and AutomationAutomationEdge Technologies
14 vues14 diapositives
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院 par
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院IttrainingIttraining
34 vues8 diapositives

Dernier(20)

Kyo - Functional Scala 2023.pdf par Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil165 vues
virtual reality.pptx par G036GaikwadSnehal
virtual reality.pptxvirtual reality.pptx
virtual reality.pptx
G036GaikwadSnehal11 vues
handbook for web 3 adoption.pdf par Liveplex
handbook for web 3 adoption.pdfhandbook for web 3 adoption.pdf
handbook for web 3 adoption.pdf
Liveplex19 vues
DALI Basics Course 2023 par Ivory Egg
DALI Basics Course 2023DALI Basics Course 2023
DALI Basics Course 2023
Ivory Egg14 vues
Top 10 Strategic Technologies in 2024: AI and Automation par AutomationEdge Technologies
Top 10 Strategic Technologies in 2024: AI and AutomationTop 10 Strategic Technologies in 2024: AI and Automation
Top 10 Strategic Technologies in 2024: AI and Automation
AutomationEdge Technologies14 vues
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院 par IttrainingIttraining
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
IttrainingIttraining34 vues
1st parposal presentation.pptx par i238212
1st parposal presentation.pptx1st parposal presentation.pptx
1st parposal presentation.pptx
i2382129 vues
Roadmap to Become Experts.pptx par dscwidyatamanew
Roadmap to Become Experts.pptxRoadmap to Become Experts.pptx
Roadmap to Become Experts.pptx
dscwidyatamanew11 vues
Empathic Computing: Delivering the Potential of the Metaverse par Mark Billinghurst
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst470 vues
Melek BEN MAHMOUD.pdf par MelekBenMahmoud
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdf
MelekBenMahmoud14 vues
PharoJS - Zürich Smalltalk Group Meetup November 2023 par Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi120 vues
The Research Portal of Catalonia: Growing more (information) & more (services) par CSUC - Consorci de Serveis Universitaris de Catalunya
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya73 vues
Java Platform Approach 1.0 - Picnic Meetup par Rick Ossendrijver
Java Platform Approach 1.0 - Picnic MeetupJava Platform Approach 1.0 - Picnic Meetup
Java Platform Approach 1.0 - Picnic Meetup
Rick Ossendrijver25 vues
Uni Systems for Power Platform.pptx par Uni Systems S.M.S.A.
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
Uni Systems S.M.S.A.50 vues
Web Dev - 1 PPT.pdf par gdsczhcet
Web Dev - 1 PPT.pdfWeb Dev - 1 PPT.pdf
Web Dev - 1 PPT.pdf
gdsczhcet55 vues
Lilypad @ Labweek, Istanbul, 2023.pdf par Ally339821
Lilypad @ Labweek, Istanbul, 2023.pdfLilypad @ Labweek, Istanbul, 2023.pdf
Lilypad @ Labweek, Istanbul, 2023.pdf
Ally3398219 vues
Spesifikasi Lengkap ASUS Vivobook Go 14 par Dot Semarang
Spesifikasi Lengkap ASUS Vivobook Go 14Spesifikasi Lengkap ASUS Vivobook Go 14
Spesifikasi Lengkap ASUS Vivobook Go 14
Dot Semarang35 vues
6g - REPORT.pdf par Liveplex
6g - REPORT.pdf6g - REPORT.pdf
6g - REPORT.pdf
Liveplex9 vues
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... par James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson33 vues
STPI OctaNE CoE Brochure.pdf par madhurjyapb
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdf
madhurjyapb12 vues

HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor

  • 1. Unrestricted © Siemens AG 2018 Jan Kiszka | Linaro Connect, March 19, 2018 Partitioning ARM Systems With the Jailhouse Hypervisor
  • 2. Unrestricted © Siemens AG 2017 Page 2 Corporate Technology About /me, about this project • Jan Kiszka <jan.kiszka@siemens.com> • Member of embedded Linux team at Siemens Corporate Technology • (In-house) consultant, architect, developer for OSS • Focus on kernel, real-time, virtualization, embedded build systems • Upstream contributor • https://github.com/siemens/jailhouse • Not a product of Siemens, rather an infrastructure component • Started as open source project by Siemens • Published for broader industrial usage and contributions
  • 3. Unrestricted © Siemens AG 2017 Page 3 Corporate Technology Agenda Introduction to Jailhouse hypervisor Current status on ARM Architectural insights Future directions Summary Discussion
  • 4. Unrestricted © Siemens AG 2017 Page 4 Corporate Technology Jailhouse: Static Partitioning for Multicore Systems • Focus on maintaining static partitions • No scheduling • 1:1 resource assignment • (Almost) no device emulation • Keep runtime code base minimal • Hard RT properties with minimal overhead • Enable / simplify safety certification Design Goals RTOS / Bare- Metal Hardware Linux Core 4Core 3Core 1 Core 2 Jailhouse Hypervisor Device A Device B Device C Device D Stahlkocher, CC BY-SA 3.0 2nd Linux
  • 5. Unrestricted © Siemens AG 2017 Page 5 Corporate Technology Boot Process of Jailhouse Power-On Boot Loader Typical Hypervisor Partition 1 OS Partition n OS Jailhouse Boot Loader Partition 2 OS Partition n OS Partition 2 OS Power-On Root LinuxLinux (Yet Another Boot Loader) ... ...
  • 6. Unrestricted © Siemens AG 2017 Page 6 Corporate Technology Management Interface via Linux linux # jailhouse enable system.cell linux # jailhouse cell create realtime.cell linux # jailhouse cell load my-cell rtos.bin linux # jailhouse cell start my-cell linux # jailhouse cell destroy my-cell linux # jailhouse cell linux linux.cell kernel -i initrd -d dtb linux # jailhouse disable
  • 7. Unrestricted © Siemens AG 2017 Page 7 Corporate Technology Modes of Operation – Trusting Linux? Linux Jailhouse Cell 1 Cell 2 Cell 3 Linux Jailhouse Cell 1 Cell 3 Cell 2 Open Model Safety Model • Linux (root cell) is in control • Cells not involved in management decisions • Sufficient if root cell is trusted • Linux controls, but... • Cells can be configured to vote over management decisions • Building block for safe operation
  • 8. Unrestricted © Siemens AG 2017 Page 8 Corporate Technology Jailhouse Status on ARM ARMv7 • Support for Banana-Pi, Orange-Pi, NVIDIA Jetson TK1, VExpress, emtrion emCON-RZ/G1x • Non-upstream: TI Sitara AM572x-EVM • GICv2 and v3 • SMMU on to-do list ARMv8 • Support for AMD Seattle, LeMaker HiKey, Xilinx ZynqMP, NVIDIA Jetson TX1, ESPRESSObin, NXP i.MX8MQ • Works inside QEMU (via virt machine and GICv3) It's small • Currently ~7k lines of code (ARMv8)
  • 9. Unrestricted © Siemens AG 2017 Page 9 Corporate Technology Architectural Overview Hypervisor Hardware Page MappingPage Allocator Virtual CPU IOMMU HW Access Filters IRQ Controller Arch. Specifics: Mapping, PCI, Life Cycle, ... Inter-Cell Communication PCI Access Life Cycle Management MMIO Access Debug Output VM, IRQ, Exception Entry UART Output Minimal libc Jailhouse Management Tool /sys/devices/jailhouse /dev/jailhouse Cell Image Cell Config Jailhouse Image Cell ConfigCell Image System Config Linux Kernel Jailhouse Driver Module
  • 10. Unrestricted © Siemens AG 2017 Page 10 Corporate Technology Sharing Devices under Jailhouse Jailhouse Guest B Hardware Core 1 Core 2 Storage Core 3 Core 4 LAN Guest A Shared Memory Device IRQ vETH ivshmem-net vETH ivshmem-net NFS etc. Open issue: ivshmem (v2.0) vs. vhost-pci (virtio)
  • 11. Unrestricted © Siemens AG 2017 Page 11 Corporate Technology Secure Boot with Jailhouse – Static Chain Boot Loader Partition n OS Partition 2 OS Power-On Full-featured Linux Minimal Linux (kernel + initrd with Jailhouse) ... Jailhouse • Simple model, feasible with all architectures • Prevents undesired hardware access of full-featured Linux • To-do: cell image validation by Jailhouse (if not part of initrd)
  • 12. Unrestricted © Siemens AG 2017 Page 12 Corporate Technology Ongoing Developments Generated demo & testing images • WiP at https://github.com/siemens/jailhouse-images • Currently generates Debian x86 image for QEMU/KVM • Allows easy exploration of Jailhouse “look & feel” • Planned next: ARM64 QEMU image • Then: reference board images Speculation barriers • Already well isolated in static setups • Further isolate cells inside the hypervisor → CPU-local memory views • Prototype exists for x86, to be extended to ARM now
  • 13. Unrestricted © Siemens AG 2017 Page 13 Corporate Technology Future Developments Configuration format • Binary format optimized for runtime usage → should remain • Source format currently C structure → should be improved • Device Tree? Also on x86? • Custom YAML description? Non-Linux root cells • Straightforward with many RTOSes • Catch: we need stable & versioned hypervisor boot interface Early partitioning • Create cells via boot loader or EFI helper • Cell reload / restart during runtime without root cell? Clock partitioning • Provide infrastructure to help with moderating clock access • Avoid clock driver reimplementations in hypervisor → firmware service?
  • 14. Unrestricted © Siemens AG 2017 Page 14 Corporate Technology Why Jailhouse? • Designed for real-time • Full CPU isolation • Minimal I/O latencies • Designed for safety & security • No emulation, no scheduling, minimal interfaces • Target code size: <10k LOC/arch (runtime even smaller) • Safety certification under preparation (waiting for safe hardware) • Designed as true Open Source • GPLv2, public for 4.5 years • Active community, including CPU vendors • Could eventually make into the kernel
  • 15. Page 15 Thank you! Jan Kiszka <jan.kiszka@siemens.com>