pqwy
commented
8 years ago A simple unikernel generating keys works on xen, ukvm, virtio and unix, under 4.02.3 and 4.03.0.
Closed pqwy closed 8 years ago
pqwy
commented
8 years ago A simple unikernel generating keys works on xen, ukvm, virtio and unix, under 4.02.3 and 4.03.0.
This is my take on how to support multiple backends.
There are two reasons for splitting the lib into
-xenand-solo5specific ones, neatly conflated. One is that the stubs need different compilation options for the two backends. This is easily solved through existing_linkoptsmechanisms. I'd argue that it also should be solved through these, because a separate library name is not an appropriate container for a C compilation flavor that is completely invisible on the OCaml level.The second reason is trickier, in that entropy hooks into the event loop. This is provided by the
OSmodule of all backends in a uniform way. The problem is that linking to that module as exposed by any one library fixes the compiled code to that library.The second part can be solved by shimming over (the common part) of
OS, exposing only thecmito the client, and sealing the deal by using-opaquecompilation to prevent any information not in thesigfrom leaking out. The shim passively redirects to the right implementation, as long as mirage exposes this information.The benefits of this are:
miragetool needs to know less about us.nocrypto, does not need to know anything about target-specificity here. This is a completely private detail.unixflavor, so entropy can now be used wherever.I welcome testing, particularly on solo. And obviously, this hinges on the mirage PR.