Microsoft tau tshaj tawm qhov qhib qhov txheej txheem rau paravirtualization ntawm OpenHCL thiab lub tshuab virtual saib OpenVMM, tsim tshwj xeeb rau kev teeb tsa kev ua haujlwm ntawm OpenHCL. OpenVMM thiab OpenHCL code yog sau rau hauv Rust thiab muab faib raws li MIT daim ntawv tso cai. OpenVMM yog hais txog qib thib ob hypervisors uas ua haujlwm hauv tib lub nplhaib kev ruaj ntseg nrog lub operating system kernel, zoo ib yam li cov khoom xws li VirtualBox thiab VMware Workstation. Nws txhawb nqa kev ua haujlwm saum toj kawg nkaus ntawm lub tshuab ua haujlwm raws li Linux (x86_64), Windows (x86_64, Aarch64) thiab macOS (x86_64, Aarch64), siv KVM, SHV (Microsoft Hypervisor), WHP (Windows Hypervisor Platform) thiab Hypervisor virtualization APIs muab. los ntawm OS cov ntaub ntawv.
Ntawm cov yam ntxwv txhawb hauv OpenVMM:
- Khau raj hauv UEFI thiab BIOS hom, ncaj qha khau raj ntawm Linux ntsiav;
- Kev txhawb nqa Paravirtualization raws li Virtio tsav tsheb (virtio-fs, virtio-9p, virtio-net, virtio-pmem)
- VMBus-based paravirtualization txhawb nqa (storvsp, netvsp, vpci, framebuffer);
- Emulation ntawm vTPM, NVMe, UART, i440BX + PIIX4 chipset, IDE HDD, PCI thiab VGA;
- Backends rau kev xa tawm cov duab, cov khoom siv nkag, consoles, cia thiab nkag mus rau hauv lub network;
- Kev tswj hwm ntawm kab hais kom ua interface, sib tham sib console, gRPC thiab ttrpc.
OpenHCL yog positioned raws li ib puag ncig nrog paravirtualization Cheebtsam (paravisor) khiav saum OpenVMM hypervisor. Ib qho tseem ceeb ntawm cov tshuab virtualization raws li OpenVMM thiab OpenHCL yog tias cov khoom siv rau paravirtualization raug tua tsis yog nyob rau hauv lub party system, tab sis nyob rau hauv tib lub tshuab virtual nrog cov qhua system. Kev rho tawm ntawm cov txheej txheem paravirtualization los ntawm cov qhua ua haujlwm tau lees paub los ntawm qib ob-theem hypervisor OpenVMM. Thaum siv li no, OpenHCL tuaj yeem suav tau tias yog virtual firmware khiav ntawm qib siab dua li qhov kev ua haujlwm khiav hauv cov qhua ib puag ncig.
Kev sib cais ntawm cov qhua tuaj noj mov thiab OpenHCL cov khoom siv yog ua los ntawm kev siv lub tswv yim ntawm virtual kev ntseeg siab (VTL, Virtual Trust Level), rau kev siv uas ob qho tib si software mechanisms thiab hardware technologies yuav siv tau, xws li Intel TDX (Trust Domain Extensions. ), AMD SEV-SNP (Kev Ruaj Ntseg Encrypted Virtualization-Secure Nested Paging) thiab ARM CCA (Confidential Compute Architecture). Txhawm rau khiav OpenHCL cov Cheebtsam, ib qho kev tsim tawm ntawm Linux ntsiav yog siv, uas suav nrog tsuas yog cov khoom qis qis uas xav tau los khiav OpenVMM.
OpenHCL tuaj yeem khiav ntawm x86-64 thiab ARM64 platforms, thiab txhawb Intel TDX, AMD SEV-SNP thiab ARM CCA txuas ntxiv rau kev sib cais ntxiv. OpenHCL suav nrog cov kev pabcuam, tsav tsheb thiab cov emulators siv los npaj kev nkag mus rau cov khoom siv, xyuas kom cov haujlwm ntawm cov khoom siv virtual ntawm cov qhua tuaj noj mov thiab ua raws li cov khoom siv kho vajtse (piv txwv li, ib lub nti rau khaws cov yuam sij cryptographic - vTPM) tuaj yeem ua raws.
Yuav kom txhais tau tias nkag mus rau cov khoom siv kho vajtse ntawm sab ntawm lub kaw lus qhua, cov tsav tsheb paravirtualization uas twb muaj lawm raug siv, lossis cov khoom siv tuaj yeem khi ncaj qha rau lub tshuab virtual, uas tso cai rau cov kab ke qhua uas twb muaj lawm kom raug tsiv mus rau ib puag ncig OpenHCL yam tsis muaj kev hloov kho. OpenHCL kuj suav nrog cov khoom kuaj mob thiab kev debugging. cov tshuab virtual, ua tiav los ntawm kev siv cov extensions kom ntseeg tau tias muaj kev suav lej zais cia.
Tsis zoo li qhov project qhib uas twb muaj lawm COCONUT-SVSM (Secure VM Service Module), uas muab cov kev pabcuam thiab cov khoom siv emulated rau cov qhua khiav hauv kev zais cia cov tshuab virtual (CVM, Confidential Virtual Machine), OpenHCL tso cai rau kev siv cov interfaces txheem hauv cov qhua systems, thaum COCONUT-SVSM xav tau kev teeb tsa ntawm kev sib cuam tshuam tshwj xeeb nrog SVSM, ua kev hloov pauv rau cov qhua system thiab siv cov tsav tsheb sib cais.
Ntawm cov ntawv thov ntawm OpenHCL paravisor, cov xwm txheej zoo li kev hloov pauv ntawm cov tshuab uas twb muaj lawm los siv Azure Boost hardware accelerators yam tsis tas yuav hloov pauv rau cov qhua system disk duab tau hais; Khiav cov qhua uas twb muaj lawm hauv cov tshuab virtual uas muab kev suav tsis pub lwm tus paub (piv txwv li, raws li Intel TDX thiab AMD SEV-SNP); Lub koom haum ntawm kev txheeb xyuas khau raj ntawm cov tshuab virtual siv UEFI Secure Boot thiab vTPM hom.
Nws tau raug sau tseg tias OpenVMM qhov project yog tsom rau kev siv nrog OpenHCL thiab tseem tsis tau npaj txhij rau kev siv ib leeg ntawm tus tswv tsev rau kev siv ntau lawm los ntawm cov neeg siv kawg. Ntawm cov teeb meem ntawm OpenVMM uas txwv tsis pub nws siv nyob rau hauv host ib puag ncig hauv cov ntsiab lus ib txwm muaj, sab nraud ntawm OpenHCL, cov hauv qab no tau hais txog: cov ntaub ntawv tsis zoo ntawm kev tswj xyuas interface; tsis muaj kev txhim kho kom zoo ntawm backend kev ua tau zoo rau kev cia, network thiab cov duab; tsis muaj kev txhawb nqa rau qee tus tsav tsheb (piv txwv li, IDE drives thiab PS/2 nas); tsis muaj kev lees paub ntawm API stability thiab kev ua haujlwm. Tib lub sijhawm, kev sib koom ua ke ntawm OpenVMM thiab OpenHCL twb tau mus txog theem kev lag luam thiab tau siv los ntawm Microsoft hauv Azure platform (Azure Boost SKU) los txhawb kev ua haujlwm ntawm ntau dua 1.5 lab lub tshuab virtual.
Tau qhov twg los: opennet.ru
