lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 24 Sep 2018 14:55:59 +0200
From:   Jan Kiszka <jan.kiszka@...mens.com>
To:     Jailhouse <jailhouse-dev@...glegroups.com>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [ANNOUNCE] Jailhouse 0.10 released

O'zapft is, so better release before going to the Wiesn: We are happy to 
announce a new version of the partitioning hypervisor Jailhouse.

There is a similar amount of changes again, though some are more fundamental, 
namely the changes around per-cpu page tables: 174 commits, 248 files changed, 
4013 insertions, 8548 deletions. The code reduction is primarily related to the 
removal of the vexpress target from CI as well as internal code reuse in the 
Python tool extension.

- Removed targets:
    - VExpress (virtual ARMv7 target)
- Cross-arch changes:
    - use per-cpu page tables to hide private information of other cells
      while running in the hypervisor (AKA generic and fast Spectre/L1TF
      mitigation)
    - support for EFI framebuffer as UART alternative
    - removal of VGA support (substituted by EFI framebuffer)
    - provide pyjailhouse module, so far as internal Python API to
      Jailhouse functionality (will be extended step-wise to public API)
    - "jailhouse hardware check" no longer requires a system config
    - inmates: convert all build-time configurations into cell configs
      and runtime parameters (AKA comm region also for ARM)
    - plug race between guest-controlled relocation of intercepted MMIO
      regions and their access
    - fix split-up of hughpages a higher addresses
    - fix write to MSI-X registers during PCI device hand-over
- ARM / ARM64:
    - basic SMCCC moderation
    - fix GICv3 registers dispatching
    - support for more than 8 CPUs with GICv3
    - fix unreliable startup on ARM64 due to missing cache flush
    - fix for printk() of long long variables
    - proper GICv2 shutdown after setup error
    - inmates: save/restore registers in interrupt handlers
- x86:
    - harden non-present mappings against L1TF
    - CPU startup fix for slower targets
    - do no trap on writes to read-only APIC LVT bits
    - inmates: report SMI counter changes in apic-demo

You can download the new release from

     https://github.com/siemens/jailhouse/archive/v0.10.tar.gz

then follow the README.md for first steps on recommended evaluation
platforms and check the tutorial session from ELC-E 2016 [1][2]. To try
out Jailhouse in a virtual environment or on a few reference boards,
there is an image generator available [3]. It will soon be updated to
the new release as well. Drop us a note on the mailing list if you run
into trouble.

What's (probably) next? First of all, we are looking forward to a couple of 
IOMMU implementations for ARM64 targets. Still on my to-do list is enabling of 
the Ultra96 board that Xilinx kindly provided (primarily a jailhouse-images 
topic, but all preconditions are finally fulfilled). And the topic of inter-cell 
communication standardization is also not forgotten. The plan is now virtio over 
share memory transports, "just" needs a prototype and virtio spec extension 
proposals.

Thanks to all the contributors and supporters!

Jan

[1] 
https://events.linuxfoundation.org/sites/events/files/slides/ELCE2016-Jailhouse-Tutorial.pdf
[2] https://youtu.be/7fiJbwmhnRw?list=PLbzoR-pLrL6pRFP6SOywVJWdEHlmQE51q
[3] https://github.com/siemens/jailhouse-images

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ