Muen ISO demo?

[Lonnie Cumberland]

Hello All,

I am digging around and learning what I can about Muen before I plunge into the code more so I started to wonder if there was a Muen SK Demo ISO out there some where that I could download to just see it in action without having to compile up a bunch of things first?

I have an X86_64 system that is currently running Ubuntu 18.04 and may trying to locate some type of demo iso that I can boot up on real hardware instead of Bochs would be a nice thing to see in action.

Thanks,

Lonnie 

[Adrian-Ken Rueegsegger]

Hi,

On 7/16/19 7:40 PM, Lonnie Cumberland wrote:
> I am digging around and learning what I can about Muen before I plunge into
> the code more so I started to wonder if there was a Muen SK Demo ISO out
> there some where that I could download to just see it in action without
> having to compile up a bunch of things first?

Unfortunately, there is no generic ISO which can be run a common set of
hardware. The reason is, that a system based on Muen is compiled for a
specific hardware platform. One has to provide a hardware specification
for the target platform when building the system image. A few such
specifications are part of the Muen tree in directory policy/hardware. A
hardware specification can be generated by running the Mugenhwcfg tool
[1] in a Linux system on the target.

To get an overview of the build process please refer to the toolchain
document [2]. Figure 1 on page 9 provides a schematic illustration of
the different steps involved.

Regards,
Adrian

[1] - https://git.codelabs.ch/?p=muen/mugenhwcfg.git;a=summary
[2] - https://muen.sk/muen-toolchain.pdf

[Lonnie Cumberland]

Hi Adrian,

Thanks for responding to my post.

Actually, after posting that message, I decided to load up the Muen Docker Container so which seemed like the simplest way to ensure that everything was setup correctly. Then, I followed the directions on the Muen main page:

https://muen.sk/

to compile Muen and build with the hardware string that you had listed "hardware/lenovo-t440s.xml" to get the ISO just as a simple test case.  Also, I did run across the hardware flavors in the "policy/hardware" directory as I was curious where that was coming from in the:

$ make HARDWARE=hardware/lenovo-t440s.xml SYSTEM=xml/demo_system_vtd.xml iso

But did not test the first ISO which I might do with Bochs, just to see it run.

Next, I will use the tool that you mentioned "Mugenhwcfg" to see if I can generate a hardware file for my physical hardware and give that a shot next in the ISO building.

One side question that I just thought about and wanted to ask is this.  I have not yet dug into how you attach an OS to Muen during the ISO build, but started to wonder if you could attache 2 OS's and bring them up concurrently?

Since a Separation Kernel, if I understand completely runs the OS on a portion of the hardware that it is assigned, then by splitting up the hardware appropriately it would seem that you could run 2, or more, OS's concurrently on native hardware each with its own small portion of the whole system and the SK keeps things separate. Would this be accurate to say?

With a non-virtualizing Separation Kernel then I could see being able to do this until your hardware resource were deplete, where as with a virtualizing Separation Kernel you could also add many more OS's and context switch them in as in standard Type-1 hypervisors.  

Additionally, if Meun could be made to run at the EFI/UEFI level then it would be considered a Type-0 Hypervisor, if I have a clear picture of the whole thing.  With this in mind, then I could see Muen evolving into a "Type-0 Virtualizing Separation Kernel Hypervisor" of which I have really only found one instance on the Internet which is a commercial version that comes from Lynx Software called Lynx Secure.

Any thoughts on all of this?

Thanks again

Lonnie

--
You received this message because you are subscribed to the Google Groups "muen-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to muen-dev+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/muen-dev/5f39234f-caac-d4cb-28ae-d4a51846d5b8%40codelabs.ch.
For more options, visit https://groups.google.com/d/optout.

[Lonnie Cumberland]

Just one more dumb question.

I have been using the Muen Docker container, and have been looking around but cannot seem to find this "mugenhwcfg" tool.

Where is it located?

Thanks

Lonnie

[Lonnie Cumberland]

One more quick update.

I was able to locate the "mugenhwcfg" tool via some Googling 

https://git.codelabs.ch/?p=muen/mugenhwcfg.git

and went through the steps, but there seems to be a problem on my Ubuntu 18.04 (x86_64) system:

---------------------------------

/Muen/mugenhwcfg$ sudo ./mugenhwcfg.py
=== Mugenhwcfg Start ===
> Initialising...
Checking for PyXB binding file...
Bindings found at: /home/lonnie/Hypervisors/Muen/mugenhwcfg/generated/hardware_config.py
> Extracting data from system...
Binding module to be used: '/home/lonnie/Hypervisors/Muen/mugenhwcfg/generated/hardware_config.pyc'.
Generating dmesg output to: /home/lonnie/Hypervisors/Muen/mugenhwcfg/tmp/dmesg_tmp
> Decompiling MADT/APIC table
Input file /home/lonnie/Hypervisors/Muen/mugenhwcfg/tmp//0d2f94d3-0cb9-41a1-9a41-f02b8880482f.dat, Length 0x72 (114) bytes
ACPI: APIC 0x0000000000000000 000072 (v03 HPQOEM SLIC-CPC 01072009 AMI  00010013)
Acpi Data Table [APIC] decoded
Formatted output:  /home/lonnie/Hypervisors/Muen/mugenhwcfg/tmp//0d2f94d3-0cb9-41a1-9a41-f02b8880482f.dsl - 4602 bytes
> Parsing I/O APIC definitions
> Decompiling DMAR table
> Parsing IOMMU hardware unit definitions
> Parsing IOMMU RMRRs
Input file /home/lonnie/Hypervisors/Muen/mugenhwcfg/tmp//06f08f88-7a5d-4cf8-a2cb-7bfa3ebf806b, Length 0x53B3 (21427) bytes
> Decompiling FADT table
Input file /home/lonnie/Hypervisors/Muen/mugenhwcfg/tmp//2710d00b-90ba-4157-b32f-38dabf8b9581.dat, Length 0x10C (268) bytes
ACPI: FACP 0x0000000000000000 00010C (v05 HPQOEM SLIC-CPC 01072009 AMI  00010013)
Acpi Data Table [FACP] decoded
Formatted output:  /home/lonnie/Hypervisors/Muen/mugenhwcfg/tmp//2710d00b-90ba-4157-b32f-38dabf8b9581.dsl - 10150 bytes
> Creating element: processor
No ACPI file found at: '/sys/firmware/acpi/tables/DMAR';

** ERROR **: VMX timer rate could not be extracted from:
/dev/cpu/0/msr
/dev/msr0
Try 'modprobe msr' to load kernel module and try again.

Cleaning up...
> XML File could not be generated.
lonnie@spartan:~/Hypervisors/Muen/mugenhwcfg$

-----------------------------------

I also ran the "modprobe msr" to load everything as well as to check to see if it was loaded via "lsmod|grep msr"

as a their check, I changed to root an verified that my /dev/cpu/0-3 all had the "-msr" devices so I would have guessed that it should have been able to get the VMX timer rate.

Any ideas?

Thanks,

Lonnie

[Lonnie Cumberland]

Hi All,

Just a quick question as I may have missed something in my literature review, but does Muen run on AMD?  I currently have an AMD based system running Ubuntu 18.04 (x86_64) but wanted to verify if Muen would even run on the core hardware.

Thanks,

Lonnie

[Adrian-Ken Rueegsegger]

Hi Lonnie,

Sorry for not being more responsive. I will try to get around to
properly answering your emails.

On 7/18/19 2:15 PM, Lonnie Cumberland wrote:
> Just a quick question as I may have missed something in my literature
> review, but does Muen run on AMD? I currently have an AMD based system
> running Ubuntu 18.04 (x86_64) but wanted to verify if Muen would even run
> on the core hardware.

Also a quick reply: no, AMD is not supported. Muen uses Intel VT-x and
VT-d so the hardware must sport a relatively recent Intel CPU, meaning
Ivy Bridge or newer.

Regards,
Adrian

[Lonnie Cumberland]

Hi Adrian,

I see. Perhaps I will have to investigate getting a new Intel based system for this project.

Thanks,

Lonnie