Re: Logical partition scenario and GFX sharing


Geoffroy Van Cutsem
 

Hi Mikko,

Thanks for confirming these points (both about RT and FuSa).

I have added a few comments in-line below.

Cheers,
Geoffroy

-----Original Message-----
From: acrn-users@... <acrn-users@...>
On Behalf Of Mikko Kovanen
Sent: Friday, October 9, 2020 7:32 AM
To: acrn-users@...
Subject: Re: [acrn-users] Logical partition scenario and GFX sharing


Hi Geoffroy,

thanks for answering and confirming my assumption. You are correct, RT or
FUSA is not required.
For security we are currently mainly focused on requirement that Android
display data should be protected from other VMs, and at the same time the
security related development, evaluation, maintenance, attestation and
monitoring efforts should be kept reasonably low (i.e. the virtualized
environment should not significantly increase the security scope). For that a
logical partition scenario with GVT-g would have been pretty good match.
I agree, this sounded like the most promising option. Do you need much graphics performance for your Windows VM? If we can find a way to have the Windows VM display output transferred (over a network? Shared memory?) to the Android VM and let it manage it, would that help you? (Note that I'm kind of thinking aloud here so far 😊)

Since that is not possible I guess the next options would be:

a. Integrating ACRN DM in Android
- Some development effort needed
- Only slight increase for security efforts since Android itself is already in
security scope
I am not aware that this has ever been done. But China is on holiday at the moment, where many ACRN developers are located. They'll be back next week and perhaps can tell if anyone ever tried this.

b. Using as simple service VM as possible
- Significant increase for development effort since service VM would need to
be self-made (e.g. from Yocto)
Are you aware of "meta-acrn" [https://github.com/intel/meta-acrn/]? It provides a layer with recipes for building a Service VM OS for ACRN (as well as a Linux Guest OS, but you don't need this part). It's a pretty basic OS at this stage so unless you really need to trim it down, this may be a very good starting point and save you quite some effort.

- Even with simple service VM the security scope would increase significantly
because there likely is no way to exclude the service VM from security
evaluation, maintenance, attestation and monitoring

Best regards,
Mikko


From: acrn-users@... <acrn-users@...>
On Behalf Of Geoffroy Van Cutsem via lists.projectacrn.org
Sent: 8. lokakuutata 2020 17:33
To: acrn-users@...
Subject: Re: [acrn-users] Logical partition scenario and GFX sharing

Hi Mikko,

You are correct, resources cannot be shared between VMs in the logical
partition scenario. It sounds from the brief description of your use-case that
you do not need hard realtime or Functional Safety certification, is that
correct?

One thing that may be possible, but I don't know if anyone has tried it yet is
to run Android in a Docker container directly in the Service VM. See this page
for more info on how to run Android in a Docker container:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F01.or
g%2Fprojectceladon%2Fdocumentation%2Fgetting-started%2Fon-
container&data=02%7C01%7C%7Cf3cb452693e04d400e6f08d86b970f6a%7Cf8
9be375dd3f4314b40fdbdd01f05029%7C0%7C0%7C637377644732701761&sdat
a=IumOvztJpjgUapq4h0XZTvLqm%2BX1E0lv01%2B%2BbefNZfQ%3D&reserve
d=0

Would that help you keep the surface attack of your system reasonably
contained?

Thanks,
Geoffroy

From: mailto:acrn-users@... <mailto:acrn-
users@...> On Behalf Of Mikko Kovanen
Sent: Tuesday, October 6, 2020 3:19 PM
To: mailto:acrn-users@...
Subject: [acrn-users] Logical partition scenario and GFX sharing


  Hi,

  I'm pretty sure it is not possible but just in case I have missed something
crucial, is it possible to use GFX sharing (for example with GVT-g) in logical
partition scenario? The usage scenario we are investigating is such that it
would have Android running on one user VM and Windows on another, both
would need at least reasonable GFX performance, and it would be beneficial
to not have a service VM to decrease security scope.


Best regards,
Mikko Kovanen

Senior Specialist, SW
Mobile: +358 40 779 7528
https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.
aavamobile.com%2F&data=02%7C01%7C%7Cf3cb452693e04d400e6f08d86b9
70f6a%7Cf89be375dd3f4314b40fdbdd01f05029%7C0%7C0%7C6373776447327
01761&sdata=HIVUJGOloR9S6ma7TRiWDuouiJbfrQl5KXHdBembMEk%3D&re
served=0



Aava Mobile Oy
Nahkatehtaankatu 2  |   90130 Oulu, Finland





Join acrn-users@lists.projectacrn.org to automatically receive all group messages.