2025-09-04 –, Room 1
Superfast boot is important for micro-VMs, and this is usually accomplished by booting the kernel directly from the VMM, rather than going through the usual firnware and bootloader. EFI is typically avoided in these cases, as it has a reputation for being slow and buggy on x86.
On arm64, the situation is a bit different: without firmware, the kernel is entered with MMU and caches disabled, which poses its own set of problems. And without EFI, accessing ACPI and SMBIOS tables is problematic as well.
This talk describes an alternative proposal for doing direct kernel boot on arm64 virtual machines: a minimal re-implementation of EFI in Rust, tightly coupled with QEMU to boot the guest in kernel in EFI mode with all caching and memory protections enabled from reset. I will explain why it is faster and more secure, and results in less maintenance overhead than the non-firmware case.
Working in the Google Open Source Security Team (GOSST), primarily on topics related to boot security and crypto