2018-09-12 –, Security
The idea for this talk born from fascination about the philosophy behind QubesOS, OpenXT and ViryaOS. The underlying technology for those OSes is Xen. Xen is a well-known project under the Linux Foundation umbrella, but what is most interesting in it from open source firmware perspective are high-end virtualization features
like:
- DMA protection
- PCI pass-through
- Interrupt remapping
- SR-IOV
- TPM and vTPM
- others
With automotive market hypervisors slowly move into embedded space, what means underlying firmware will have to expose right infrastructure to provide initial configuration and security.
Most features have to be configured and exposed in a well-defined way by firmware. IOMMU is the system component that some of the mentioned features rely on.
As maintainers of PC Engines apuX platforms, we decided to work on AMD IOMMU enabling to create right infrastructure for hypervisors and operating systems.
In this presentation we want to:
* explain features of AMD IOMMU
* present recommended methods of AMD IOMMU enabling
* demonstrate current status of our work
* discuss future user needs and implementation plans
Piotr Król is Founder and Embedded Systems Consultant at 3mdeb - licensed provider of coreboot consulting services. He received M. Sc. in Computer Systems Networking and Telecommunication from Gdańsk University of Technology. Piotr worked as Storage Controllers Validation Engineer and BIOS Software Engineer in Intel Technology Poland for over 7 years. After leaving Intel he
created his own consulting business focused on Embedded Firmware (coreboot, UEFI/EDK2/BIOS, trainings and security) and Embedded Linux (Yocto, Linux Device Drivers, Qt/C++/Go/Python applications) . He is passionate about building firmware that enables advanced hardware features and follows best security practices. His team maintains PC Engines platforms in coreboot and actively
work on and contribute to Open Source Firmware. Feel free to contact Piotr if you have any questions about related topic.