EC H2020 dredbox: Seminar School at INSA Rennes

Size: px

Start display at page:

Download "EC H2020 dredbox: Seminar School at INSA Rennes"

Lester Lester
5 years ago
Views:

1 EC H2020 dredbox: Seminar School at INSA Rennes Pierre LUCAS

2 Open Part 1: Open Company Overview 2 OpenOpen Confidential & Proprietary Proprietary

3 Internships offers Embedded software Engineer (x2) C skills ARM architecture Linux: bash FPGA Developer (x2) VHDL, C Linux: bash Automotive ization C skills ARM architecture Linux: bash Experience with AGL 3 Open Confidential & Proprietary

4 Open Part 2: Data-Centers Disaggregation in dredbox 4 OpenOpen Confidential & Proprietary Proprietary

5 H2020 dredbox project description dredbox (disaggregated recursive data-center in a box) Project duration: January December 2018 Total Cost: EUR Objective: To innovate the datacentres architecture, shifting from monolithic clusters of machines to disaggregated pool of components The dredbox proposition has the ambition to lead to significantly improved levels of utilization, scalability, reliability and power efficiency, both in conventional cloud and edge datacentres. 5 Open Confidential & Proprietary

6 Towards Data-Centers disaggregation (1/2) Current data-centers design Physical servers compound of CPUs, memory, accelerators, storage Impose fixed resources assignment ratio Low resources utilisation Energy waste (unused HW still powered on) Higher price 6 Open Confidential & Proprietary

assignment High resources utilisation Energy optimization (Power off

7 Towards data-centers disaggregation (2/2) Disaggregated data-centers design Memory and accelerators separate from CPU brick Flexible resources assignment High resources utilisation Energy optimization (Power off unused resources) Lower TCO (Total Cost of Ownership) 7 Open Confidential & Proprietary

QEMU uses HVA and exposes it as GPA (Hotplug in guest) Physical RAM Local only for the hypervisor QEMU process (VMs) uses remote memory only

8 ization: Memory disaggregation Host with minimal local RAM (hypervisor, services) Memory for a guest obtained from a disaggregated pool Guest VM uses disaggregated resources exclusively QEMU is a virtualizer for the guest and each QEMU/VM is just a process for hypervisor. QEMU uses HVA and exposes it as GPA (Hotplug in guest) Physical RAM Local only for the hypervisor QEMU process (VMs) uses remote memory only How to balance it to limit physical reconfiguration? Memory Ballooning 8 Open Confidential & Proprietary More remote memory attached on demand by orchestrator

pages Reserved pages are reported to the hypervisor may be reused When ballon is empty, it is

9 ization: Memory Ballooning Guest is launched with specific RAM size Ballon driver operates within the guest RAM capability Inflate reserving VM s pages (make them unusable) Deflate releasing pages Reserved pages are reported to the hypervisor may be reused When ballon is empty, it is possible to hotplug new memory to the guest and pass it to the ballon. 9 Open Confidential & Proprietary

Secure Computing Bricks: Multi-OSs consolidation on

temporal isolation through TrustZone Non-secure

applications ization features (KVM) remain intact

Secure RTOS (monitoring, secure gateway, etc) TEE

or overcommitment of hardware resources Linux KVM

10 Secure Computing Bricks: Multi-OSs consolidation on ARMv8 Secure world Normal world Provide spatial and temporal isolation through TrustZone Non-secure Machines Support legacy RTOS for monitoring applications ization features (KVM) remain intact for the GPOS Secure Machine 1 Secure Machine 2 Secure RTOS (monitoring, secure gateway, etc) TEE (Secure services) Flexibility for static allocation or overcommitment of hardware resources Linux KVM VOSYSmonitor 10 CPU1 CPU2 CPU3 ARMv8-A hardware Open Confidential & Proprietary CPU4

11 Secure Computing bricks: VM deployment Disagregated Memory Computing Node 1 CPU 1 Linux Linux Secure RTOS VOSYSmonitor VOSYSmonitor CPU 3 CPU 4 Linux Shared memory area CPU 2 VOSYSmonitor Linux VOSYSmonitor Computing Node 2 CPU 1 Secure RTOS Linux VOSYSmonitor VOSYSmonitor CPU 3 CPU 4 VOSYSmonitor 11 CPU 2 Linux Linux IP Stack communication Linux TEE VOSYSmonitor Open Confidential & Proprietary CPU disaggregation Secure computing brick: Possibility to deploy secure execution environments to remote cores through a proper communication link between computation bricks.

12 Open Part 3: ARMv8 Architecture Introduction 12 OpenOpen Confidential & Proprietary Proprietary

13 ARM Architecture evolution Cortex-A15, Cortex-A9... Cortex-A72, Cortex-A57, Cortex-A53 13 Open Confidential & Proprietary

14 ARMv8-A overall description Architecture profiles: A application / R real-time / M - microcontroller ARMv8-A - AARCH64 Execution state: 31 General Purpose (GP) registers 64-bit GP registers X0-X30 (32 bit access W0-W30) No banking of GP register Stack pointer (SP) is a specific register (one per Exception Level) Program counter is not a GP registers Support for Floating Point and Advanced SMID (32 registers 128-bits) PSTATE register (e.g., ALU flags, exception masks ) System register access MRS x2, sp_el3 14 OpenOpen Confidential & Proprietary Proprietary

15 ARMv8-A instruction set mov x16, #0x10 => Write a value in a register ldr x4, [x21] => Read the memory space pointed by x21 and put the value in x4. str x5, [x11] => Write in the memory space pointed by x11 the value contained in X5. cmp x0, #0x20 => Compare the value contained in X0 with 0x20 beq _label => If it is equal, branch to _label bl function => Branch to a function by linking lsl x18, x4, #2 => Shift the value contained in x4 by 2 and put the result in x18 and x6, x2, x4 => Do a logical and operation between x2 and x4 and put the result in x6 orr 15 x0, x1, x2 => Do a logical orr operation between x1 and x2 and put the result in x0 Open Confidential & Proprietary

ARMv8-A exception level ARM ization extensions address the needs of Normal world to run concurrently another OS (e.g Linux) without devices for the partitioning and impacting the secure OS.

16 ARMv8-A exception level ARM ization extensions address the needs of Normal world to run concurrently another OS (e.g Linux) without devices for the partitioning and impacting the secure OS. management of complex software environments into Secure world is virtual machines. completely isolated (memory, devices, etc) from the Normal world by ARM TrustZone security extensions. Since TrustZone is implemented in hardware, it reduces the security vulnerabilities. The secure world could be used to run a secure OS to provide secure services to the OS running in the Monitor layer is the highest priority level which Normal world. provides a bridge between each world to allow some interactions. Exception level changing through specific instructions SMC, SVC, HVC, ERET 16 OpenOpen Confidential & Proprietary Proprietary

ARMv8-A features: ARM TrustZone TrustZone

, Normal world / Secure world) Secure monitor

switching between worlds Secure world Normal

Shared memory Rich OS Safety/Secure OS Secure

peripherals Secure HW resources and peripherals

own MMU allowing the isolation of Secure and

Cache has tag bits to discern content cached by

Security information is propagated on AXI/AHB

17 ARMv8-A features: ARM TrustZone TrustZone splits core into two compartments (e.g., Normal world / Secure world) Secure monitor firmware (EL3) is needed to support context switching between worlds Secure world Normal world Rich OS applications Secure applications Shared memory Rich OS Safety/Secure OS Secure monitor firmware Normal HW resources and peripherals Secure HW resources and peripherals Hardware 17 Each compartment has access to its own MMU allowing the isolation of Secure and Normal translation tables. Cache has tag bits to discern content cached by either secure or normal world. Security information is propagated on AXI/AHB bus Memory/Peripheral can also be made secured Provide security interrupts OpenOpen Confidential & Proprietary Proprietary

ARMv8-A features: virtualization extension ARMv8-A architecture includes

(LPAE) to support the efficient implementation of vitual machine

Full virtualization capacity to run an OS in a virtual machine without

Hypervisor (EL2) Combination of hardware features to minimize the need

18 ARMv8-A features: virtualization extension ARMv8-A architecture includes hardware virtualization extension and Large Physical Address Extension (LPAE) to support the efficient implementation of vitual machine hypervisors: Machines Dedicated exception level (EL2) for hypervisor. Full virtualization capacity to run an OS in a virtual machine without any modification. Hypervisor (EL2) Combination of hardware features to minimize the need of hypervisor intervention. Some hypervisors compliant with the ARM architecture Linux-KVM XEN 18 OpenOpen Confidential & Proprietary Proprietary

19 ARMv8-A features: Memory Management ARM core MMU Page TLBs tables Caches MMU handles translation of virtual addresses to physical addresses. The address translation is performed through the TLB or a table walk. Memory *Translation Look-aside Buffers address AARCH64 supports up to 48-bits of Address All ELs have independent MMU configuration The page table supports different translation granules Each page table requires different attributes TTBR1 Kernel space Not Mapped (MMU fault) Access permissions (Read/Write - User/Privileged modes) Memory types (Caching/Buffering rules, Shareable, etc) 19 OpenOpen Confidential & Proprietary Proprietary TTBR0 User space

20 ARMv8-A features: Cache memory Cache Memory way 0 Index 0 Main Memory 0x00 Index 1 0xDEADBEFF 0x04 0xDEB0CAD0 Index 2 0x08 0xBABA0000 Index 3 0x0C 0xFEFEFEFE 0x10 0x x14 0x x18 0xDADAD1D1 Cache Memory way 1 Index 0 Index 1 Index 2 Index 3 Cortex - A53 20 L1 cache Instruction and data separated. Instruction 2 ways / Data 4 ways Size 8KB to 64KB - Cache line length 64 bytes L1 cache access => ~1 cycle OpenOpen Confidential & Proprietary Proprietary L2 cache 16-way set associative Size 128KB to 2MB Cache line length 64 bytes L2 cache access => ~10 cycles

21 ARMv8-A features: Interrupt management External sources ARM processors include two types of interrupts: Fast Interrupt (FIQ) is the highest priority. Some banked registers are allocated to the FIQ handler. FIQ could be used for secure applications. Interrupt Controller Interrupt Distributor CPU Interface General Interrupt Request (IRQ) IRQ FIQ CPU 0 CPU Interface IRQ FIQ CPU 1 ARM provides a Generic Interrupt Controller (GIC) which supports routing of software generated, private and shared peripheral interrupts between cores. It is composed by: Distributor: All interrupt sources are connected. It controls the type of the interrupt, priority, state, core targeted through the CPU interface. CPU interface: Through this a core receives an interrupt. The CPU interface provides abilities to mask, identify and control the state of interrupts. 21 OpenOpen Confidential & Proprietary Proprietary

22 ARMv8-A Vector Table (cntd) ARMv8 vector table 0x780 0x700 0x680 0x600 0x580 0x500 0x480 0x400 0x380 0x300 0x280 0x200 0x180 0x100 0x080 0x Serror / vserror FIQ / vfiq Lower EL using Exception generated during an AARCH32 IRQ / virq AARCH32 is routed to a higher Synchronous Serror / vserror Lower EL using Exception generated during an FIQ / vfiq AARCH64 AARCH64 is routed to a higher IRQ / virq Synchronous EL EL EL EL Serror / vserror FIQ / vfiq Current EL with Exception directly caught in the SPx current EL with SP_ELx IRQ / virq Synchronous Serror / vserror Current EL with Exception directly caught in the FIQ / vfiq SP0 current EL with SP_EL0 IRQ / virq Synchronous OpenOpen Confidential & Proprietary Proprietary

23 ARMv8-A Vector Table 0x780 Serror / vserror 0x700 FIQ / vfiq 0x680 IRQ / virq 0x600 0x580 Synchronous Serror / vserror 0x500 FIQ / vfiq 0x480 0x400 IRQ / virq Synchronous 0x380 0x300 Serror / vserror FIQ / vfiq 0x280 IRQ / virq 0x200 0x180 Synchronous 0x100 0x080 0x Serror / vserror FIQ / vfiq IRQ / virq Synchronous Lower EL using AARCH32 Separate vector tables for each exception level. Define the location in VBAR_ELn register. Synchronous exception Aborts from MMU Lower EL using AARCH64 SP & PC alignment fault Undefined instruction Service calls: SVC, SMC, HVC Current EL with SPx Serror => Asynchronous data abort (ex: abort triggered by writeback of dirty cache line) Information registers for exceptions: ESR_ELx => Include info about the reasons Current EL with SP0 FAR_Elx => Hold the faulting address ELR_Elx => Hold the instruction address which caused the data abort. OpenOpen Confidential & Proprietary Proprietary

24 Practical application: ARMv8 Initiation 24 Open Confidential & Proprietary

25 Open Part 4: Introduction to ization Concepts 25 OpenOpen Confidential & Proprietary Proprietary

AArch64 Virtualization

AArch64 Virtualization Connect AArch64 User Virtualization Guide Version Version 0.11.0 Page 1 of 13 Revision Information The following revisions have been made to this User Guide. Date Issue Confidentiality Change 03 March