Re: Logical partition scenario and GFX sharing

Home Messages Hashtags Subgroups

#769

Re: Logical partition scenario and GFX sharing

Mikko Kovanen #769 Hi Geoffrey, thanks for getting back. I have added my comments in-line. Best regards, Mikko toggle quoted messageShow quoted text -----Original Message----- From: acrn-users@... <acrn-users@...> On Behalf Of Geoffroy Van Cutsem via lists.projectacrn.org Sent: 10. lokakuutata 2020 2:38 To: acrn-users@... Subject: Re: [acrn-users] Logical partition scenario and GFX sharing Hi Mikko, Thanks for confirming these points (both about RT and FuSa). I have added a few comments in-line below. Cheers, Geoffroy -----Original Message----- From: acrn-users@... <acrn-users@...> On Behalf Of Mikko Kovanen Sent: Friday, October 9, 2020 7:32 AM To: acrn-users@... Subject: Re: [acrn-users] Logical partition scenario and GFX sharing Hi Geoffroy, thanks for answering and confirming my assumption. You are correct, RT or FUSA is not required. For security we are currently mainly focused on requirement that Android display data should be protected from other VMs, and at the same time the security related development, evaluation, maintenance, attestation and monitoring efforts should be kept reasonably low (i.e. the virtualized environment should not significantly increase the security scope). For that a logical partition scenario with GVT-g would have been pretty good match. I agree, this sounded like the most promising option. Do you need much graphics performance for your Windows VM? If we can find a way to have the Windows VM display output transferred (over a network? Shared memory?) to the Android VM and let it manage it, would that help you? (Note that I'm kind of thinking aloud here so far 😊) It is indeed possible that for most use cases the graphics performance is not critical, one concern however is that Windows 10 itself might not work smoothly enough. To achieve this kind of setup the UEFI GOP framebuffer might be sufficient to allow Windows to run (I did a quick test by disabling the GFX device from device manager in our Apollolake based Windows 10 tablet, which as far as I understand should revert Windows 10 into using framebuffer provided by GOP driver, and it was still usable). Some data also suggests that Windows could run entirely headless with RDP. Virtualization with decreased cores and memory will of course degrade the performance further for this setup, so more investigation regarding the performance is needed. Unfortunately I haven't yet been able to get GVT-g working with ACRN in our devices to get through the Windows installation process, so first I need to perform the Windows installation with some other method (GVT-d, different host machine, QEMU-KVM...), and then check the performance with the pre-installed image for RDP without any GFX adapter and for VNC with UEFI GOP GFX. Since that is not possible I guess the next options would be: a. Integrating ACRN DM in Android - Some development effort needed - Only slight increase for security efforts since Android itself is already in security scope I am not aware that this has ever been done. But China is on holiday at the moment, where many ACRN developers are located. They'll be back next week and perhaps can tell if anyone ever tried this. Most probable candidate for Android in our case would be Celadon and there the kernel appears to have at least some ACRN stuff integrated, though so far I have only taken a quick glimpse at i915 driver sources (based on my limited experience the i915 driver can be quite difficult when it comes to cherry-picking changes between different kernel versions). b. Using as simple service VM as possible - Significant increase for development effort since service VM would need to be self-made (e.g. from Yocto) Are you aware of "meta-acrn" [https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith ub.com%2Fintel%2Fmeta- acrn%2F&data=02%7C01%7C%7Ccd63baec916c4f985e7808d86cac5b98% 7Cf89be375dd3f4314b40fdbdd01f05029%7C0%7C0%7C637378834822198569& amp;sdata=GXnjTwvVnbG5sNyrX5oRPm0Mxi3XczUVAnKedH8QiPo%3D&am p;reserved=0]? It provides a layer with recipes for building a Service VM OS for ACRN (as well as a Linux Guest OS, but you don't need this part). It's a pretty basic OS at this stage so unless you really need to trim it down, this may be a very good starting point and save you quite some effort. - Even with simple service VM the security scope would increase significantly because there likely is no way to exclude the service VM from security evaluation, maintenance, attestation and monitoring Best regards, Mikko From: acrn-users@... <acrn-users@...> On Behalf Of Geoffroy Van Cutsem via lists.projectacrn.org Sent: 8. lokakuutata 2020 17:33 To: acrn-users@... Subject: Re: [acrn-users] Logical partition scenario and GFX sharing Hi Mikko, You are correct, resources cannot be shared between VMs in the logical partition scenario. It sounds from the brief description of your use-case that you do not need hard realtime or Functional Safety certification, is that correct? One thing that may be possible, but I don't know if anyone has tried it yet is to run Android in a Docker container directly in the Service VM. See this page for more info on how to run Android in a Docker container: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F01.o r g%2Fprojectceladon%2Fdocumentation%2Fgetting-started%2Fon- container&data=02%7C01%7C%7Cf3cb452693e04d400e6f08d86b970f6a%7Cf8 9be375dd3f4314b40fdbdd01f05029%7C0%7C0%7C637377644732701761&sdat a=IumOvztJpjgUapq4h0XZTvLqm%2BX1E0lv01%2B%2BbefNZfQ%3D&reserve d=0 Would that help you keep the surface attack of your system reasonably contained? Thanks, Geoffroy From: mailto:acrn-users@... <mailto:acrn- users@...> On Behalf Of Mikko Kovanen Sent: Tuesday, October 6, 2020 3:19 PM To: mailto:acrn-users@... Subject: [acrn-users] Logical partition scenario and GFX sharing Hi, I'm pretty sure it is not possible but just in case I have missed something crucial, is it possible to use GFX sharing (for example with GVT-g) in logical partition scenario? The usage scenario we are investigating is such that it would have Android running on one user VM and Windows on another, both would need at least reasonable GFX performance, and it would be beneficial to not have a service VM to decrease security scope. Best regards, Mikko Kovanen Senior Specialist, SW Mobile: +358 40 779 7528 https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. aavamobile.com%2F&data=02%7C01%7C%7Cf3cb452693e04d400e6f08d86b9 70f6a%7Cf89be375dd3f4314b40fdbdd01f05029%7C0%7C0%7C6373776447327 01761&sdata=HIVUJGOloR9S6ma7TRiWDuouiJbfrQl5KXHdBembMEk%3D&re served=0 Aava Mobile Oy Nahkatehtaankatu 2 \| 90130 Oulu, Finland
More All Messages By This Member

View All 5 Messages In Topic

#769

Join acrn-users@lists.projectacrn.org to automatically receive all group messages.

Home Hashtags Subgroups Terms