Im trying to implement a hypercall in Xen kernel that would perform cryptographic operation inside Xen hypervisor.
Xen source code doesn't contain libraries for Crypto, how should I go about implementing my hypercall? In particular, what are the "kernel-based" crypto libraries I can use to compile into Xen and use for my hypercall?
In XEN, most of the drivers are implemented using the domain 0.
You can use it to implement your cryptographic operations in a virtio driver and have all Linux cryptographic kernel libraries at hand.
Related
I am using the libvirt/QEMU/KVM stack to run some VMs on an Ubuntu 20.04 host. I am using the virsh CLI tool for VM management. I'd like to allow multiple VMs to access the same device (FPGA) over PCIE. It seems that libvirt doesn't allow this, and when I attach the PCIE device to multiple VMs and try to power more than one on, I get the following error.
error: Failed to start domain ubuntu-guest-2
error: Requested operation is not valid: PCI device 0000:05:00.0 is in use by driver QEMU, domain ubuntu-guest-1
This kinda makes sense to me, as there shouldn't be conflicting data sent over the PCIE bus. But nonetheless, does anyone know a workaround to make this happen?
There are a number of techniques to share a device across VMs. All of them require either device-specific software support in the VMM, hardware in the device to support sharing (SR-IOV), or both (Scalable IOV).
For a custom FPGA design, you would need to provide this.
SR-IOV is part of the PCIe specification, so there may be libraries available that you could incorporate into your FPGA design.
I wish I could connect to virtual machines started with QEMU.
Then I should extract the information about the registers (EIP, EBP, etc.)
In XEN for this, there is the function get_vcpu_context, also there are other functions through which you can connect to each virtual machine separately.
Is there any such support for QEMU, and where can I find QEMU hypercalls documentation?
You have a couple of options:
you can connect to the QEMU gdbstub and use the GDB remote protocol to query CPU state. This is probably the most reliable method.
you can connect to the QEMU monitor and use the "info registers" command. Note that the output format of this might change between QEMU releases, though (it is intended for human consumption, not other programs), so it will be less reliable long-term than using GDB remote protocol.
Can boringssl work on ARMv8 bare metal platform? I tried build boringssl with aarch64-elf-gcc, but it refused to build.
If it does, any porting guide or suggestions?
Probably not out of the box. But you should probably not even try using it, mainly because, according to Google itself, it is not intended for general use.
This is never good to be on your own when using a library, more specifically a cryptographic one. This is usually synonym for no bug fixes, no support, no user forums among other things.
You could rather consider a library that was designed for this purpose, such as mbedtls (formerly known as PolarSSL).
It is being used on a wide range of systems, from bare-metal systems (FreeRTOS) to Linux (The Hiawhata web server does use it for example).
Update: Even if support for Armv8-a hardware crypto extensions is needed, you could still reuse BoringSSL Armv8-a optimized routines (ISC license) or the Cavium armv8_crypto library (BSD license), to replace mbedtls (Apache 2.0 lisense) equivalent routines: cryptographic functions usually have clean and small interfaces.
From my experience, this may still be faster than porting a library targeting a general purpose operating system if your target is a bare-metal one, but you ultimately have to evaluate the costs for both options in your specific case.
My guess would be that there is far less work involved for adding support for Armv8-a crypto extensions to mbedtls using already existing, supported code under the proper license, than attempting to strip-down openssl or boringssl for use on a bare-metal target.
There is a very good piece of documentation explaining how to add support for hardware-accelerated crypto to mbedtls here, this may help you evaluating your options.
I am looking forward to implement some file operations on a USB device which will be plugged into a microcontroller-based bench-top device. The device does not have any OS/RTOS and only runs on a firmware code that I plan to develop.
The firmware will have all the necessary functionalities (UART, timer, SPI, I2C, external memory controller etc) that an embedded device usually has.
My questions are:
Can the libusb library be incorporated into the firmware that I plan to develop?
Does the libusb work in non-operating system based environment? Or will I have to choose an OS that I can port onto the microcontroller and then use the libusb library in user space?
libusb is currently only supported on Linux, OS X, Windows, Windows CE, Android, and OpenBSD/NetBSD. So yes, it does require an underlying OS. Unless your microcontroller is an ARM that can run Linux, it would not be possible to run libusb without porting the low-level code to your microcontroller hardware and making it work without an OS which would be a huge amount of work.
If you have a microcontroller with USB capability, it is very likely the manufacturer already has a library to access the USB functionality, and/or there are third-party libraries available.
tweaking usb plug behavior on linux embedded platform and was just curious to know how the hotplug functionality is "exported" out of kernel.
I did see a kernel CONFIG feature for hotplug and just wondering where all are the hooks for hotplug from the core usb driver.