/CMPE283-assignment-1

This repository contains Assignment - 1 submission by Harsh Vaghasiya(016053102) for CMPE 283

Primary LanguageC

CMPE283-assignment-1 - Harsh Vaghasiya (016053102)

Team Members:

  1. Harsh Vaghasiya - 016053102 - (Just me)

Questions and Answers:

  1. For each member in your team, provide 1 paragraph detailing what parts of the lab that member implemented / researched. (You may skip this question if you are doing the lab by yourself).

    Answer: I did the whole assignment by myself.

  1. Describe in detail the steps you used to complete the assignment. Consider your reader to be someone skilled in software development but otherwise unfamiliar with the assignment. Good answers to this question will be recipes that someone can follow to reproduce your development steps.
    Note: I may decide to follow these instructions for random assignments, so you should make sure they are accurate.

    Answer:

    Step-1: Created project in GCP.

Screen Shot 2022-11-07 at 7 42 46 AM



Screen Shot 2022-11-07 at 7 43 45 AM



Screen Shot 2022-11-07 at 7 44 11 AM



Screen Shot 2022-11-07 at 9 09 21 AM



Screen Shot 2022-11-07 at 9 09 48 AM



Step-2: Enabled Compute Engine API in order to create VM instance. Opened Google Cloud Shell and created VM instance with enabled nested virtualization in this project.

Screen Shot 2022-11-07 at 9 13 31 AM



Screen Shot 2022-11-07 at 9 13 46 AM



Screen Shot 2022-11-07 at 9 10 01 AM



To create VM instance with enabled nested virtualization, use following command:
Note: DON'T FORGET to make changes for project specific details in the following commmand such as project name, project id, zone details etc.

gcloud compute instances create instance-1 --project=cmpe283lab1 --zone=us-central1-a --machine-type=n2-standard-8 --network-interface=network-tier=PREMIUM,subnet=default --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=223088318882-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/cloud-platform --min-cpu-platform=Intel\ Cascade\ Lake --create-disk=auto-delete=yes,boot=yes,device-name=instance-1,image=projects/debian-cloud/global/images/debian-11-bullseye-v20221102,mode=rw,size=10,type=projects/cmpe283lab1/zones/us-central1-a/diskTypes/pd-balanced --create-disk=auto-delete=yes,device-name=disk-1,image=projects/ubuntu-os-cloud/global/images/ubuntu-2204-jammy-v20221101a,mode=rw,name=disk-1,size=100,type=projects/cmpe283lab1/zones/us-central1-a/diskTypes/pd-ssd --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --reservation-affinity=any --enable-nested-virtualization

Screen Shot 2022-11-07 at 9 40 41 AM



Step-3: Logged into the VM instance using SSH. Go to VM instances of your project. Select the VM instance, we just created and click on SSH button in "Details" section

Screen Shot 2022-11-07 at 9 59 11 AM



Step-4: Created the project directory at root folder of Linux VM Instance. Uploaded code file and Makefile in this directory. I have taken reference from Intel SDM Manual to update the code file for primary/secondary/tertiary procbased controls, entry/exit controls etc.

Note:

  • I included all the functions to query all the other MSRs as explained in the assignment description in cmpe283-1.c.
  • With the help of Intel SDM Manual, I created structures with name and bit positions for pinbased, procbased, secondary procbased(in case if it is available), tertiary procbased(in case if it is available), entry and exit controls.
  • In order to detect VMX features availability of processor, we call report_capability ( ) function which prints if we can set/clear particular control or not.
  • To check if Secondary Procbased controls are available, , I looked for Bit-position(31) of IA32_VMX_PROCBASED MSR. If this bit is set, then secondary procbased controls are available.
  • Similarly, to check if Tertiary Procbased controls are available, , I looked for Bit-position(17) of IA32_VMX_PROCBASED MSR. If this bit is set, then tertiary procbased controls are available.

Screen Shot 2022-11-07 at 10 00 12 AM



Screen Shot 2022-11-07 at 10 29 56 AM



Step-5: Installed "make" command into instance. Checked the kernel information using "uname -r" command and then installed Linux Headers accordingly for that specific version of the kernel.

sudo bash
apt install gcc make

Screen Shot 2022-11-07 at 10 31 18 AM



exit
uname -r
sudo apt-get install linux-headers-{uname -r kernel version value}-cloud-amd64

Screen Shot 2022-11-07 at 10 32 25 AM



Step-6: Built the kernel module using make command.

make

Screen Shot 2022-11-07 at 10 36 59 AM



Step-7: Inserted this kernel module using "insmod" command. And finally checked the VMX Features availability using "dmesg" command.

sudo /sbin/insmod cmpe283-1.ko
sudo dmesg

Screen Shot 2022-11-07 at 10 38 29 AM



Output:

Screen Shot 2022-11-07 at 10 44 42 AM



Screen Shot 2022-11-07 at 10 45 20 AM



Explanation for not trying tertiary procbased controls:

From the output of primary procbased controls as shown below, I got to know that I do not have permission to set tertiary procbased controls. Hence, I commented the code for tertiary procbased controls and did not run it.

Screen Shot 2022-11-07 at 1 57 14 PM copy



Note: If you try to call MSR for Tertiary Procbased Controls and if you do not have access to set it just like in my case, you will get an error as following:

Screen Shot 2022-11-07 at 1 58 23 PM