Re: Logical partition scenario and GFX sharing


Mikko Kovanen
 

Hi Geoffroy,

thanks for answering and confirming my assumption. You are correct, RT or FUSA is not required.
For security we are currently mainly focused on requirement that Android display data should be protected from other VMs, and at the same time the security related development, evaluation, maintenance, attestation and monitoring efforts should be kept reasonably low (i.e. the virtualized environment should not significantly increase the security scope). For that a logical partition scenario with GVT-g would have been pretty good match. Since that is not possible I guess the next options would be:

a. Integrating ACRN DM in Android
- Some development effort needed
- Only slight increase for security efforts since Android itself is already in security scope

b. Using as simple service VM as possible
- Significant increase for development effort since service VM would need to be self-made (e.g. from Yocto)
- Even with simple service VM the security scope would increase significantly because there likely is no way to exclude the service VM from security evaluation, maintenance, attestation and monitoring

Best regards,
Mikko


From: acrn-users@... <acrn-users@...> On Behalf Of Geoffroy Van Cutsem via lists.projectacrn.org
Sent: 8. lokakuutata 2020 17:33
To: acrn-users@...
Subject: Re: [acrn-users] Logical partition scenario and GFX sharing

Hi Mikko,

You are correct, resources cannot be shared between VMs in the logical partition scenario. It sounds from the brief description of your use-case that you do not need hard realtime or Functional Safety certification, is that correct?

One thing that may be possible, but I don't know if anyone has tried it yet is to run Android in a Docker container directly in the Service VM. See this page for more info on how to run Android in a Docker container: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F01.org%2Fprojectceladon%2Fdocumentation%2Fgetting-started%2Fon-container&data=02%7C01%7C%7Cf3cb452693e04d400e6f08d86b970f6a%7Cf89be375dd3f4314b40fdbdd01f05029%7C0%7C0%7C637377644732701761&sdata=IumOvztJpjgUapq4h0XZTvLqm%2BX1E0lv01%2B%2BbefNZfQ%3D&reserved=0

Would that help you keep the surface attack of your system reasonably contained?

Thanks,
Geoffroy

From: mailto:acrn-users@... <mailto:acrn-users@...> On Behalf Of Mikko Kovanen
Sent: Tuesday, October 6, 2020 3:19 PM
To: mailto:acrn-users@...
Subject: [acrn-users] Logical partition scenario and GFX sharing


  Hi,

  I'm pretty sure it is not possible but just in case I have missed something crucial, is it possible to use GFX sharing (for example with GVT-g) in logical partition scenario? The usage scenario we are investigating is such that it would have Android running on one user VM and Windows on another, both would need at least reasonable GFX performance, and it would be beneficial to not have a service VM to decrease security scope.


Best regards,
Mikko Kovanen

Senior Specialist, SW
Mobile: +358 40 779 7528
https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.aavamobile.com%2F&data=02%7C01%7C%7Cf3cb452693e04d400e6f08d86b970f6a%7Cf89be375dd3f4314b40fdbdd01f05029%7C0%7C0%7C637377644732701761&sdata=HIVUJGOloR9S6ma7TRiWDuouiJbfrQl5KXHdBembMEk%3D&reserved=0
 

 
Aava Mobile Oy
Nahkatehtaankatu 2  |   90130 Oulu, Finland

Join acrn-users@lists.projectacrn.org to automatically receive all group messages.