Intel has presented some new experimental projects open source at the Open Source Technology Summit conference (OSTS) that is taking place these days.
One of the projects presented at the Open Source Technology Summit is "ModernFW" as part of Intel's initiative it is working on to create a scalable and secure replacement for BIOS and UEFI firmware.
The project is in the initial stage of development, but at this stage of development in the proposed prototype there are already enough opportunities to organize the loading of the operating system kernel.
The ModernFW project code is based on TianoCore (open source UEFI implementation) and pushes the changes back upstream.
ModernFW aims to provide minimal firmware suitable for use on vertically integrated platforms such as servers for cloud systems.
In such systems, it is not necessary to keep the code in the firmware to ensure backward compatibility and universal use components typical of traditional UEFI firmware.
ModernFW takes care of removing unnecessary code, reducing the number of possible attack and error vectors, which has a positive effect on safety and efficiency.
This includes work on removing firmware support for obsolete device types and functionality that can be done in the context of the operating system.
Only the necessary device drivers remain and minimal support is provided for emulated and virtual devices.
Some of the code is shared in the firmware and in the kernel of the operating system. Modular and custom configuration is provided.
We seek to reduce the overall footprint, increase efficiency, and improve the security posture of the system by eliminating capabilities that are not needed to meet the requirements of platforms that serve more vertically integrated purposes.
For example, one avenue for exploration is to move whatever functionality is achievable in the context of the operating system outside of the firmware.
Support for architectures is limited to x86-64 systems so far and of the bootable operating systems, only Linux is supported (if required, support for other operating systems can also be provided).
About Cloud Hypervisor
At the same time, Intel introduced the Cloud Hypervisor project, in which you tried to create a hypervisor based on the components of the joint Rust-VMM project, in which, in addition to Intel, Alibaba, Amazon, Google and Red Hat also participate.
Rust-VMM is written in the Rust language and allows you to create specific hypervisors for certain tasks.
- rust-vmm offers a set of common hypervisor components, developed by Intel with industry leaders such as Alibaba, Amazon, Google, and Red Hat to offer specific hypervisors for use cases. Intel has launched a special-purpose cloud hypervisor based on rust-vmm with partners to provide a higher-performance and more secure container technology designed for cloud-native environments.
Cloud Hypervisor is a virtual machine monitor Open source (VMM) that runs on top of KVM. The project focuses on exclusively running modern workloads in the cloud, plus a limited set of hardware platforms and architectures.
Cloud workloads refer to those that are typically run by customers within a cloud provider.
In the context of Intel's interests, the primary task of Cloud Hypervisor is to release modern Linux distributions using virtio-based para-virtualized appliances.
Emulation support is minimized (the bet is paravirtualization). Currently, only x86_64 systems are supported, but the plans also support AArch64.
To get rid of unnecessary code and simplify the configuration of CPU, memory, PCI and NVDIMM is done at the assembly stage.
You can migrate virtual machines between servers. The key tasks mentioned are: high responsiveness, low memory consumption, high performance, and reduction of potential attack vectors.