• Home
  • Posts
  • Instructions
  • Podcasts
  • Projects
  • Certifications
  • Verification
  • About Me
  • Contact
  • Privacy Policy
  • More
    • Home
    • Posts
    • Instructions
    • Podcasts
    • Projects
    • Certifications
    • Verification
    • About Me
    • Contact
    • Privacy Policy
  • Home
  • Posts
  • Instructions
  • Podcasts
  • Projects
  • Certifications
  • Verification
  • About Me
  • Contact
  • Privacy Policy

Robert Spigler

Robert SpiglerRobert SpiglerRobert Spigler

Qubes Update

March 23rd, 2022

Our first meeting was very productive.  This is an incredibly exciting milestone on this long journey!


Notes from the meeting can be viewed at the below link.  They are also pasted below.


https://pad.riseup.net/p/JEvmHlR2Fv8i5CdbXKUA 

23/03/2022 : ~1.5h meeting  


Port Qubes to ppc64 [3 bitcoin bounty] https://github.com/QubesOS/qubes-issues/issues/4318   


Discussion restarted for Xen port at https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-1072941160 

- 

Attendee List:      

  • Piotr Król (3mdeb, OpenPOWER firmware: hostboot, coreboot etc.)   
  • Robert Spigler (independent)      
  • Simon Gaiser (Qubes/ITL)      
  • Thierry Laurion (Insurgo) @insurgo:matrix.org insurgo@riseup.net      
  • Demi Marie Obenour (Invisible Things Lab)      
  • Alyssa Ross (Spectrum) (Matrix: @qyliss:fairydust.space, Mail: hi@alyssa.is, IRC: qyliss (libera, oftc)      
  • Marek Marczykowski-Górecki (ITL) (Matrix: @marmarek:matrix.org, IRC: marmarek (libera, oftc, through matrix anyway), marmarek@invisiblethingslab.com)       
  • Frédéric Pierret (fepitre) (ITL) (IRC: fepitre/fpierret (librera, oftc))      
  • Timothy Pearson (Raptor Engineering) tpearson@raptorengineering.com     


[Piotr] Discussion topics      

  • [Piotr] In case of issue with low level stuff (hostboot, coreboot, skiboot etc.) 3mdeb is ok to support this effort.      
  • OpenPOWER Summit talks about coreboot port to POWER9      
    • https://www.youtube.com/watch?v=Mb__SNfMVFw      
    • https://www.youtube.com/watch?v=toLV9d7H6Q0      
    • D-RTM/AEM for POWER9: https://vimeo.com/638553990      
  • [Piotr] Did we discussed anything with Xen Mainteiners?      
    • Not that I am aware of. Should be done ASAP.      
    • I can do this (Robert)     
    •  We should include Andrew Cooper in communication.      
    • I believe Vates has very good relation with Xen community. 
  • [Piotr] I believe someone should sum up GH issue discussion, Thierry, Qubes OS Team?      
    • [Thierry] : Xen was desired, considered too much effort, KVM path was considered, VCHAN work was done and paid. Then Xen was reconsidered (after Robert twitter post which raised attention of OpenPower: https://twitter.com/OpenPOWERorg/status/1504112361975730186?s=20) alongside with seL4. sel4 is still considered long term goal, but Xen considered the path to go now to have Qubes on PPC64      
      • KVM first draft of tasks to be done: https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-425749018      

                                 * More details: https://github.com/QubesOS/qubes-issues/issues/4318#issue

                                   comment-791113424      

                                 * Tasklist: https://github.com/QubesOS/qubes-issues/issues/4318#issuecom

                                   /ment-549986749      

                                 * KVM own progress issue tracking: https://github.com/QubesOS/qubes-

                                    issues/issues/7051      

  • Xen choice is still the only current valid choice per Qubes architecture paper https://www.qubes-os.org/attachment/doc/arch-spec-0.3.pdf      

                                 * Architecture notes: https://www.qubes-os.org/doc/architecture/#key-

                                   architecture-features      

                                  * VS KVM/QEMU: https://github.com/QubesOS/qubes-issues/issues

                                    /4318#issuecomment-1073780039      

  • Crossvm point: https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-978782085      
  • seL4 point: https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-1073432769      
  • Other funding avenues https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-1046120994     

                                  *   [Piotr] Technology Common Trust: https://technologycommons.org/    


     [Robert]  


     Funding still available. 

     Hardware availble for dev - [Timothy]      

          Timothy won't need hardware (he produces it). Others could!      

          Lol of course.      

          :)      

          Timothy: On the path of testing, can remote happen there with complete hardware             

          control?      

               Confirmed. Time-share of hardware for tests is planned.      

               Yes, will provide time-shared direct hardware access to probably a Blackbird or small Talos II desktop-class system via Integricloud        



  • 2 Steps:      

                 Booting for Xen/dom0 (most complex step - this can be split)     

                 Start additional VM (much simpler)     

                 Get PCIe working           


  • RCS working on secure BMC      

                 Hopefully BCM network adaptor not turned on by default - RCS has physical switch           

 

  • All in agreement for Xen/Power            


  • Bootup Process:          

                        Currently:         

                        SBE->Hostboot (hardware initialization)->Skiboot->petitboot (embedded linux kernel)                  


                        Coreboot:             

                                Still loading skiboot; From there load Xen.  In the future might replace Hostboot w/ Coreboot. (Coreboot is easier to audit).                   


  • IBM has not added measured boot, would have to be added by us later - Possibly Heads.                    


  • Make more detailed Power port task list?                    


  • What does OpenPower mean when they say they will support this?                    


  • Technology Common Trust: Could use this org to help organize/firewall funds.                    


  • Funds:      

                  I (Robert Spigler) have 1 bitcoin & Blackbird Bundle      

                  leo-lb has pledged 0.8 btc (need to confirm)      

                  Rudd-O has pledged 0.5 bitcoin (need to confirm)      

                  Total 2.3       


                  0.7 btc (0.5 from Robert; 0.2 from leo-lb) has already paid @shawnanastasio for a 

                  KVM port.  Has he used up all of these funds? Would he like/be able to re-donate 

                  these funds to the Xen port?       


  • Let's try to do a marketing push.  Maybe even a website? There is definitely more interest out there than we have gotten.       


  • Need a second pair of eyes once fairly matured.  Give hardware to OzLabs, ask them to break. Physical attack would be (fairly) offlimits.      
  • Demi can review C code - but not Power-Specific stuff       


  • There have been issues with Github.  We will change to Gitlab       


  • I will reach out again to Xen, Power guys, and also to try to get some more funding (Timothy is on board - will discuss during meeting tomorrow https://twitter.com/OpenPOWERorg/status/1504112361975730186?s=20).       


  • Reach out to Oliver about his Project Manager       


  • How will we communicate: Gitlab, Element, ML.      
    • https://riseup.net/en/lists ?   



Copyright © 2022 Robert Spigler - All Rights Reserved.

This website uses cookies.

I do not host this website.  Default cookies for the purpose of analytics and performance tracking are loaded.  I do not have control over how these cookies are stored. If this is a concern of yours, I suggest installing something like 'Privacy Badger' in addition to selecting "Decline". View 'Privacy Policy' for details.

DeclineAccept