Re: A question on ACRN Design
Chen, Jason CJ
If I understand your point correctly, you actually want to build a logic partitioned scenario which ensure each guest is isolated w/ its partitioned HW resource?
From my P.O.V, the idea is great 😊, and ACRN actually supports such scenario. But the coming questions are:
I may not be able to list all, my point here is that under current situation, ACRN can only claim to support pass-thru devices with limitations. So you may setup your scenario based on logical partition, but with a few known limitations.
Thanks & Best Regards,
IAGS -> SSE -> Intel ACRN Hypervisor Team
From: acrn-users@... <acrn-users@...> On Behalf Of Lonnie Cumberland
Sent: Saturday, January 16, 2021 6:54 AM
Subject: [acrn-users] A question on ACRN Design
Although I am still very new to ACRN and various development efforts, I often wondered about this question as it relates to ACRN and other Type-1 Hypervisors as well.
ACRN, like XEN, uses the approach of having a Dom0 for device drivers and main control services and has DomU for the user VM's
So then, here is what I am wondering.
Why is this design used when it seems to me that there should not be a single Dom0 for the drivers and such that if one crashes hard then there is the possibility that it can crash other critical drivers and code that is currently running?
Would it not be better to have each system driver in its own Dom0 that is running independently from the other drivers such that if a crash, or malicious attack, occurs then only that driver fails while the rest of the system is protected. Full OS's do not have to be run in these driver Dom0 instances as I was thinking along the lines of Unikernels for each driver.
It seems like there could be many ways to set this up and it appears to be safer to me, but I have wondered why this approach has not been used?
Just a Noob learning here so please forgive me if there is something blatantly obvious that I just do not see.