VMBoot concept
VMBoot presents a PoC of booting into TianoCore/EDK2 firmware with only Open Source Firmware, namely coreboot and Linuxboot/u-root, on the flash chip . It utilizes gokvm, a small Linux-KVM hypervisor written in pure Go, which is integrated into u-root as VMBoot and it's able to execute an EDK2 firmware image. For loading the firmware and basic setup of the virtual machine, the PVH Boot Protocol and HMV direct boot ABI are used.
Demo
Status gokvm
- gokvm
- gokvm is able to boot into EDK2/CloudHV for Cloud-Hypervisor until the EFI-Shell.
- device passthrough via VirtIO is limited to block devices and network
Status vmboot in u-root
- vmboot
- iterates over block devices and mounts partition with EDK2 image
- loads EDK2 image from mounted block device (only XFS file system)
- runs EDK2 in gokvm until EFI-Shell
- experimental state to show that it is possible to start a vm from u-root and execute EDK2 in the VM.
Prerequisites
Platform
- Platform CPUs must support AMD-V or Intel VT-x
- Platform is supported by coreboot
- coreboot+Linuxboot/u-root requires at least 10MiB free space to use on the flashchip
Linux kernel
- build with AMD-V or Intel-VT support
- must be build with KVM support
- reduce size by remove unused drivers and features
Platform support
| Vendor | Product name | coreboot support | Status |
|---|---|---|---|
| Supermicro | X11SCH-F | wip | WIP |
Example linux kernel configs
| Platform |
|---|
| Supermicro X11SCH-F |
Procedure
- build linux kernel with example config
- build u-root initrd with vmboot
- build coreboot for desired platform and use linux kernel and u-root initrd as payload
- flash coreboot image on device
- place EDK2/CloudHv image on block device attached to machine (XFS filesystem on block device required)
- boot machine and execute vmboot
Further work
- More platforms need to be testes.
- Extension and improvments of gokvm and vmboot is required
Blog posts
References:
- Interview with Ron Minich
- UEFI Spec 2.10
- ACPI Spec 6.5
- gokvm
- u-root
- u-root/vmboot
- coreboot
- HMV direct boot ABI
- HMV Structures
- PVH Boot Protocol
- Cloud Hypervisor
- EDK2/CloudHV
Funding
This project is funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet program. Learn more at the NLnet project page.
