SlideShare a Scribd company logo

XPDDS18: Linux-based Device Model Stubdomains in Qubes OS - Marek Marczykowski-Górecki, Invisible Things Lab

The Linux Foundation
The Linux Foundation

One of the killer features of Xen is the ability to contain qemu in a minimal stubdomain. But even though qemu-upstream has been supported by Xen for a long time, stubdomains are compatible only with the ancient qemu-traditional. There were multiple approaches to this problem discussed over time (rumprun, Linux, ...), including some PoC patches. In this presentation I'll explain why we've chosen the Linux solution in Qubes OS and what challenges we faced to make it really work.

Technology
1 of 28
Download to read offline
A bit of history QEMU upstream Linux-based Device Model Stubdomains in Qubes OS Marek Marczykowski-G´orecki, Invisible Things Lab June 22, 2018 Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream A bit of history 1 Qubes 1.0 (2012) - PV domains only Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream A bit of history 1 Qubes 1.0 (2012) - PV domains only 2 Qubes 2.0 (2014) - initial HVM support, MiniOS based stubdomain for qemu-traditional (the only one at that time) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream A bit of history 1 Qubes 1.0 (2012) - PV domains only 2 Qubes 2.0 (2014) - initial HVM support, MiniOS based stubdomain for qemu-traditional (the only one at that time) 3 Qubes 4.0 (2018) - most PVHv2 domains, HVM with linux-based and qemu upstream stubdomains where needed Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream MiniOS based stubdomains in Qubes No qemu in dom0 (hard requirement) - patched libxl Display using qubes-gui-agent (port for qemu) DHCP server based on LWIP Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Why change? Hard to debug and develop Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Why change? Hard to debug and develop Lack of newer device support (audio, vbkd, . . . ) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Why change? Hard to debug and develop Lack of newer device support (audio, vbkd, . . . ) Hope to get better security support for currently maintained qemu (as we don’t consider PV bulletproof anymore) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Why change? Hard to debug and develop Lack of newer device support (audio, vbkd, . . . ) Hope to get better security support for currently maintained qemu (as we don’t consider PV bulletproof anymore) MiniOS build system gives a lot of headache. . . Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Why change? Hard to debug and develop Lack of newer device support (audio, vbkd, . . . ) Hope to get better security support for currently maintained qemu (as we don’t consider PV bulletproof anymore) MiniOS build system gives a lot of headache. . . Direct kernel boot for HVM Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream What we need? No qemu in dom0 PCI passthrough Custom GUI (instead of VNC/SDL) DHCP server (nice to have) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Which stubdomain? Rumprun, not progressing at that time, dead now Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Which stubdomain? Rumprun, not progressing at that time, dead now Linux, deployed by OpenXT (use OpenEmbedded, and v4v for communication) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Which stubdomain? Rumprun, not progressing at that time, dead now Linux, deployed by OpenXT (use OpenEmbedded, and v4v for communication) Linux, patches by Anthony Perard, later revived by Eric Shelton Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Stubdomain build blocks dracut-based build - use build host binaries (busybox, glibc etc) minimal Linux kernel (based on make tinyconfig) recent upstream QEMU build (2.10.1 as of today) udhcpd (busybox) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Pass qemu command line via xenstore (as for MiniOS) - putting qemu-xen variant there Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Pass qemu command line via xenstore (as for MiniOS) - putting qemu-xen variant there -append can contain spaces. . . , workaround: use x1b separator and set FS= x1b Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Pass qemu command line via xenstore (as for MiniOS) - putting qemu-xen variant there -append can contain spaces. . . , workaround: use x1b separator and set FS= x1b Different disk configuration: format=host device Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Pass qemu command line via xenstore (as for MiniOS) - putting qemu-xen variant there -append can contain spaces. . . , workaround: use x1b separator and set FS= x1b Different disk configuration: format=host device No direct access to QMP socket - pass selected commands via xenstore (as for MiniOS), then convert to QMP commands inside (a script) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Problems PCI passthrough related problems Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Problems PCI passthrough related problems RAM usage, CPU usage Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Problems PCI passthrough related problems RAM usage, CPU usage read-only disks (IDE vs AHCI vs SCSI), supported by Windows installer by default (right now we use mptsas1068) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Problems PCI passthrough related problems RAM usage, CPU usage read-only disks (IDE vs AHCI vs SCSI), supported by Windows installer by default (right now we use mptsas1068) no migration / save+restore without qemu in dom0 (only one console) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Next steps Cleanup libxl patches Xenconsoled support for secondary consoles, fix save/migration Better design for QMP access PVH stubdomain? Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Next steps Cleanup libxl patches Xenconsoled support for secondary consoles, fix save/migration Better design for QMP access, how fragile is libxl parsing QMP response? PVH stubdomain? Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Resources github.com/QubesOS/qubes-vmm-xen github.com/QubesOS/qubes-vmm-xen-stubdom-linux Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
A bit of history QEMU upstream Questions Questions? Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS

Recommended

XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARMXPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARMThe Linux Foundation
 
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...The Linux Foundation
 
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsXPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsThe Linux Foundation
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...The Linux Foundation
 
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...The Linux Foundation
 
XPDDS18: NVDIMM Overview - George Dunlap, Citrix
XPDDS18: NVDIMM Overview - George Dunlap, Citrix XPDDS18: NVDIMM Overview - George Dunlap, Citrix
XPDDS18: NVDIMM Overview - George Dunlap, Citrix The Linux Foundation
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorLinaro
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the LineThe Linux Foundation
 

Recommended

XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARMXPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM
XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARMThe Linux Foundation
 
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...The Linux Foundation
 
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsXPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsThe Linux Foundation
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...The Linux Foundation
 
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...The Linux Foundation
 
XPDDS18: NVDIMM Overview - George Dunlap, Citrix
XPDDS18: NVDIMM Overview - George Dunlap, Citrix XPDDS18: NVDIMM Overview - George Dunlap, Citrix
XPDDS18: NVDIMM Overview - George Dunlap, Citrix The Linux Foundation
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorLinaro
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the LineThe Linux Foundation
 
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...The Linux Foundation
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
 
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...The Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 
Unikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesUnikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesThe Linux Foundation
 
Virtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMVirtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMNelson Elhage
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
 
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...The Linux Foundation
 
Deploying Baremetal Instances with OpenStack
Deploying Baremetal Instances with OpenStackDeploying Baremetal Instances with OpenStack
Deploying Baremetal Instances with OpenStackEtsuji Nakai
 
Unikernelized Linux
Unikernelized LinuxUnikernelized Linux
Unikernelized LinuxLinuxCon ContainerCon CloudOpen China
 
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationIITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
 
Microservices in Unikernels
Microservices in UnikernelsMicroservices in Unikernels
Microservices in UnikernelsMadhuri Yechuri
 
XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.
XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.
XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.The Linux Foundation
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorThe Linux Foundation
 
Unikernels
UnikernelsUnikernels
Unikernelssally.de
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVMPradeep Kumar
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackBoden Russell
 
QEMU in Cross building
QEMU in Cross buildingQEMU in Cross building
QEMU in Cross buildingTetsuyuki Kobayashi
 

More Related Content

What's hot

LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...The Linux Foundation
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
 
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...The Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 
Unikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesUnikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesThe Linux Foundation
 
Virtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMVirtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMNelson Elhage
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
 
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...The Linux Foundation
 
Deploying Baremetal Instances with OpenStack
Deploying Baremetal Instances with OpenStackDeploying Baremetal Instances with OpenStack
Deploying Baremetal Instances with OpenStackEtsuji Nakai
 
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationIITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
 
Microservices in Unikernels
Microservices in UnikernelsMicroservices in Unikernels
Microservices in UnikernelsMadhuri Yechuri
 
XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.
XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.
XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.The Linux Foundation
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorThe Linux Foundation
 
Unikernels
UnikernelsUnikernels
Unikernelssally.de
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVMPradeep Kumar
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
 

What's hot (20)

LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernels
 
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
 
Unikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesUnikraft Landing Page Master Slides
Unikraft Landing Page Master Slides
 
Virtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVMVirtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVM
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
 
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...
 
Deploying Baremetal Instances with OpenStack
Deploying Baremetal Instances with OpenStackDeploying Baremetal Instances with OpenStack
Deploying Baremetal Instances with OpenStack
 
Unikernelized Linux
Unikernelized LinuxUnikernelized Linux
Unikernelized Linux
 
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationIITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
 
Microservices in Unikernels
Microservices in UnikernelsMicroservices in Unikernels
Microservices in Unikernels
 
XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.
XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.
XPDDS18: Real Time in XEN on ARM - Andrii Anisov, EPAM Systems Inc.
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for Innovation
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen Hypervisor
 
Unikernels
UnikernelsUnikernels
Unikernels
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
 

Similar to XPDDS18: Linux-based Device Model Stubdomains in Qubes OS - Marek Marczykowski-Górecki, Invisible Things Lab

KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackBoden Russell
 
Lightning talk unikernels
Lightning talk unikernelsLightning talk unikernels
Lightning talk unikernelsMichael Bright
 
Canonical ubuntu introduction_20170330
Canonical ubuntu introduction_20170330Canonical ubuntu introduction_20170330
Canonical ubuntu introduction_20170330Takaaki Suzuki
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 applicationRoman Rodomansky
 
Docker intro
Docker introDocker intro
Docker introOleg Z
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationC4Media
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Jérôme Petazzoni
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in LinuxSadegh Dorri N.
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Partner S.A.
 
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechMoby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechKiratech
 
Scale11x lxc talk
Scale11x lxc talkScale11x lxc talk
Scale11x lxc talkdotCloud
 
HLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemHLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemAymen EL Amri
 
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with UnikraftNETWAYS
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Henryk Konsek
 

Similar to XPDDS18: Linux-based Device Model Stubdomains in Qubes OS - Marek Marczykowski-Górecki, Invisible Things Lab (20)

KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
 
QEMU in Cross building
QEMU in Cross buildingQEMU in Cross building
QEMU in Cross building
 
Lightning talk unikernels
Lightning talk unikernelsLightning talk unikernels
Lightning talk unikernels
 
Canonical ubuntu introduction_20170330
Canonical ubuntu introduction_20170330Canonical ubuntu introduction_20170330
Canonical ubuntu introduction_20170330
 
Erlang on OSv
Erlang on OSvErlang on OSv
Erlang on OSv
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
 
Docker intro
Docker introDocker intro
Docker intro
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New Virtualization
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
 
Building For Mer
Building For MerBuilding For Mer
Building For Mer
 
Docker-v3.pdf
Docker-v3.pdfDocker-v3.pdf
Docker-v3.pdf
 
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechMoby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
 
App container rkt
App container rktApp container rkt
App container rkt
 
Scale11x lxc talk
Scale11x lxc talkScale11x lxc talk
Scale11x lxc talk
 
HLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemHLayer / Docker and its ecosystem
HLayer / Docker and its ecosystem
 
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
 

More from The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 

More from The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

XPDDS18: Linux-based Device Model Stubdomains in Qubes OS - Marek Marczykowski-Górecki, Invisible Things Lab

  • 1. A bit of history QEMU upstream Linux-based Device Model Stubdomains in Qubes OS Marek Marczykowski-G´orecki, Invisible Things Lab June 22, 2018 Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 2. A bit of history QEMU upstream A bit of history 1 Qubes 1.0 (2012) - PV domains only Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 3. A bit of history QEMU upstream A bit of history 1 Qubes 1.0 (2012) - PV domains only 2 Qubes 2.0 (2014) - initial HVM support, MiniOS based stubdomain for qemu-traditional (the only one at that time) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 4. A bit of history QEMU upstream A bit of history 1 Qubes 1.0 (2012) - PV domains only 2 Qubes 2.0 (2014) - initial HVM support, MiniOS based stubdomain for qemu-traditional (the only one at that time) 3 Qubes 4.0 (2018) - most PVHv2 domains, HVM with linux-based and qemu upstream stubdomains where needed Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 5. A bit of history QEMU upstream MiniOS based stubdomains in Qubes No qemu in dom0 (hard requirement) - patched libxl Display using qubes-gui-agent (port for qemu) DHCP server based on LWIP Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 6. A bit of history QEMU upstream Why change? Hard to debug and develop Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 7. A bit of history QEMU upstream Why change? Hard to debug and develop Lack of newer device support (audio, vbkd, . . . ) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 8. A bit of history QEMU upstream Why change? Hard to debug and develop Lack of newer device support (audio, vbkd, . . . ) Hope to get better security support for currently maintained qemu (as we don’t consider PV bulletproof anymore) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 9. A bit of history QEMU upstream Why change? Hard to debug and develop Lack of newer device support (audio, vbkd, . . . ) Hope to get better security support for currently maintained qemu (as we don’t consider PV bulletproof anymore) MiniOS build system gives a lot of headache. . . Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 10. A bit of history QEMU upstream Why change? Hard to debug and develop Lack of newer device support (audio, vbkd, . . . ) Hope to get better security support for currently maintained qemu (as we don’t consider PV bulletproof anymore) MiniOS build system gives a lot of headache. . . Direct kernel boot for HVM Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 11. A bit of history QEMU upstream What we need? No qemu in dom0 PCI passthrough Custom GUI (instead of VNC/SDL) DHCP server (nice to have) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 12. A bit of history QEMU upstream Which stubdomain? Rumprun, not progressing at that time, dead now Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 13. A bit of history QEMU upstream Which stubdomain? Rumprun, not progressing at that time, dead now Linux, deployed by OpenXT (use OpenEmbedded, and v4v for communication) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 14. A bit of history QEMU upstream Which stubdomain? Rumprun, not progressing at that time, dead now Linux, deployed by OpenXT (use OpenEmbedded, and v4v for communication) Linux, patches by Anthony Perard, later revived by Eric Shelton Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 15. A bit of history QEMU upstream Stubdomain build blocks dracut-based build - use build host binaries (busybox, glibc etc) minimal Linux kernel (based on make tinyconfig) recent upstream QEMU build (2.10.1 as of today) udhcpd (busybox) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 16. A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 17. A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Pass qemu command line via xenstore (as for MiniOS) - putting qemu-xen variant there Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 18. A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Pass qemu command line via xenstore (as for MiniOS) - putting qemu-xen variant there -append can contain spaces. . . , workaround: use x1b separator and set FS= x1b Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 19. A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Pass qemu command line via xenstore (as for MiniOS) - putting qemu-xen variant there -append can contain spaces. . . , workaround: use x1b separator and set FS= x1b Different disk configuration: format=host device Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 20. A bit of history QEMU upstream Make it work Load kernel + initramfs (can be bundled into one binary later, but simpler to develop when separate) Pass qemu command line via xenstore (as for MiniOS) - putting qemu-xen variant there -append can contain spaces. . . , workaround: use x1b separator and set FS= x1b Different disk configuration: format=host device No direct access to QMP socket - pass selected commands via xenstore (as for MiniOS), then convert to QMP commands inside (a script) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 21. A bit of history QEMU upstream Problems PCI passthrough related problems Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 22. A bit of history QEMU upstream Problems PCI passthrough related problems RAM usage, CPU usage Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 23. A bit of history QEMU upstream Problems PCI passthrough related problems RAM usage, CPU usage read-only disks (IDE vs AHCI vs SCSI), supported by Windows installer by default (right now we use mptsas1068) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 24. A bit of history QEMU upstream Problems PCI passthrough related problems RAM usage, CPU usage read-only disks (IDE vs AHCI vs SCSI), supported by Windows installer by default (right now we use mptsas1068) no migration / save+restore without qemu in dom0 (only one console) Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 25. A bit of history QEMU upstream Next steps Cleanup libxl patches Xenconsoled support for secondary consoles, fix save/migration Better design for QMP access PVH stubdomain? Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 26. A bit of history QEMU upstream Next steps Cleanup libxl patches Xenconsoled support for secondary consoles, fix save/migration Better design for QMP access, how fragile is libxl parsing QMP response? PVH stubdomain? Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 27. A bit of history QEMU upstream Resources github.com/QubesOS/qubes-vmm-xen github.com/QubesOS/qubes-vmm-xen-stubdom-linux Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS
  • 28. A bit of history QEMU upstream Questions Questions? Marek Marczykowski-G´orecki, Invisible Things Lab Linux-based Device Model Stubdomains in Qubes OS