VMBoot presents a PoC of booting into TianoCore/EDK2 firmware with only Open Source Firmware, namely coreboot and Linuxboot/u-root, on the flash chip . It utilizes gokvm, a small Linux-KVM hypervisor written in pure Go, which is integrated into u-root as VMBoot and it's able to execute an EDK2 firmware image. For loading the firmware and basic setup of the virtual machine, the PVH Boot Protocol and HMV direct boot ABI are used.
- gokvm
- gokvm is able to boot into EDK2/CloudHV for Cloud-Hypervisor until the EFI-Shell.
- device passthrough via VirtIO is limited to block devices and network
- vmboot
- iterates over block devices and mounts partition with EDK2 image
- loads EDK2 image from mounted block device (only XFS file system)
- runs EDK2 in gokvm until EFI-Shell
- experimental state to show that it is possible to start a vm from u-root and execute EDK2 in the VM.
- Platform CPUs must support AMD-V or Intel VT-x
- Platform is supported by coreboot
- coreboot+Linuxboot/u-root requires at least 10MiB free space to use on the flashchip
- build with AMD-V or Intel-VT support
- must be build with KVM support
- reduce size by remove unused drivers and features
| Vendor | Product name | coreboot support | Status |
|---|---|---|---|
| Supermicro | X11SCH-F | wip | WIP |
| Platform |
|---|
| Supermicro X11SCH-F |
- build linux kernel with example config
- build u-root initrd with vmboot
- build coreboot for desired platform and use linux kernel and u-root initrd as payload
- flash coreboot image on device
- place EDK2/CloudHv image on block device attached to machine (XFS filesystem on block device required)
- boot machine and execute vmboot
- More platforms need to be testes.
- Extension and improvments of gokvm and vmboot is required
- Interview with Ron Minich
- UEFI Spec 2.10
- ACPI Spec 6.5
- gokvm
- u-root
- u-root/vmboot
- coreboot
- HMV direct boot ABI
- HMV Structures
- PVH Boot Protocol
- Cloud Hypervisor
- EDK2/CloudHV
This project is funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet program. Learn more at the NLnet project page.
