diff --git a/deploy/live.md b/deploy/live.md index f668e00..a3c3523 100644 --- a/deploy/live.md +++ b/deploy/live.md @@ -8,5 +8,6 @@ editor: markdown dateCreated: 2021-11-13T11:34:24.392Z --- -# Header -Your content here \ No newline at end of file +# Headless header + +`to be done` diff --git a/deploy/prepare.md b/deploy/prepare.md index 765e1bb..75ec71f 100644 --- a/deploy/prepare.md +++ b/deploy/prepare.md @@ -16,6 +16,55 @@ dateCreated: 2021-11-13T10:47:33.615Z These instructions are valid for x86-64 computers that do ship with Linux or Windows +Phyllome OS targets x86 systems with hardware-assisted virtualization, +with a strong preference for those providing IOMMU as well. It may +support ARM[^49]- or RISC-V-based platforms in the future. + +It is expected that Phyllome OS will consume approximately 1 CPU core +and 1 GB of RAM[^50], which should be enough to accommodate a few +virtual machines. For instance, on a system with a CPU with 4 cores and +8 GB of RAM, a guest virtual machine will be able to be assigned up to 3 +cores and 7 GB of RAM. + +### []{#anchor-43}Minimum requirements for Phyllome OS Desktop + +- x86 computer that supports the first generation of hardware-assisted + virtualization extensions + + - For AMD-based configurations, it means that AMD V is available + and enabled + - For Intel-based configurations, it means that Intel VT-x is + available and enabled + +- 2-core processor + +- 8 GB of RAM + +- SSD-based storage device to store disk images and Phyllome OS + +- Any graphics card (Linux or macOS guests only) + +### []{#anchor-44}Recommended requirements for Phyllome OS Desktop + +- x86 computer that supports the second generation of + hardware-assisted virtualization extensions + + - For AMD-based configurations, it means that AMD Vi is available + and enabled + - For Intel-based configurations, it means that Intel VT-d is + available and enabled + +- 8-core processor + +- 16 GB of RAM + +- NVME-based storage device to store disk images and Phyllome OS + +- Two graphics cards or a graphics card that supports vfio-mdev or + SR-IOV + + + ## Enable IOMMU ### Access the firmware diff --git a/home.md b/home.md index 8f530ea..823fadb 100644 --- a/home.md +++ b/home.md @@ -22,6 +22,8 @@ dateCreated: 2021-06-19T09:29:20.593Z *[Phyllome OS](https://phyllo.me/) is an operating system that makes it easier to run various guest systems locally using [off-the-shelf hardware](https://wiki.phyllo.me/deploy/prepare).* +If you want to learn more about it, its goal and the context around it, have a look at the [white-paper](/https://files.phyllo.me/s/oYwfxYpZcbppwr6). + ## Deploy *The section is meant to help users prepare their computer to host Phyllome OS, to pick the right version that will suit their needs, to understand its limitations, and to install it.* diff --git a/phyllomeos/context.md b/phyllomeos/context.md index 3dc4234..016d93b 100644 --- a/phyllomeos/context.md +++ b/phyllomeos/context.md @@ -8,5 +8,124 @@ editor: markdown dateCreated: 2021-11-12T15:31:13.657Z --- -# Header -Your content here \ No newline at end of file +# []{#anchor-24}Phyllome OS + +## []{#anchor-25}Context + +### []{#anchor-26}Public clouds and open source software + +Public clouds provide on-demand computing resources over the Internet. +The largest are called hyperscalers. + +Almost all hyperscalers, at the notable exception of Microsoft Azure, , +depend on open-source software[^19] to support their platform[^20]. Put +simply, without open-source software, they wouldn't exist, at least not +in their current form[^21]. + +In particular, the Linux operating system and its Kernel-based Virtual +Machine (KVM) module are two basic, essential, open-source building +blocks upon which these hyperscalers are built. + +These providers also add their own custom software to the core engine +that propels their platform[^22]. Unfortunately, this custom software +remains for internal use only[^23]. + +Isn't there an equivalent to these custom building blocks available for +everyone to reuse ? + +### []{#anchor-27}The rise of robust general-purpose hypervisors + +Rust-vmm (or Rust-Virtual Machine Monitor) is an ongoing effort among +software and hardware companies, including some hyperscalers, to share +more of their codebase. Rust-vmm provides a platform to share reusable +virtualization-related code by means of Rust-crates[^24]. + +As of 2021, this project offers the closest open-source equivalent to +the aforementioned custom software used by hyperscalers. + +At least three key projects using Linux and KVM are also taking +advantage of Rust-vmm : + +- crosvm (2010 --) + + - Crosvm means the Chrome OS Virtual Machine Monitor. It allows + the virtualization of guest systems on devices running Chrome OS + and Chromium OS, its open-source counterpart. It is the oldest + project of its kind, upon which others are built or forked. + - The ongoing Spectrum (2020) project is a promising attempt to + built a secure desktop OS around Chromium OS, crosvm and the Nix + declarative package management system. + +- firecracker (2018 --) + + - Originally built for desktop systems, crosvm has also been + reused as a foundation for firecracker, the serverless computing + platform which powers AWS Lambda. This is a story not unlike + that of KVM, which was originally built with desktop workloads + in mind but later gained traction as a solution for other + workloads. + +- Cloud Hypervisor (2019 --) + + - Cloud Hypervisor may be considered as the spiritual successor to + the now-defunct NEMU project. NEMU provided a stripped-down + version of QEMU [^25]. + - Contrary to crosvm and projects that rely on it, it is possible + to run non-Linux virtual guest systems on Cloud Hypervisor, + provided that they support UEFI. + - As of today, there is no desktop-oriented operating system + intended to take advantage of Cloud Hypervisor. + + ----------------------------- -------- ------------- ------------------ + crosvm firecracker Cloud Hypervisor + QEMU No No No + KVM Yes Yes Yes + Desktop-friendly Yes No No + Support for non-Unix guests No No Yes + ----------------------------- -------- ------------- ------------------ + +Until recently, any attempt to create a local-first, free and +open-source operating system that could run atop affordable, +virtualization-friendly hardware[^26] using basic building blocks +similar to those used by major public clouds would rightfully be met +with skepticism. + +Thanks to the rust-vmm umbrella project, assembling such an operating +system is now becoming a possibility. + +## []{#anchor-28}Description + +### []{#anchor-29}Phyllome OS + +Phyllome OS intends to tap into some modern software- and +hardware-related innovations used in the cloud and make them available +to a wider audience locally: to bring some of the cloud back home, so to +speak, with a focus on performance and usability. As an operating +system, Phyllome OS makes it easier to run virtual machines locally +using off-the-shelf hardware : it is designed from the ground up to be +easy[^27]-and safe[^28]-to-use. + +Technically speaking, Phyllome OS is an attempt to port the Cloud +Hypervisor to desktop systems[^29]. + +Conceptually, Phyllome OS can be thought of in several ways : as a +wrapper around operating systems that use a Graphical User Interface +(GUI), just as Docker is, among other things,a headless wrapper around +GUI-less containers ; as an abstraction between the hardware and the +operating system; as a local-first appliance or sandbox whose sole +purpose is to run general computing operating systems using +hardware-assisted virtualization, and hopefully run them well ; or as +just another attempt to bring Linux back to the desktop, albeit more +covertly this time. + +As with popular existing operating systems, Phyllome OS is designed to +be installed on a single machine or host. Contrary to existing operating +systems, it abstracts the physical layer away, allowing diverse +operating systems to run concurrently on the same machine if the user so +desires. + +### []{#anchor-30}The Phyllome OS Project + +The Phyllome Project aims to build a community around open source +virtualization and to make the development of Phyllome OS sustainable. +The project relies on self-hosted open source software. \ No newline at end of file diff --git a/phyllomeos/purpose.md b/phyllomeos/purpose.md index 926b9b8..b086e67 100644 --- a/phyllomeos/purpose.md +++ b/phyllomeos/purpose.md @@ -8,5 +8,70 @@ editor: markdown dateCreated: 2021-11-12T15:31:30.659Z --- -# Header -Your content here \ No newline at end of file +## []{#anchor-31}Purpose + +Why would one prefers to use an operating system installed on virtual +hardware ? + +Adding a layer of abstraction between the operating system and the +virtualization-friendly hardware allows for support of newer operating +systems, beyond what the physical hardware can support. + +- By using Phyllome OS on Apple hardware that do not support the + latest iteration of macOS, one could create a virtual machine and + install the latest iteration of macOS anyway, further extending the + life of hardware. + + - **Note:** Phyllome OS does not and will **not** support running + macOS on anything but Apple hardware, as it is -- sadly -- not + allowed by Apple. + +- Windows 11 requires a Trusted Platform Module (TPM). By using a + virtual machine alongside a virtual TPM on unsupported hardware, one + could still run Windows 11. The passthrough of a real TPM may also + be supported. + +### []{#anchor-32}Advantages + +More generally, a software-based/backed computer, or simply a virtual +machine, has many advantages over a silicon-based computer : + +- **Cost** : the cost of creating a virtual machine tends to zero +- **Flexibility** : a software-backed computer, alongside its + operating system, can be migrated to new physical hosts. In other + words, when a user acquires a new physical computer, the entire + computing environment may be copy/pasted to the new machine. +- **Compatibility** : contrary to silicon-based computers, which tend + to be optimized to work at most with only a handful operating + systems, a virtual machine can be designed to work with most + operating systems. + +### []{#anchor-33}Limitations + +Alas, it also comes with limitations, including but not limited to : + +- Limited out-of-the box hardware support : hardware-assisted + virtualization is available on many computers but rarely activated + by default and not always correctly implemented. Users remain a the + mercy of good platform firmware and may have to explicitly activate + hardware-assisted virtualization in the BIOS/UEFI. Hardware + components are often not correctly isolated in IOMMU groups. + + - Offering first-class support for only a handful of curated + computers might provide an answer, at the price of + compatibility. + - When it comes to IOMMU groups, a workaround[^30] might have to + be used for models that do not offer well-isolated IOMMU groups, + a workaround that has security implications. + +- **Reliance on devices or controllers passthrough to cover edge cases + **: virtual hardware do not cover all features a user may expect to + have, including out of the box support for Bluetooth, wireless, or + sound adapters. For those cases, USB or PCI Passthrough might be + used. + + - Again, offering first-class support for only a handful of + curated computers might provide an answer, at the price of + compatibility. + - New virtual hardware are expected, including paravirtualized + sound cards, which will improve the situation. diff --git a/phyllomeos/roadmap.md b/phyllomeos/roadmap.md index 42c8cad..9da4b70 100644 --- a/phyllomeos/roadmap.md +++ b/phyllomeos/roadmap.md @@ -8,5 +8,93 @@ editor: markdown dateCreated: 2021-11-13T11:55:14.298Z --- -# Header -Your content here \ No newline at end of file + ------------------------------------------- ----------------------- ------------------- ---------------------------------------------------- ---------------------------- + Fedora 34 Phyllome OS alpha Phyllome OS beta Phyllome OS 1.0 + Out-of-the box support for virtualization No Yes Yes Yes + Emulator/virtualizer QEMU QEMU QEMU, Cloud Hypervisor (does CH support vfio-pci?) Cloud Hypervisor + Virtual motherboard support i440fx / Q35 Q35 Q35, virt virt + Firmware OVMF, SeaBIOS OVMF OVMF OVMF + Hypervisor KVM KVM KVM KVM + Based on Itself Fedora Server Fedora Silverblue Fedora Silverblue + Desktop-oriented (GNOME-shell) Possible Yes, GNOME-shell Yes Yes + Package management RPM RPM RPM-ostree RPM-ostree + Rolling release No No Yes Yes + Live-edition No No No Yes + Local first Possible Yes Yes Yes + Default filesystem Btrfs Ext4 Ext4 F2FS + Host encryption Possible No Filesystem-level (fscrypt) Filesystem-level (fscrypt) + GPU support Intel, AMD and Nvidia Intel Intel and AMD Intel AMD and Nvidia + Target release date Released 2021 2022 2022 + ------------------------------------------- ----------------------- ------------------- ---------------------------------------------------- ---------------------------- + +### []{#anchor-48}Beyond the first production-ready release + +Here are some features that may be added later : + +- App store + + - An application store for distributing prepackaged and + easy-to-deploy operating systems + +- A new GUI application to manage virtual machines + + - The virtual machine manager does more than what Phyllome OS + needs. It would make sense to rely on a leaner, more simple + software, similar to GNOME Boxes. + - Ideally, it would be written in Rust, just as the Cloud + Hypervisor + +- Graphics + + - Out-of-the box support for Single GPU passthrough + + - Support for single GPU passthrough would make it easier to + run Phyllome OS on hardware that features a single graphics + card lacking support for vfio-mdev. + + - Out-of-the box support for vfio-mdev on Nvidia, consumer grade + GPUs. + + - A 2021 project[^53] is bringing vfio-mdev to Nvidia, + consumer grade GPUs. It would be great to support it and + offer Phyllome's users the ability to split their physical + GPUs. + + - Out-of-the box support for SR/IOV on generation 11^th^ of Intel + graphics + +- Streaming + + - Making encoding and decoding a virtual machine desktop or + display more efficient would allow for more diverse uses, + including usable remote desktops. + + - For that to happen, it would mean to support virtio-video. + - Another route would be to use WebRTC on Wayland. + +- Support the Virtual I/O Device (VIRTIO) Version 1.2 + + - Version 1.2 of the VIRTIO specification will soon be released + with new virtual devices. Phyllome OS will need to support + these. + +- Support platform-dependent confidential computing features + + - On public clouds -- where many virtual machines are collocated + underneath the same hypervisor -- there are ongoing efforts to + make it possible to run workloads without having to blindly + trust the host system. Some of those efforts rely on + platform-specific technologies, such as Intel's SGX Secure + Enclave or and AMD's Secure Encrypted Virtualization (SEV). It + would be nice to be able to support these. + +- First-class support for more open x86 hardware + + - It would be great to optimize Phyllome OS to work on a recent, + more open x86 motherboard that supports both openBMC and + Coreboot[^54]. + +- Support beyond the x86 architecture + + - Support for hardware based on ARM and RISC-V architectures would + be great. \ No newline at end of file diff --git a/project/infrastructure.md b/project/infrastructure.md index abd45ba..e769955 100644 --- a/project/infrastructure.md +++ b/project/infrastructure.md @@ -12,7 +12,7 @@ dateCreated: 2021-11-13T12:10:04.658Z ## Dedicated server -Most services are self-hosted in a virtual machine, on a Fedora host. +Most services are self-hosted in a virtual machine, on a Fedora Server host. ## Platform-as-a-Service (PaaS) diff --git a/virt/lexicon.md b/virt/lexicon.md index 3646481..b147227 100644 --- a/virt/lexicon.md +++ b/virt/lexicon.md @@ -8,40 +8,154 @@ editor: markdown dateCreated: 2021-11-13T11:58:43.776Z --- - # Terms related to virtualization -When in **bold**, it refers to generic terms, when in *italic*, it refers to specific technologies or software +### []{#anchor-8}Emulator -* *AMD Vi* -* *AMD SEV*: -* *crossvm*: -* **Emulated devices**: -* *Firecracker*: -* **Hypervisor**: A hypervisor or Virtual Machine Monitor is a piece of software -* **HVM**: -* *Intel VT-d*: -* *Intel VT-x*: -* *Intel GVT-d*: -* **IOMMU**: -* **Kernel space**: -* **KVM**: The Kernel-based Virtual Machine module for Linux. -* **Nested-passthrough**: -* **Nested-virtualization**: -* **Machine-level virtualization**: -* **OS-level virtualization**: -* **Passthrough**: -* **Paravirtualization**: -* *QEMU*: QEMU, shorts for QEMU is not an EMUlator, allows for emulating a great number of systems. -* *Qubes OS*: -* *Spectrum OS*: -* **Type 1 hypervisor**: -* **Type 2 hypervisor**: -* **UEFI**: -* **User space**: -* *Xen*: -* **Vhost**: -* **Virtio devices**: -* **Virtual machine**: -* **Virtualization**: allowing the recreation of software-based computers sitting on top of real, physical or bare-metal hardware -* **VFIO**: \ No newline at end of file +Emulators or virtualizers are software that provide material components +similar to physical hardware, but that are made of computer code instead +of silicon, -- virtual hardware --, such as virtual floppy disks. + +QEMU[^6] is a popular emulator that can act as a simulator or virtual +machine monitor. In the latter case, it can leverage hardware +acceleration, + +### []{#anchor-9}Hardware-assisted virtualization + +Hardware-assisted virtualization is a feature of certain computer +hardware made to take advantage of virtualization. + +Such hardware reduces the overheads associated with virtualization and +is thus key to unlocking near-native performance for virtual machines. +In other words, hardware-assisted virtualization translates into better +performance for virtualized workloads, significantly reducing the gap in +performance between a virtual machine and a physical one. + +### []{#anchor-10}Nested-virtualization + +Nested-virtualization refers to the ability to run a virtual machine +inside another virtual machine. + +### []{#anchor-11}Virtualization + +Most computers are made of hardware and software. By analogy, the brain +that animates the cells to control a body can be thought as the +operating system that controls components of its body. + +Virtualization can be defined as the ability to run a software-based +computer inside a physical computer. , It is a set of computer-related +techniques that make it possible to create replicas of computer hardware +out of computer code. Those replicas are often referred to as virtual +machines. + +There are roughly three types of virtualization: + +- **Simulation or emulation**: when a computer is fully emulated and + can be made to look like any device to an operating system +- **Partition**: when computer resources are split such that each + operating system can only see a subset of available hardware + resources +- **Paravirtualization**: when both hardware and software-assisted + virtualization is being used. In this case, the guest is aware that + it is running in the virtualized environment, and acts accordingly. + +Virtualization is used to better isolate resources on a physical +computer and to distribute them across various workloads, enabling +better use of resources through consolidation. For instance, with +virtualization, multiple operating systems can run concurrently on a +physical machine. + +### []{#anchor-12}Hypervisor + +A hypervisor is an operating system or firmware that is designed to run +guest systems: it handles scheduling, execution of hyper privileged +instructions, memory management and over-commitment, and provides +drivers for physical devices. + +The Virtual Machine Monitor (VMM) is a software that runs on top of the +hypervisor and manages the life cycle of a virtual machine. It provides +device models for emulated devices and implements tasks such as start, +suspend, migrate, and stop virtual machines. + +The hypervisor and VMM work in tandem with emulators, which provide them +virtual hardware. + +As of 2021, there are two major open-source hypervisor that are both are +able to leverage hardware-assisted virtualization: + +- Xen (2003)[^7]. +- Kernel-based Virtual Machine (KVM) module for Linux (2007)[^8]. + +### []{#anchor-13}Device + +Devices are computer components that can be attached to machines. They +can be classified in two ways : physical or emulated. + ++--------+-------------------+----------------+------------------------+ +| | Physical hardware | Emulated : | Emulated : paravirtual | +| | | | | +| | | model-based | | ++--------+-------------------+----------------+------------------------+ +| Design | Specific | Specific | Generic | ++--------+-------------------+----------------+------------------------+ +| Type | Silicon-based | Software-based | Software-based | ++--------+-------------------+----------------+------------------------+ + +- Physical + + - Physical components refer to devices that can be attached to a + system. For instance, a dedicated physical graphics card + attached to a physical system can be directly attached to a + virtual machine, which then becomes responsible for managing it, + a technique called *passthrough*. The PCI-SIG standards provide + IOMMU-related specifications to allow a host operating system to + not have a driver for a particular device[^9] and passthrough + the device to the guest. The guest will have a device with + nearly native performance, and use the standard vendor's drivers + for the device. + - The PCI-SIG standards also provide a way to partition compatible + devices using so-called Virtual Functions (VFs). In this case, + the host manages the way a physical device is used by the guest. + Both host and guest must have specific device drivers. It offers + nearly native performance. + +- Emulated + + - Model-based + + - Model-based emulated hardware are designed after real + devices, but are made out of computer code, not silicon. The + i440fx and Q35[^10] chipsets are both instances of emulated + hardware. This is the slowest (but most compatible) way to + provide a device to a guest. An emulated GPU is not going to + be fast enough in an emulated mode to do 3D rendering. + + - Paravirtual + + - Paravirtual hardware, also known as paravirtualized Virtual + I/O devices or simply virtio, are also made out of computer + code. Contrary to emulated hardware, they function as a + generic piece of software-based hardware which doesn't + replicate a specific hardware component. + +### []{#anchor-14}Paravirtualization + +Paravirtualization refers to the emulation practice of letting an +operating system running in a virtualized environment know that it is +running in such an environment[^11]. + +Under this configuration, more efficient communication methods are +available between the host and the guest, including VirtIO devices +(e.g.: virtio-net for network devices, virtio-blk for block storage +devices). Such devices can communicate directly with the host, instead +of emulating every single command of an IDE, SATA, SCSI or NVMe device, +as it is the case for model-based emulation. + +### []{#anchor-15}Virtual machine + +A virtual machine is a recreation of a real, physical, silicon-based +computer using software. It performs almost exactly as a physical +computer, and can thus host an operating system. + +The expression "virtual machine" is often abbreviated VM. VMs are also +often referred to as guests, in contrast to the hosts that host them. \ No newline at end of file