Assessment of Seoul (Current in NRE)

[lonnietc]

Hello Nils,

I have been testing a bit with the

boot/vmmng

in which I have spawned a few instances of TinyCore being a few instances of the Seoul VMM.

I must say, that it handles the network activity very well and is really not too bad.

Originally, I had thought about, as some of my next steps forward, to possible swap out the Seoul (vancouver - old name) VMM and try to port in possibly QEMU, TinyEMU, or Bhyve so I have been researching this all morning to get a feel for the challenges involved.

Of the 3 mentioned, I had been leaning towards QEMU as it is not most powerful of them all and has the most features, but I also fear that it would be the most challenging to port over to NOVA + NRE as well.

Then it occurred to me that maybe it might be an option to just try to work with the existing Seoul VMM to see if it can be expanded upon to add more features and maybe even eventually support GPU's and PCI-Passthrough as well as other modern features.

Actually, one thing that might be useful to get added to Seoul would be Frame Buffering for graphics and maybe even some SDL libraries as an initial idea, too.

Could I ask for your assessment of Seoul and your opinion as to if it is worth the effort to continue in that direction or would the time be better spent going toward a QEMU port?

Any information or suggestions that you could provide would be greatly appreciated. Thanks Lonnie

[Nils-TUD]

That's hard to answer. I don't know QEMU well enough to judge how difficult a port to NRE would be.

However, since you want to build upon NOVA+NRE I guess you care about a small trusted computing base, so that I would lean towards trying to extend Seoul instead of switching to QEMU as the latter would add millions of lines of code to your TCB. On the other hand, I also don't know how hard it is to extend Seoul until your demands are met.

[lonnietc]

Thanks for giving it a shot as it is a very hard question for me as well since I think that there are benefits to both directions, like you mentioned.

Having a small TCB is extremely important which Seoul offers, but also is to have stability and industry proven which is what QEMU offers.

I will keep looking on these to try to decide ones I get to that part very soon. Cheers and have a great weekend

[lonnietc]

Hi Nils,

Just re-read the thesis " Improving System Security Through TCB Reduction" (Bernhard Kauer March 31, 2015).

To be honest, I am now thinking re-questioning the idea as to which VMM is is best to use. It seems that of all that I researched, that the Bhyve VMM which supports both 32-bit and 64-bit guests and comes in at about 500 KB in size could be a good direction, it also seems that there is some great merit to the idea of possibly extending Seoul which was improved from Vancouver that this thesis was based upon and in which you and Alexander B. made significant improvements.

Just maybe considering what it might take to extend Seoul to be able to run 64-bit guests also and trying to come up with some USB services might just be a good pathway to strongly consider as well.

Cheers and have a great day.

[Nils-TUD]

Sure, both are valid options, but I don't know what's better/easier either.