ACRN vMeet-Up Europe 2021 - summary of Q&A

Geoffroy Van Cutsem

Hi folks,

Thank you again to all those who participated to our ACRN vMeet-Up Europe 2021 last week!

* The slides have been posted on the ACRN SlideShare channel here:
* The session recordings are all available on ACRN YouTube channel (2021 ACRN EU vMeetup playlist):

There were also a number of questions asked during these 2 days, we have captured those below with their answers (as some were not fully answered during the event):

Q1: ACRN hypervisor model and Minimal Linux OS host requirements.
A: ACRN is similar to Xen, a type-1 (hybrid) hypervisor and runs baremetal. Minimum System Requirements for Installing ACRN' in
Q2: Has there been any measurement taken to see if there is any difference between a pre-launched and post-launched RTVM?
A: We did not do apple-apple comparison of pre vs. post-launched RTVM performance yet. In theory, pre-launched User VM RT performance should be better, since all resource are passed-through to User VM directly. But that may also depend based on workload.
Q3: Does ACRN support Trusted Platform Module (TPM) passthrough? Or any hardware security module (HSM) passthrough support?
A: Yes. TPM passthru is supported.
Q4: What is the total lines of code in the hypervisor as it pertains to certification? And is there a plan to certify to SIL4 in the future ?
A: For ACRN FuSa certification, the initial target is the "partition mode", that's around ~12K code. There are no plans for SIL4 yet.
Q5: What CPUs support CAT (Cache Allocation Technology) ?
A: Check CPUID to determine.
Q6: Could ACRN support multiple RTVMs?
A: It is possible to run multiple RTVMs, provided that enough care and attention has been put in the scenario definition and resource allocation. It has been done in the lab without changing the ACRN source code. We re-used UUIDs from standard post-launched VM to launch these additional RTVMs.
Q7: If you rely on HW-mechanisms to Control the Independence: how do you Diagnose the healthy condition of HW during runtime?
A: HW diagnosis are to be defined at system level and can be deployed to the safety VM. Examples include periodic online diagnosis that checks the result of certain instruction sequences and values in HW error registers.

Q1: Is ACRN also targeting datacenter use-cases? I can see this being a good fit, especially where security and isolation (e.g. testing) are paramount. Its efficient use of resources is also attractive.
A: Yes, we are also exploring ACRN usage in datacenter, especially for security and safety purpose. ACRN support on Xeon is also in roadmap.
Q2: Could ACRN support 'pass-through PCI bridge to virtual machine and enable device sharing/SRIOV in virtual machine' (i.e. have the PF and VF within the User VM).
A: current design is pass-through PCI bridge PF to the Service VM (SOS), and the Service VM manages the VFs, passing them through to individual virtual machines. So only the Service VM can manage physical device functions, e.g., MMIO, not in all VMs. But if there are special usage, we can see how to extend such support to dedicated VM.
Q3: Does Kata Containers support other hypervisor beyond ACRN?
A: Yes, Kata Containers supports various virtual machine managers (VMMs): QEMU, cloud-hypervisor, firecracker and ACRN.
Q4: How about 'memory configuration' mechanism in ACRN for pre and post-launched VMs. Can you give an example with a total of 8G of RAM memory.
A: Except memory reserved for pre-launched User VMs (say 1G), the rest of the memory is all (8G-1G- some for the hypervisor itself) for the Service VM. Post-launched VMs will get memory allocated by the Service VM, e.g., 3G for Windows, 1G for an RTVM. But you can change that to whatever you want, just make sure there is some left for the Service VM, then do config modification. We will also improve memory auto-detection and assignment in the ACRN Configuration Tools and documents.
Q5: For pre-launched User VMs, when and how are passthrough devices handled in the boot sequence?
A: For each VM, there are typical VM create() and launch VM() process, the initialization of passthru devices happens in VM create(). For pre-launched VM, it is done before the Service VM is launched.
Q6: Is debugging ACRN hypervisor on QEMU using gdb?
A: ACRN doesn't support gdb. There is a trade-off to be made because we want to keep the total lines of code (LOC) as low as possible. We recommend using a serial port for debugging ACRN.
Q7: Could nested KVM VM over ACRN share memory with ACRN Device Model (acrn-dm) based VM for inter-VM communication?
A: No, L2 VM launched by QEMU/KVM could only share memory with same L2 VMs.
Q8: How could one VM generate MSI/interrupt to another virtual VM.
A: Ivshmem Device BAR is exposed to VM1, user application only need to write '0Ch register' to trigger VM-exit, and hypervisor will emulate interrupt to VM2.
Q9: How about the performance of inter-VM communication with Ivshmem
A: Basically Ivshmem is based on memory write/read, so it is very quick/efficient. But user level performance would be impacted by the application to be scheduled by VM OS.
Q10: Do we support ivshmem network device ?
A: It is possible to do it but it is not implemented in ACRN yet. We have plans with it though.
Q11: Is there any plan to include documentation on how to use SBL(Slim bootloader) with ACRN? Currently I can see some documentation regarding this under 'meta-acrn'
A: there are a couple of (outdated) documents available to start from:
These need to updated though, the ACRN doc was removed after 2.1 since we started using Ubuntu instead of Clearlinux and much of the instructions would have had to be updated (including the wrapper script that we provide for convenience). The SBL documentation site has a number of guides for various platforms, some also supported by ACRN:


Senior Technical Marketing Engineer
IAGS - System Software Products
Tel: +32 (0)3 450 0851

Intel Corporation NV/SA
Kings Square, Veldkant 31
2550 Kontich
RPM (Bruxelles) 0415.497.718.
Citibank, Brussels, account 570/1031255/09