Related
I want to test Intel SGX technology on my Lenovo Tower S510 10L3-000JFM. I checked via https://github.com/ayeks/SGX-hardware that my CPU Intel Core i7-6700 supports SGX but BIOS does not, or may be not enabled (in BIOS). A BIOS update can fix this. However, a recent BIOS update from Lenovo in https://pcsupport.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-s-series-all-in-ones/s510-desktop/10kw/downloads/ds112505 does not specify that explicitly as I do not want to proceed to this risky operation without being sure.
My question is: is this BIOS update supporting Intel SGX? Or not?
Any help or resources are welcomed.
Last BIOS update is on 01/09/2016 and last CPU microcode update is on 07/01/2016.
According to a Lenovo BIOS engineer, BIOS for this computer model does not support Intel SGX and there is no plan for the future.
The Linux kernel does not transparently handle the Intel SGX. An application has to be written specifically for Intel SGX to use it.
If you just want to write code for Intel SGX, you can use the SIMULATION mode provided in the SGX SDK to write code and test it out. You won't be able to use Remote Attestation (and Local attestation) as it requires access to the hardware. Apart from that, everything should work fine.
I am New to VxWorks. First of all Can I use VxWorks OS as Normal OS on my PC? I mean Can I run my application software on VxWorks OS?
While VxWorks can run on PC hardware, it is not a general-purpose OS for running independent executables. VxWorks is an RTOS library; you statically link it to your application and the whole runs as a monolithic executable.
It does support a command line interface (intended primarily for development and debug), and from that it is possible to dynamically load and link object files, but these are not independent executables in the sense they are in a GPOS; they essentially become part of the monolithic application.
An RTOS such as OS/9 or QNX would be more suited as these can operate more like a GPOS in the sense of loading and executing independently linked executables.
In any event, application software must be specifically built for these targets.
For versions of VxWorks prior to VxWorks 6, the answer by clifford provides a good explanation of why this is not really possible.
VxWorks 6 introduced Real Time Processes (RTPs). These are independant, user mode applications, running on top of the VxWorks OS. Dependant on how the VxWorks OS has been configured and built, these RTP applications may have access to POSIX libraries, and so you may be able to run POSIX applications (eg linux programs) with little modification.
However, these must still be built for VxWorks, ideally linked against your own VxWorks Source Build.
You cannot, however, just pick up any old application and expect it to run. You are never going to get Word or Excel to run.
What is the distinction between emulation and Full Virtualization, also called Hardware-assisted virtualizion (HVM)?
From this source, it is not clear what the relationship is.
Full Virtualization or Hardware-assisted virtualizion (HVM) uses
virtualization extensions from the host CPU to virtualize guests. HVM
requires Intel VT or AMD-V hardware extensions. The Xen Project
software uses Qemu to emulate PC hardware, including BIOS, IDE disk
controller, VGA graphic adapter, USB controller, network adapter etc.
Virtualization hardware extensions are used to boost performance of
the emulation. Fully virtualized guests do not require any kernel
support. This means that Windows operating systems can be used as a
Xen Project HVM guest. Fully virtualized guests are usually slower
than paravirtualized guests, because of the required emulation.
Source: Xen Project Wiki
In the following book these terms are considered synonymous.
At one extreme you have full virtualization, or emulation, in which
the virtual machine is a software simulation of hardware, real or
fictional — as long as there’s a driver, it doesn’t matter much.
Products in this category include VMware and QEMU.
Source: The book of Xen
Following are the excerpts from an article describing the actual difference between emulation and HWM. However, the only distinction I can see is, that virtualization enables to create more than one computing environment.
If emulation takes such a toll, why bother? Because we might want to
do one of the following:
Run an OS on a hardware platform for which it was not designed.
Run an application on a device other than the one it was developed for (e.g., run a Windows program on a Mac).
Read data that was written onto storage media by a device we no longer have or that no longer works.
Source: Russell Kay
Virtual machines offer the following advantages:
They're compatible with all Intel x86 computers.
They're isolated from one another, just as if they were physically separate.
Each is a complete, encapsulated computing environment.
They're essentially independent of the underlying hardware.
They're created using existing hardware.
Source: Russell Kay
There is another article, which only supports my hypothesis.
Emulation, in short, involves making one system imitate another. For
example, if a piece of software runs on system A and not on system B,
we make system B “emulate” the working of system A. The software then
runs on an emulation of system A.
In this same example, virtualization would involve taking system A and
splitting it into two servers, B and C.
So lets consider B=C and we have emulation, dont we?
Please note that virtualization is achieved by emulating the hardware components network adapters, USB, hard disk, CD drives etc in software. Thus emulation actually helps achieving virtualization.
Full virtualization is the technique of virtualization in which the guest OS runs unmodified, that is, the guest is not aware of whether it is running in a virtual machine environment or on a physical machine. Initially binary translation of the guest code was done in order to achieve full virtualization, but it wasn't good from performance perspective.
Para virtualization is a technique which requires modifications in the guest Operating System in order to gain better performance.
Hardware assisted virtualization is full virtualization technique as the guest Operating System runs unmodified. It is called hardware assisted because this type of virtualization utilizes virutalization specific extensions in host hardware like Intel-vtx, AMD-V etc. This technique not only offers full virtualization (guest OS does not require modification) but also has performance benefits and major vendors like Intel and AMD are providing extensions in hardware to support virtualization.
I recently have acquired a Apple G5 computer (PPC 970) and am interested in learning more about the PowerPC architecture (most of my systems programming knowledge comes from x86 and my own hobby kernel).
After using the computer a while and getting used to PowerPC assembly (RISC), I noticed that low level CPU virtualization is not possible on PowerPC 970 based Macs. The CPU in documentation (PowerPC 64) seems to support hypervisor mode, but it has been noted that it is not possible due to Open Firmware.
Do all operating systems which are loaded from Open Firmware on PowerPC 970 series Macs load in hypervisor mode, making "nested" virtualization impossible? If this is true, why does Open Firmware load all Operating systems in hypervisor mode? Is this in order to provide a secure layer for communication between the the Operating System and Open Firmware (using firmware for everything except ACPI and memory discovery during boot, which requires a transition into "real-mode", is unsafe in x86?).
Also if the Operating system were using hyper-calls to facilitate a secure transition to firmware based routines, wouldn't this impose a large penalty just as syscalls do?
I'm not privy to Apple's hardware designs, but I've heard that the HV mode (ie., HV=1 in the Machine State Register) was disabled, through hardware, on the CPUs used in the G5 machines.
If this is the case, then it's not up to the system firmware to enable/disable HV mode - it's simply not available.
At the time that these machines were available, other Power hardware designs had a small amount of firmware running in HV=1 mode, and only exposed HV=0 to the kernel. However, the G5 wasn't one of these.
In school we've been taught that compilers compile a computer program to machine language. We've also been taught that the machine language consists of direct instructions to the hardware. Then how can the same compiled program run on several computer configurations with different hardware?
Depends what you mean by 'different hardware' if it is the same processor (or same family eg Intel x86) then the machine code instructions are the same.
If the extra hardware is different peripherals (screens, disks printers etc) then the operating system hides those details by giving you a consistent set of instructions to drive them
If you mean, how can you run a program for an ARM cpu on an Intel x86, then you can't - except by some sort of virtual machine emulator that reads each of the ARM instructions and either translates them into x86 or runs the same functionality as a set of x86 funcs and then returns the same answer that the ARM ones would have done.
Edit: I assume you mean PCs with different hw - ie different peripherals but the same processor family?
Talking to hardware doesn't involve specific instructions as such - it's mostly a matter of moving memory to specific locations where the operating system and/or device driver have specifically reserved for data going to that device. In the old days of DOS and BIOS you would then trigger an interupt to call a specific bit of code in the BIOS to act on that data and send it to the HW.
With an emulator or a virtual machine, either of which effectively translates the machine language on the fly.
I think it is more accurate to say that native compilers compile to a specific instruction set of a processor. Since there are families of processors that keep backwards compatibility: 8086 - 80386 - 80486 - 80586 - Dual Core - Quad Core...; then each processor runs the instructions of its ancestors. If you want to port your code across processor architectures, then you need for sure a virtual machine or emulator, like it was mentioned previously.