Releases: RIKEN-RCCS/MilvusVisor
MilvusVisor v1.4.1
Changes from version 1.4.0
- Add
embed_kernel
- Embed
hyeprvisor_kernel
intoBOOTAA64.EFI
- Embed
- Add Xilinx UART dirver
- Fix debug build warnings
- Fix PanicInfo::messge
- Improve naked functions
- Stabilize the
hypervisor_bootloader
crate- Remove all unstable features
MilvusVisor v1.4.0
Changes from version 1.3.1
- Stabilize the
common
crate- Remove all unstable features from
common
- Remove all unstable features from
- Improve function calls and function arguments
- These are internal updates
- Add
builder.rs
- This replaces the
Makefile
- This replaces the
- Rework memory access handler
- The handler becomes able to access
data
which was registered at the handler initialisation
- The handler becomes able to access
- Add virtio device interface
- You can now implement virtio devices
- Support Raspberry Pi 5
MilvusVisor v1.3.1
Changes from version 1.3.0
Resolve #10
This version allows you to run MilvusVisor hypervisor with SMP on raspberry pi 4 B !
MilvusVisor v1.3.0
Changes from version 1.2.0
- Add support of Raspberry Pi 4 B
- SMP support is Experimental
- Boot from U-Boot
- Improve multi core support
MilvusVisor v1.2.0
Changes from version 1.1.0
- Add workspace(Contributed by @garasubo)
- Add support of FX1000(Feature Name:
a64fx
)
a64fx
is not the default feature.
Therefore when you want to use MilvusVisor on FX1000, use make custom_all FEATURES=default,tftp,...
.
MilvusVisor v1.1.0
Changes from version 1.0.0
- Added PXE Boot Support(Feature Name:
tftp
)
tftp
is not the default feature.
Therefore when you want to use PXE boot, use make custom_all FEATURES=default,tftp,...
.
MilvusVisor v1.0.0
Changes from version 0.4.0
- SMMU: Dedicating stage 2 translation only for sharing SMMU with guest OS
- Linked-List Style Memory Allocator
- Bug fixes
Functions in version 1.0.0
(Since this is the first major version release, all features in this version are described on this release note.)
You can build with enabling some functions by make custom_all FEATURES=feature1,feautre2,...
.(featureN
is described like Feature Name: feature_name
in each section.)
-
Protecting non-volatile data in devices from guest OS
-
Intel I210 (Feature Name:
i210
)- Protect EEPROM from writing access
-
Mellanox Technologies MT27800 (Feature Name:
mt27800
)- Protect from firmware update
-
-
Protecting MilvusVisor itself against DMA attack (Feature Name:
smmu
)- Using SMMUv3 Stage 2 translation to protect from DMA attack
- Stage 1 translation is available from guest OS
-
Fast restore: Fast restoring the guest environments without reboot the machine (Feature Name:
fast_restore
)- Taking a snapshot just before the first boot of the guest OS
- Restoring it on rebooting/shutting down the guest OS
-
Protecting ACPI Tables from write accesses (Feature Name:
acpi_table_protection
)- For the Fast Restore
-
Linked-List Style Memory Allocator (Feature Name:
advanced_memory_manager
) -
Contiguous Bit (Feature Name:
contiguous_bit
)- Set contiguous bit enabled if available (TLB will be optimized by the contiguous bit)
- Some machine may noe work fine with the contiguous bit
-
A64FX specific registers' initialization (Feature Name:
a64fx
)- Initialize some a64fx specific registers during boot
Supported toolchain
- GNU Make 4.3
- cargo 1.65.0-nightly (4fd148c47 2022-08-03)
- rustc 1.65.0-nightly (34a6cae28 2022-08-09)
MilvusVisor uses some unstable feature gates, therefore it may become not able to compile with later version of rustc.
Supported Devices
- FX700
- Supported features: all
- QEMU
- Supported features: i210, fast_restore, acpi_table_protection, advanced_memory_manager, contiguous_bit
- GIGABYTE E252-P30
- Supported features: smmu, advanced_memory_manager, contiguous_bit
MilvusVisor v0.4.0
新機能
- Mellanox MT27800のファームウェアアップデートからの保護
- 高速リストア
- ゲストOSが電源オフや再起動しようとすると、それをトラップし最初の起動時の状態に巻き戻し再起動させる
- ACPI Tableの書換からの保護
- 高速リストア実装による
- 個別の機能のON/OFFを行いビルド
make custom_all FEATURES=(カンマ区切りで機能名)
でビルド可能
動作確認
- FUJITSU FX700 (Linux起動可能済, 新機能動作確認)
- GIGABYTE E252-P30 (Linux起動可能済)
MilvusVisor v0.3.0
新機能
-
SMMUv3への対応及びDMA Attackからの保護
SMMUv3を発見したら、CPUのStage2 Page Tableのアドレスを設定したSTEを作成し、そのエントリをクローンしたもので構成されたテーブルをSMMUに適用することでHypervisor領域への書き込みを行えないようにしています。 -
SMMUのMMIO領域の保護
SMMUのMMIO領域をフックし、書き込みしようとした場合はその命令をキャンセルすることでSMMUの設定変更を不能にしています。 -
ACPIのIORTエントリの隠蔽
SMMUのMMIOアドレスなどの情報を提供するACPIのIORTというテーブルが存在するメモリ領域へのアクセスをフックし常に0を返すことでOSからはテーブルが存在しないように しています。
動作確認
- FX700(Linux起動可能・DMA Attackからの保護確認済)
MilvusVisor v0.2.0
新機能
- ページングの効率化
- コードの整理
- Stage1/2の処理の分離
- Block Entryの使用
- Contiguous Bitの使用
- Stage2におけるRead/Write特定のアクセス方法のみでのトラップを追加
- PCIバス走査機能追加
- メモリトラップハンドラー機構追加
- i210ハンドラーの追加
- BARアドレスの追跡
- EEPROM Data Registerへの書き込み禁止
- iNVM Registersへの書き込み禁止
- Flash Burst Control Registerへの書き込み禁止
- Flash Burst Data Write Registerへの書き込み禁止
- Expansion ROMへの書き込み禁止
動作確認
FX700(Linux起動可能)