/jailhouse-images

Jailhouse demonstration and testing images

Primary LanguageCMIT LicenseMIT

Jailhouse Reference Images

The goal of this project is to generate ready-to-use reference images for the Jailhouse hypervisor to support demonstration and testing. The images are generated from Debian packages using the Isar build system.

Quickstart for Virtual Targets

The host-side requirements are:

  • Docker (tested with 19.03.5-ce)
  • QEMU >= 4.2
  • Kernel >= 4.4 with KVM support (for qemu-x86 image)
  • kvm_intel module loaded with parameter nested=1 (for qemu-x86 image on kernel < 4.20)

To build a target image, just run ./kas-container menu and select one (or more) of the QEMU targets. The generated image can then be executed using start-qemu.sh ARCHITECTURE. Currently supported are x86 (only works on Intel CPUs so far), arm64 and arm as architectures. On x86, make sure the kvm-intel module was loaded with nested=1 to enable nested VMX support.

Quickstart for Physical Targets

Call ./kas-container menu and select the desired target. Afterwards, flash the image on an empty SD card, e.g.:

dd if=build/tmp/deploy/images/orangepi-zero/demo-image-jailhouse-demo-orangepi-zero.wic.img \
   of=/dev/mmcblk0 bs=4M status=progress

Orange Pi Zero

The Orange Pi Zero is supported with its 256 MB edition. Ethernet is supported out of the box with the generated image. To configure the WLAN interface on this board, create /etc/network/interfaces.d/wlan0 with the following content:

allow-hotplug wlan0

iface wlan0 inet dhcp
    wpa-ssid <your wlan ssid>
    wpa-psk <your wlan key>

Note that the driver and the WLAN firmware are of experimental quality and have significant reception latency problems. In contrast, the LAN interface works smoothly.

NUC6CAY

The NUC6CAY is supported with 8 GB of RAM. It can boot from an SD card, or you can flash the generated image on a built-in storage device. The device has to boot in EFI mode.

As the device comes without a UART connector, the output of Jailhouse can only be seen via the EFI framebuffer on a monitor or on the virtual Jailhouse console (jailhouse console).

SIMATIC IPC127E

The SIMATIC IPC127E is supported in its 2-cores variant. It can boot from an USB stick, or you can flash the generated image on a built-in storage device. The device has to boot in EFI mode.

As the device comes without a UART connector, the output of Jailhouse can only be seen via the EFI framebuffer on a monitor or on the virtual Jailhouse console (jailhouse console).

ESPRESSObin

The ESPRESSObin 1 GB edition is supported. Before being able to boot the SD card image, the pre-installed U-Boot needs further manual tuning (because the old vendor U-Boot lacks distro support). Attach to the serial port of the board and type the following on the U-Boot command line:

setenv bootcmd "load mmc 0:1 0x4d00000 /boot/boot.scr; source 0x4d00000"
saveenv
reset

After that, the board will automatically start from the generated SD card image.

Note that XHCI is no longer working with the combination of pre-built vendor U-Boot 2017.03-armada-17.10 and kernel 5.4. The kernel suggests to update the firmware. This involves manual building and flashing a more recent version.

MACCHIATObin

The MACCHIATObin is supported in both variants. Same story as with the ESPRESSObin regarding the pre-installed U-Boot, but we are able to replace it with a recent upstream version: Follow the instructions to switch the board to SD card booting, then flash the image on an empty card and plug that into the board.

Note that the generated image is not yet directly usable for booting from the eMMC.

HiKey

The LeMaker HiKey with Kirin 620 SoC is supported with its 2 GB edition. The generated image can be used to boot from SD card. This requires a recent version of the UEFI-based bootloader (tested with version 85, December 20 2018).

You may also use the content of the boot and the root partition to fill the corresponding partitions on the eMMC, but do no flash the complete image directly to the eMMC because it does not contain any firmware.

Ultra96

The Avnet Ultra96 is supported, both version 1 and 2. You can boot the board directly from the generated SD card image.

Note that the configuration for the v1 will direct the UART console to the expansion connector, compatible with related expansion boards, while the v2 configuration uses the UART male header as output, requiring the Avnet JTAG/UART adapter.

Raspberry Pi 4

The Raspberry Pi 4 Model B is support. You can boot the board directly from the generated SD card image. The mini UART on the GPIO header (pin 6/8/10: Ground/TXD/RXD) is used as serial console.

Pine64+

The Pine64+ with Allwinner A64 is supported with its 2GB edition. You can boot the board directly from the generated SD card image. UART0 available via EXP 10 connector (pin 7/8/9: TXD/RXD/GND) is used as serial console. For details refer here.

Community Resources

See Jailhouse project.

License

Unless otherwise stated in the respective file, files in this layer are provided under the MIT license, see COPYING file. Patches (files ending with .patch) are licensed according to their target project and file, typically GPLv2.