00mjk / muen Goto Github PK
View Code? Open in Web Editor NEWThis project forked from codelabs-ch/muen
Official mirror of the Muen Separation Kernel repository
License: Other
This project forked from codelabs-ch/muen
Official mirror of the Muen Separation Kernel repository
License: Other
The Muen Separation Kernel ========================== Muen is an Open Source separation kernel (SK) for the Intel x86/64 architecture that has been formally proven to contain no runtime errors at the source code level. It is developed in Switzerland by https://www.codelabs.ch[codelabs GmbH]. Muen was designed specifically to meet the challenging requirements of high-assurance systems on the Intel x86/64 platform. To ensure Muen is suitable for highly critical systems and advanced national security platforms, codelabs closely cooperates with the high-security specialist secunet Security Networks AG in Germany. image::example.svg[Example Architecture, width=70%, align="center"] A separation kernel is a specialized microkernel that provides an execution environment for components that exclusively communicate according to a given security policy and are otherwise strictly isolated from each other. The covert channel problem, largely ignored by other platforms, is addressed explicitly by these kernels. SKs are generally more static and smaller than dynamic microkernels, which minimizes the possibility of kernel failure, enables the application of formal verification techniques and the mitigation of covert channels. Muen uses Intel's hardware-assisted virtualization technology VT-x as core mechanism to separate components. The kernel executes in VMX root mode, while user components, so called 'subjects', run in VMX non-root mode. Hardware passthrough is realized using Intel's VT-d DMA and interrupt remapping technology. This enables the secure assignment of PCI devices to subjects. NOTE: Muen is under active development and verification of kernel properties is ongoing. Features -------- Kernel ~~~~~~ The following list outlines the most-prominent features of the Muen kernel: * Minimal SK for the Intel x86/64 architecture written in SPARK 2014 * Full availability of source code and documentation * Proof of absence of runtime errors * Multicore support * Nested paging (EPT) and memory typing (PAT) * Fixed cyclic scheduling using Intel VMX preemption timer * Static assignment of resources according to system policy * PCI device passthrough using Intel VT-d (DMAR and IR) * PCI config space emulation * Support for Message Signaled Interrupts (MSI) * Minimal Zero-Footprint Run-Time (RTS) * Event mechanism * Shared memory channels for inter-subject communication * Crash Audit * Support for 64-bit native and 32/64-bit VM subjects - Native 64-bit Ada subjects - Native 64-bit SPARK 2014 subjects - Linux 32/64-bit VMs - SMP for Linux VMs - MirageOS unikernels <<mirageos>> Tau0 ~~~~ _Tau0_ (ฯโ) is the Muen System Composer. In its current static mode of operation, the task of Tau0 is to compose a system image while making sure that certain invariants are not violated. The Tau0 concept is a mechanism to gradually increase the flexibility of component-based systems running on top of Muen, while keeping a high level of assurance regarding the correctness of isolation enforcement. Read more about Tau0 https://muen.sk/tau0.html[here]. Components ~~~~~~~~~~ The Muen platform includes re-usable components which implement common services: * AHCI (SATA) driver subject written in SPARK 2014 * Device Manager (DM) written in SPARK 2014 * Subject Monitor (SM) written in SPARK 2014 * Subject Loader (SL) written in SPARK 2014 * Subject Lifecycle Controller written in SPARK 2014 * Timeserver subject written in SPARK 2014 * Debugserver subject written in Ada 2012 * PS/2 driver subject written in Ada 2012 * Virtual Terminal (VT) subject written in Ada 2012 Furthermore the <<muenfs>>, <<muennet>> and <<muenblock>> Linux kernel modules provide virtual filesystem, network interface and block I/O drivers based on inter-subject memory channels. Toolchain ~~~~~~~~~ The Muen platform includes a versatile toolchain which facilitates the specification and construction of component-based systems in different application domains. The <<mugenhwcfg>> tool for automated hardware description generation simplifies the addition of support for new target machines. Scheduling plans can be generated automatically from a scheduling configuration using the <<mugenschedcfg>> tool. Resources --------- Documentation ~~~~~~~~~~~~~ The following detailed project documentation is available: * Muen System Specification + https://muen.sk/muen-system-spec.pdf * Muen Kernel Specification + https://muen.sk/muen-kernel-spec.pdf * Muen Component Specification + https://muen.sk/muen-component-spec.pdf * Bootloader Signed Block Stream of Commands Specification + https://muen.sk/bsbsc-spec.pdf * Original Muen master thesis + https://muen.sk/muen-report.pdf * Muen project presentation + https://muen.sk/muen-slides.pdf * Presentation given at High Integrity Software Conference HIS 2014 + http://www.slideshare.net/AdaCore/slides-his-2014secunethsr * Technical articles on Muen + https://muen.sk/articles.html Mailing list ~~~~~~~~~~~~ The [email protected] mailing list is used for project announcements and discussions regarding the Muen separation kernel. * To subscribe to the list, send a (blank) mail to mailto:muen-dev+\[email protected][]. Note: A Google account is *not* required, any email address should work. * To post a message to the list write an email to [email protected]. * The list has a Google Groups web interface: https://groups.google.com/group/muen-dev. Download -------- The Muen sources are available through the following git repository: $ git clone --recursive https://git.codelabs.ch/git/muen.git A browsable version of the repository is available here: https://git.codelabs.ch/?p=muen.git A ZIP archive of the current Muen sources can be downloaded here: https://git.codelabs.ch/?p=muen.git;a=snapshot;h=HEAD;sf=zip NOTE: The ZIP archive cannot be used to build the example system since it does not contain all sub-projects. Build ----- Environment ~~~~~~~~~~~ The Muen SK has been developed and successfully tested using the development environment listed in the following table. |=================================================================== | Operating systems | Debian GNU/Linux 10 x86_64 + Debian GNU/Linux 11 x86_64 + Ubuntu 20.04 x86_64 | Linux kernel/KVM | >= 5.2.0 with GUEST_CR3 fix <<lnxcr3>> | Ada compiler | GNAT Community 2021 | GCC version | 10.3.1 20210520 for GNAT Community 2021 | SPARK version | GNAT Community 2021 | Emulator | qemu-system-x86_64 (>= 3.1.0) | Intel AMT SoL client | amtterm (>= commit 0ece513...) | Intel vPro AMT / WSMan | amtc (github.com/schnoddelbotz/amtc) |=================================================================== The following hardware is used for the development of Muen. There is a good chance similar hardware works out-of-the box if the microarchitecture is Ivy Bridge or newer. |=================================================================== | iBASE MI995VF-X27 | Coffee Lake | Xeon E-2176M | Lenovo ThinkPad T480s | Kaby Lake | i7-8650U | Lenovo ThinkPad X260 | Skylake | i7-6500U | Intel NUC 6i7KYK | Skylake | i7-6770HQ | UP^2^ maker board | Apollo Lake | Atom E3950 | Intel NUC 6CAYH | Apollo Lake | Celeron J3455 | Intel NUC 5i5MYHE | Broadwell | i5-5300U | Cirrus7 Nimbus | Haswell | i7-4765T | Lenovo ThinkPad T440s | Haswell | i7-4600U | Lenovo ThinkPad T430s | Ivy Bridge | i7-3520M | Kontron Technology KTQM77/mITX | Ivy Bridge | i7-3610QE |=================================================================== The first step to build Muen is to install the required packages. See the `tools/docker/Dockerfile.muen-dev-env` file in the project repository for the current list of required packages. The Ada and SPARK packages currently available in Debian and Ubuntu are too old to build Muen. GNAT Community 2021 for x86 GNU Linux (64-bit) from AdaCore must be installed instead. It can be downloaded from the following location: https://www.adacore.com/download Extend your `PATH` to make the GNAT Community 2021 compiler and tools visible to the Muen build system (assuming that they are installed below `/opt`): $ export PATH=/opt/GNAT/2021/bin:$PATH Docker ~~~~~~ There is also a ready-made Docker image which contains all necessary tools for Muen development. You can install it using the following command: $ docker pull codelabsch/muen-dev-env Compilation ~~~~~~~~~~~ To build the Muen tools, RTS, kernel and example components change to the Muen source directory and issue the following command: $ make This will create a bootable ISO image containing the example system. See below for deployment instructions. The following command gives a short description of the top-level Makefile targets: $ make help Deploy ------ The build system provides two ways to instantly deploy and test the created system image. Emulation ~~~~~~~~~ To ease kernel development and testing, the Muen project makes use of nested virtualization provided by QEMU/KVM. In order for this to work, a recent Linux kernel (>= 5.2.0) with applied KVM GUEST_CR3 fix <<lnxcr3>> and the `qemu-system-x86_64` binary must be installed on the build machine. Issue the following command in the Muen project directory to start the nested virtualization of a Muen system: $ make emulate The system serial output is written to `emulate/serial.out`. Follow the on-screen instructions on how to connect to the QEMU curses console or how to SSH into the NIC Linux guest VM. NOTE: As the virtual terminal (VT) over curses is timing sensitive and QEMU/KVM cannot guarantee tick-exact timing depending on the host CPU and system load, this console is just an emergency console. Use SSH to interact with the booted Muen system. Hardware ~~~~~~~~ The top-level Makefile provides two convenient targets to deploy Muen to real hardware: `iso` and `deploy`. The first creates a bootable ISO image which can be burned on a CD-ROM or dumped on a USB stick, the second uses network boot to shorten round-trips during development. USB Stick ^^^^^^^^^ To create a bootable USB stick containing the Muen system, enter the following commands in the top-level directory: $ make HARDWARE=hardware/lenovo-t440s.xml SYSTEM=xml/demo_system_vtd.xml iso Then follow the instructions on the screen. Network Boot ^^^^^^^^^^^^ For fast deployment of the Muen system image to real hardware, the iPXE <<ipxe>> boot firmware installed on a USB stick in conjunction with Intel Active Management Technology (AMT) is used. Please refer to the amtterm <<amt>> documentation on how to configure AMT on the target hardware. To build and install iPXE with the Muen specific boot script issue the following commands: $ sudo apt-get install liblzma-dev $ git clone git://git.ipxe.org/ipxe.git $ wget https://muen.sk/muen.ipxe $ cd ipxe/src $ make bin/ipxe.usb EMBED=../../muen.ipxe $ sudo dd if=bin/ipxe.usb of=/dev/sdX The `/dev/sdX` device is the USB stick (e.g. `/dev/sdc`, without partition number). *All existing data will be erased*. When booting from the created stick the first NIC (net0) is configured as follows: IP Address : 192.168.254.2 Netmask : 255.255.255.0 Gateway : 192.168.254.1 After initialization of the network adapter iPXE tries to download and chainload the iPXE configuration from the following URL: http://192.168.254.1:8000/boot.cfg The development machine must be connected to the target hardware via an interface with IP address 192.168.254.1. To actually serve the created system image to the bootloader, issue the following command in the top-level Muen directory: $ export AMT_PASSWORD=<your AMT password> $ make deploy To view the output of the Muen kernel debug console use the command: $ amtterm 192.168.254.2 If your hardware differs from the default configuration, additionally specify the `HARDWARE` variable: $ make deploy HARDWARE=hardware/intel-nuc-dc53427hye.xml References ---------- - [[[lnxcr3]]] Linux KVM GUEST_CR3 fix, https://patchwork.kernel.org/patch/11165185/ - [[[ipxe]]] iPXE boot firmware, https://ipxe.org/ - [[[amt]]] Intel AMT SoL client + tools, https://www.kraxel.org/cgit/amtterm/ - [[[mirageos]]] MirageOS, https://mirage.io - [[[muenblock]]] Muenblock Linux kernel module, https://git.codelabs.ch/?p=muen/linux/muenblock.git - [[[muenfs]]] Muenfs Linux kernel module, https://git.codelabs.ch/?p=muen/linux/muenfs.git - [[[muennet]]] Muennet Linux kernel module, https://git.codelabs.ch/?p=muen/linux/muennet.git - [[[mugenhwcfg]]] Muen hardware config generator, https://git.codelabs.ch/?p=muen/mugenhwcfg.git - [[[mugenschedcfg]]] Muen scheduling plan generator, https://git.codelabs.ch/?p=muen/mugenschedcfg.git License ------- -------------------------------------------------------------------------------- Copyright (C) 2013-2021 Reto Buerki <[email protected]> Copyright (C) 2013-2021 Adrian-Ken Rueegsegger <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. --------------------------------------------------------------------------------
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.