The goal of this project is to generate ready-to-use reference images for the Jailhouse hypervisor to support demonstration and testing. The images are generated from Debian packages using the Isar build system.
The host-side requirements are:
- Docker (tested with 19.03.5-ce)
- QEMU >= 4.2
- Kernel >= 4.4 with KVM support (for qemu-x86 image)
- kvm_intel module loaded with parameter
nested=1
(for qemu-x86 image on kernel < 4.20)
To build a target image, just run ./kas-container menu
and select one (or
more) of the QEMU targets. The generated image can then be executed using
start-qemu.sh ARCHITECTURE
. Currently supported are x86
(only works on
Intel CPUs so far), arm64
and arm
as architectures. On x86, make sure the
kvm-intel module was loaded with nested=1
to enable nested VMX support.
Call ./kas-container menu
and select the desired target. Afterwards, flash the
image on an empty SD card, e.g.:
dd if=build/tmp/deploy/images/orangepi-zero/demo-image-jailhouse-demo-orangepi-zero.wic.img \
of=/dev/mmcblk0 bs=4M status=progress
The Orange Pi Zero is supported with
its 256 MB edition. Ethernet is supported out of the box with the generated
image. To configure the WLAN interface on this board, create
/etc/network/interfaces.d/wlan0
with the following content:
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid <your wlan ssid>
wpa-psk <your wlan key>
Note that the driver and the WLAN firmware are of experimental quality and have significant reception latency problems. In contrast, the LAN interface works smoothly.
The NUC6CAY is supported with 8 GB of RAM. It can boot from an SD card, or you can flash the generated image on a built-in storage device. The device has to boot in EFI mode.
As the device comes without a UART connector, the output of Jailhouse can only
be seen via the EFI framebuffer on a monitor or on the virtual Jailhouse
console (jailhouse console
).
The SIMATIC IPC127E is supported in its 2-cores variant. It can boot from an USB stick, or you can flash the generated image on a built-in storage device. The device has to boot in EFI mode.
As the device comes without a UART connector, the output of Jailhouse can only
be seen via the EFI framebuffer on a monitor or on the virtual Jailhouse
console (jailhouse console
).
The ESPRESSObin 1 GB edition is supported. Before being able to boot the SD card image, the pre-installed U-Boot needs further manual tuning (because the old vendor U-Boot lacks distro support). Attach to the serial port of the board and type the following on the U-Boot command line:
setenv bootcmd "load mmc 0:1 0x4d00000 /boot/boot.scr; source 0x4d00000"
saveenv
reset
After that, the board will automatically start from the generated SD card image.
Note that XHCI is no longer working with the combination of pre-built vendor U-Boot 2017.03-armada-17.10 and kernel 5.4. The kernel suggests to update the firmware. This involves manual building and flashing a more recent version.
The MACCHIATObin is supported in both variants. Same story as with the ESPRESSObin regarding the pre-installed U-Boot, but we are able to replace it with a recent upstream version: Follow the instructions to switch the board to SD card booting, then flash the image on an empty card and plug that into the board.
Note that the generated image is not yet directly usable for booting from the eMMC.
The LeMaker HiKey with Kirin 620 SoC is supported with its 2 GB edition. The generated image can be used to boot from SD card. This requires a recent version of the UEFI-based bootloader (tested with version 85, December 20 2018).
You may also use the content of the boot and the root partition to fill the corresponding partitions on the eMMC, but do no flash the complete image directly to the eMMC because it does not contain any firmware.
The Avnet Ultra96 is supported, both version 1 and 2. You can boot the board directly from the generated SD card image.
Note that the configuration for the v1 will direct the UART console to the expansion connector, compatible with related expansion boards, while the v2 configuration uses the UART male header as output, requiring the Avnet JTAG/UART adapter.
The Raspberry Pi 4 Model B is support. You can boot the board directly from the generated SD card image. The mini UART on the GPIO header (pin 6/8/10: Ground/TXD/RXD) is used as serial console.
The Pine64+ with Allwinner A64 is supported with its 2GB edition. You can boot the board directly from the generated SD card image. UART0 available via EXP 10 connector (pin 7/8/9: TXD/RXD/GND) is used as serial console. For details refer here.
See Jailhouse project.
Unless otherwise stated in the respective file, files in this layer are provided under the MIT license, see COPYING file. Patches (files ending with .patch) are licensed according to their target project and file, typically GPLv2.