Intel at the OSTS (Open Source Technology Summit) conference taking place these days, several new experimental open projects. As part of the initiative work is underway to create a scalable and secure replacement for UEFI and BIOS firmware. The project is at the initial stage of development, but at this stage of development, the proposed prototype already has enough opportunities to organize the loading of the operating system kernel. The project is based on developments (an open UEFI implementation) and returns the changes to the upstream.
ModernFW aims to provide minimalistic firmware suitable for use on vertically integrated platforms such as servers for cloud systems. On such systems, there is no need to maintain in the firmware the backward compatibility code and components for universal use that are inherent in traditional UEFI firmware. Getting rid of redundant code reduces the number of possible vectors for attacks and errors, which has a positive effect on security and efficiency. In particular, work is underway to remove support for obsolete device types and functionality from the firmware that can be performed in the context of the operating system.
Only the necessary device drivers are left and minimal support for emulated and virtual devices is provided. Whenever possible, tasks that can be performed at the OS level are moved to the operating system level. Part of the code is shared between the firmware and the OS kernel. A modular and custom configuration is provided. Architecture support is currently limited to x86-64 systems, and only Linux is supported from the bootable OS (if necessary, support for other OSes can be implemented).
At the same time, Intel project , which attempted to create a component-based hypervisor
joint project , in which, in addition to Intel, Alibaba, Amazon, Google and Red Hat also participate. Rust-VMM is written in the Rust language and allows you to create task-specific hypervisors. The Cloud Hypervisor is one such hypervisor that provides a high-level virtual machine monitor (VMM) that runs on top of KVM and is optimized for cloud-native tasks. In the context of Intel's interests, Cloud Hypervisor's main goal is to run modern Linux distributions using paravirtualized virtio-based appliances.
Emulation support is minimized (the emphasis is on paravirtualization). Currently only x86_64 systems are supported, but AArch64 support is on the way. To get rid of unnecessary code and simplify the configuration of the CPU, memory, PCI and NVDIMM is done at the assembly stage. It is possible to migrate virtual machines between servers. Of the key tasks mentioned: high responsiveness, low memory consumption, high performance and reduction of possible vectors for attacks.
Source: opennet.ru