roots/wiki
1
0
Fork 0
Code Pull Requests Activity

Under construction

Browse Source 
add section under construction to a bunch of file;
fetch contents from the white-paper
This commit is contained in:
lukas
2021-11-15 17:20:36 +01:00
parent 4c1454875c
commit eede7d0df8
45 changed files with 291 additions and 292 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phyllomeos/architecture.md
View File

@ -8,5 +8,5 @@ editor: markdown
dateCreated: 2021-11-12T15:31:49.655Z
---
# Header
Your content here
> Section under construction
{.is-warning}

125
phyllomeos/context.md
View File

@ -8,73 +8,44 @@ editor: markdown
dateCreated: 2021-11-12T15:31:13.657Z
---
# []{#anchor-24}Phyllome OS
> Section under construction. Sources are missing.
{.is-warning}
## []{#anchor-25}Context
## Context
### []{#anchor-26}Public clouds and open source software
### Public clouds and open source software
Public clouds provide on-demand computing resources over the Internet.
The largest are called hyperscalers.
Public clouds provide on-demand computing resources over the Internet. The largest are called hyperscalers.
Almost all hyperscalers, at the notable exception of Microsoft Azure, ,
depend on open-source software[^19] to support their platform[^20]. Put
simply, without open-source software, they wouldn't exist, at least not
in their current form[^21].
Almost all hyperscalers, at the notable exception of Microsoft Azure,depend on open-source software to support their platform. Put
simply, without open-source software, they wouldn't exist, at least not in their current form.
In particular, the Linux operating system and its Kernel-based Virtual
Machine (KVM) module are two basic, essential, open-source building
blocks upon which these hyperscalers are built.
In particular, the Linux operating system and its Kernel-based Virtual Machine (KVM) module are two basic, essential, open-source building blocks upon which these hyperscalers are built.
These providers also add their own custom software to the core engine
that propels their platform[^22]. Unfortunately, this custom software
remains for internal use only[^23].
These providers also add their own custom software to the core engine that propels their platform. Unfortunately, this custom software
remains for internal use only.
Isn't there an equivalent to these custom building blocks available for
everyone to reuse ?
Isn't there an equivalent to these custom building blocks available for everyone to reuse ?
### []{#anchor-27}The rise of robust general-purpose hypervisors
#### The rise of robust general-purpose hypervisors
Rust-vmm (or Rust-Virtual Machine Monitor) is an ongoing effort among
software and hardware companies, including some hyperscalers, to share
more of their codebase. Rust-vmm provides a platform to share reusable
virtualization-related code by means of Rust-crates[^24].
Rust-vmm (or Rust-Virtual Machine Monitor) is an ongoing effort among software and hardware companies, including some hyperscalers, to share more of their codebase. Rust-vmm provides a platform to share reusable virtualization-related code by means of Rust-crates.
As of 2021, this project offers the closest open-source equivalent to
the aforementioned custom software used by hyperscalers.
As of 2021, this project offers the closest open-source equivalent to the aforementioned custom software used by hyperscalers.
At least three key projects using Linux and KVM are also taking
advantage of Rust-vmm :
At least three key projects using Linux and KVM are also taking advantage of Rust-vmm :
- crosvm (2010 --)
* crosvm (2010 --)
* Crosvm means the Chrome OS Virtual Machine Monitor. It allows the virtualization of guest systems on devices running Chrome OS and Chromium OS, its open-source counterpart. It is the oldest project of its kind, upon which others are built or forked.
* The ongoing Spectrum (2020) project is a promising attempt to built a secure desktop OS around Chromium OS, crosvm and the Nix declarative package management system.
- Crosvm means the Chrome OS Virtual Machine Monitor. It allows
the virtualization of guest systems on devices running Chrome OS
and Chromium OS, its open-source counterpart. It is the oldest
project of its kind, upon which others are built or forked.
- The ongoing Spectrum (2020) project is a promising attempt to
built a secure desktop OS around Chromium OS, crosvm and the Nix
declarative package management system.
* firecracker (2018 --)
* Originally built for desktop systems, crosvm has also been reused as a foundation for firecracker, the serverless computing platform which powers AWS Lambda. This is a story not unlike that of KVM, which was originally built with desktop workloads in mind but later gained traction as a solution for other workloads.
- firecracker (2018 --)
- Originally built for desktop systems, crosvm has also been
reused as a foundation for firecracker, the serverless computing
platform which powers AWS Lambda. This is a story not unlike
that of KVM, which was originally built with desktop workloads
in mind but later gained traction as a solution for other
workloads.
- Cloud Hypervisor (2019 --)
- Cloud Hypervisor may be considered as the spiritual successor to
the now-defunct NEMU project. NEMU provided a stripped-down
version of QEMU [^25].
- Contrary to crosvm and projects that rely on it, it is possible
to run non-Linux virtual guest systems on Cloud Hypervisor,
provided that they support UEFI.
- As of today, there is no desktop-oriented operating system
intended to take advantage of Cloud Hypervisor.
* Cloud Hypervisor (2019 --)
* Cloud Hypervisor may be considered as the spiritual successor to the now-defunct NEMU project. NEMU provided a stripped-down version of QEMU.
* Contrary to crosvm and projects that rely on it, it is possible to run non-Linux virtual guest systems on Cloud Hypervisor, provided that they support UEFI.
* As of today, there is no desktop-oriented operating system intended to take advantage of Cloud Hypervisor.
----------------------------- -------- ------------- ------------------
crosvm firecracker Cloud Hypervisor
@ -84,48 +55,26 @@ advantage of Rust-vmm :
Support for non-Unix guests No No Yes
----------------------------- -------- ------------- ------------------
Until recently, any attempt to create a local-first, free and
open-source operating system that could run atop affordable,
virtualization-friendly hardware[^26] using basic building blocks
similar to those used by major public clouds would rightfully be met
Until recently, any attempt to create a local-first, free and open-source operating system that could run atop affordable,virtualization-friendly hardware using basic building blocks similar to those used by major public clouds would rightfully be met
with skepticism.
Thanks to the rust-vmm umbrella project, assembling such an operating
system is now becoming a possibility.
Thanks to the rust-vmm umbrella project, assembling such an operating system is now becoming a possibility.
## []{#anchor-28}Description
## Description
### []{#anchor-29}Phyllome OS
### Phyllome OS
Phyllome OS intends to tap into some modern software- and
hardware-related innovations used in the cloud and make them available
to a wider audience locally: to bring some of the cloud back home, so to
speak, with a focus on performance and usability. As an operating
system, Phyllome OS makes it easier to run virtual machines locally
using off-the-shelf hardware : it is designed from the ground up to be
easy[^27]-and safe[^28]-to-use.
Phyllome OS intends to tap into some modern software- and hardware-related innovations used in the cloud and make them available
to a wider audience locally: to bring some of the cloud back home, so to speak, with a focus on performance and usability. As an operating system, Phyllome OS makes it easier to run virtual machines locally using off-the-shelf hardware : it is designed from the ground up to be easy-and safe-to-use.
Technically speaking, Phyllome OS is an attempt to port the Cloud
Hypervisor to desktop systems[^29].
Technically speaking, Phyllome OS is an attempt to port the Cloud Hypervisor to desktop systems.
Conceptually, Phyllome OS can be thought of in several ways : as a
wrapper around operating systems that use a Graphical User Interface
(GUI), just as Docker is, among other things,a headless wrapper around
GUI-less containers ; as an abstraction between the hardware and the
operating system; as a local-first appliance or sandbox whose sole
purpose is to run general computing operating systems using
hardware-assisted virtualization, and hopefully run them well ; or as
just another attempt to bring Linux back to the desktop, albeit more
covertly this time.
Conceptually, Phyllome OS can be thought of in several ways : as a wrapper around operating systems that use a Graphical User Interface
(GUI), just as Docker is, among other things,a headless wrapper around GUI-less containers ; as an abstraction between the hardware and the operating system; as a local-first appliance or sandbox whose sole purpose is to run general computing operating systems using
hardware-assisted virtualization, and hopefully run them well ; or as just another attempt to bring Linux back to the desktop, albeit more covertly this time.
As with popular existing operating systems, Phyllome OS is designed to
be installed on a single machine or host. Contrary to existing operating
systems, it abstracts the physical layer away, allowing diverse
operating systems to run concurrently on the same machine if the user so
desires.
As with popular existing operating systems, Phyllome OS is designed to be installed on a single machine or host. Contrary to existing operating systems, it abstracts the physical layer away, allowing diverse operating systems to run concurrently on the same machine if the user so desires.
### []{#anchor-30}The Phyllome OS Project
### The Phyllome OS Project
The Phyllome Project aims to build a community around open source
virtualization and to make the development of Phyllome OS sustainable.
The project relies on self-hosted open source software.
The Phyllome Project aims to build a community around open source virtualization and to make the development of Phyllome OS sustainable. The project relies on self-hosted open source software.

1
phyllomeos/faq.md
View File

@ -8,7 +8,6 @@ editor: markdown
dateCreated: 2021-11-12T15:33:09.361Z
---
### Can you explain the whole project and its expected outcome(s) ?
Traditionally, operating systems (OS) installed directly on physical hardware have unfiltered access to the underling system hardware, which they trust by default. In contrast, when deployed inside virtual machines, this access can be mediated at the hypervisor/host level, enhancing the security of the overall system by allowing the user to distrust parts of the hardware stack, a vision that is implemented thorougly by the [QubesOS](https://www.qubes-os.org/), which Phyllome OS draws inspiration from.

4
phyllomeos/guests.md
View File

@ -8,5 +8,5 @@ editor: markdown
dateCreated: 2021-11-13T11:55:41.102Z
---
# Header
Your content here
> Section under construction. Sources are missing.
{.is-warning}

76
phyllomeos/purpose.md
View File

@ -8,70 +8,34 @@ editor: markdown
dateCreated: 2021-11-12T15:31:30.659Z
---
## []{#anchor-31}Purpose
## Purpose
Why would one prefers to use an operating system installed on virtual
hardware ?
Why would one prefers to use an operating system installed on virtual hardware ?
Adding a layer of abstraction between the operating system and the
virtualization-friendly hardware allows for support of newer operating
systems, beyond what the physical hardware can support.
Adding a layer of abstraction between the operating system and the virtualization-friendly hardware allows for support of newer operating systems, beyond what the physical hardware can support.
- By using Phyllome OS on Apple hardware that do not support the
latest iteration of macOS, one could create a virtual machine and
install the latest iteration of macOS anyway, further extending the
life of hardware.
* By using Phyllome OS on Apple hardware that do not support the latest iteration of macOS, one could create a virtual machine and install the latest iteration of macOS anyway, further extending the life of hardware.
* **Note:** Phyllome OS does not and will **not** support running macOS on anything but Apple hardware, as it is -- sadly -- not allowed by Apple.
* Windows 11 requires a Trusted Platform Module (TPM). By using a virtual machine alongside a virtual TPM on unsupported hardware, one could still run Windows 11. The passthrough of a real TPM may also be supported.
- **Note:** Phyllome OS does not and will **not** support running
macOS on anything but Apple hardware, as it is -- sadly -- not
allowed by Apple.
### Advantages
- Windows 11 requires a Trusted Platform Module (TPM). By using a
virtual machine alongside a virtual TPM on unsupported hardware, one
could still run Windows 11. The passthrough of a real TPM may also
be supported.
More generally, a software-based/backed computer, or simply a virtual machine, has many advantages over a silicon-based computer :
### []{#anchor-32}Advantages
* **Cost** : the cost of creating a virtual machine tends to zero
* **Flexibility** : a software-backed computer, alongside its operating system, can be migrated to new physical hosts. In other
words, when a user acquires a new physical computer, the entire computing environment may be copy/pasted to the new machine.
- **Compatibility** : contrary to silicon-based computers, which tend to be optimized to work at most with only a handful operating
systems, a virtual machine can be designed to work with most operating systems.
More generally, a software-based/backed computer, or simply a virtual
machine, has many advantages over a silicon-based computer :
- **Cost** : the cost of creating a virtual machine tends to zero
- **Flexibility** : a software-backed computer, alongside its
operating system, can be migrated to new physical hosts. In other
words, when a user acquires a new physical computer, the entire
computing environment may be copy/pasted to the new machine.
- **Compatibility** : contrary to silicon-based computers, which tend
to be optimized to work at most with only a handful operating
systems, a virtual machine can be designed to work with most
operating systems.
### []{#anchor-33}Limitations
### Limitations
Alas, it also comes with limitations, including but not limited to :
- Limited out-of-the box hardware support : hardware-assisted
virtualization is available on many computers but rarely activated
by default and not always correctly implemented. Users remain a the
mercy of good platform firmware and may have to explicitly activate
hardware-assisted virtualization in the BIOS/UEFI. Hardware
components are often not correctly isolated in IOMMU groups.
* Limited out-of-the box hardware support : hardware-assisted virtualization is available on many computers but rarely activated by default and not always correctly implemented. Users remain a the mercy of good platform firmware and may have to explicitly activate hardware-assisted virtualization in the BIOS/UEFI. Hardware components are often not correctly isolated in IOMMU groups.
* Offering first-class support for only a handful of curated computers might provide an answer, at the price of compatibility.
* When it comes to IOMMU groups, a workaround might have to be used for models that do not offer well-isolated IOMMU groups, a workaround that has security implications.
- Offering first-class support for only a handful of curated
computers might provide an answer, at the price of
compatibility.
- When it comes to IOMMU groups, a workaround[^30] might have to
be used for models that do not offer well-isolated IOMMU groups,
a workaround that has security implications.
- **Reliance on devices or controllers passthrough to cover edge cases
**: virtual hardware do not cover all features a user may expect to
have, including out of the box support for Bluetooth, wireless, or
sound adapters. For those cases, USB or PCI Passthrough might be
used.
- Again, offering first-class support for only a handful of
curated computers might provide an answer, at the price of
compatibility.
- New virtual hardware are expected, including paravirtualized
sound cards, which will improve the situation.
* Reliance on devices or controllers passthrough to cover edge cases: virtual hardware do not cover all features a user may expect to have, including out of the box support for Bluetooth, wireless, or sound adapters. For those cases, USB or PCI Passthrough might be used.
* Again, offering first-class support for only a handful of curated computers might provide an answer, at the price of compatibility.
* New virtual hardware are expected, including paravirtualized sound cards, which will improve the situation.

111
phyllomeos/roadmap.md
View File

@ -8,6 +8,24 @@ editor: markdown
dateCreated: 2021-11-13T11:55:14.298Z
---
> Section under construction. Tables is broken. Would have to fix it.
{.is-warning}
Take this table as an example:
| Description | vfio-pci | vfio-mdev | vfio-gpu |
|---|---|---|---|
| *Performance* | Near-native performance and full features set | Near-native performance and full features set | Degraded performance and limited features set |
| *Guests support* | UNIX and non-UNIX guests | UNIX and non-UNIX guests | Works only on selected UNIX guests |
| *Driver* | No special driver in the guest | No special driver in the guest | Requires a special driver in the guest |
| *Number of host GPUs* | Two GPUs in most situations | A single GPU | A single GPU |
| *GPU support* | Mostly GPU agnostic | Recent Intel integrated GPUs and some professional grade Nvidia GPUs | Mostly GPU agnostic |
# Roadmap
------------------------------------------- ----------------------- ------------------- ---------------------------------------------------- ----------------------------
Fedora 34 Phyllome OS alpha Phyllome OS beta Phyllome OS 1.0
Out-of-the box support for virtualization No Yes Yes Yes
@ -27,74 +45,35 @@ dateCreated: 2021-11-13T11:55:14.298Z
Target release date Released 2021 2022 2022
------------------------------------------- ----------------------- ------------------- ---------------------------------------------------- ----------------------------
### []{#anchor-48}Beyond the first production-ready release
### Beyond the first production-ready release
Here are some features that may be added later :
- App store
- An application store for distributing prepackaged and
easy-to-deploy operating systems
- A new GUI application to manage virtual machines
- The virtual machine manager does more than what Phyllome OS
needs. It would make sense to rely on a leaner, more simple
software, similar to GNOME Boxes.
- Ideally, it would be written in Rust, just as the Cloud
Hypervisor
- Graphics
- Out-of-the box support for Single GPU passthrough
- Support for single GPU passthrough would make it easier to
run Phyllome OS on hardware that features a single graphics
card lacking support for vfio-mdev.
- Out-of-the box support for vfio-mdev on Nvidia, consumer grade
GPUs.
- A 2021 project[^53] is bringing vfio-mdev to Nvidia,
consumer grade GPUs. It would be great to support it and
offer Phyllome's users the ability to split their physical
GPUs.
- Out-of-the box support for SR/IOV on generation 11^th^ of Intel
graphics
- Streaming
- Making encoding and decoding a virtual machine desktop or
display more efficient would allow for more diverse uses,
including usable remote desktops.
- For that to happen, it would mean to support virtio-video.
- Another route would be to use WebRTC on Wayland.
- Support the Virtual I/O Device (VIRTIO) Version 1.2
- Version 1.2 of the VIRTIO specification will soon be released
with new virtual devices. Phyllome OS will need to support
these.
- Support platform-dependent confidential computing features
- On public clouds -- where many virtual machines are collocated
underneath the same hypervisor -- there are ongoing efforts to
make it possible to run workloads without having to blindly
trust the host system. Some of those efforts rely on
platform-specific technologies, such as Intel's SGX Secure
Enclave or and AMD's Secure Encrypted Virtualization (SEV). It
* **App store**
* An application store for distributing prepackaged and easy-to-deploy operating systems
* **A new GUI application** to manage virtual machines
* The virtual machine manager does more than what Phyllome OS needs. It would make sense to rely on a leaner, more simple
software, similar to GNOME Boxes.
* Ideally, it would be written in Rust, just as the Cloud Hypervisor
* **Graphics**
* Out-of-the box support for Single GPU passthrough
* Support for single GPU passthrough would make it easier to run Phyllome OS on hardware that features a single graphics card lacking support for vfio-mdev.
* Out-of-the box support for vfio-mdev on Nvidia, consumer grade GPUs.
* A 2021 project is bringing vfio-mdev to Nvidia, consumer grade GPUs. It would be great to support it and offer Phyllome's users the ability to split their physical GPUs.
* Out-of-the box support for SR/IOV on generation 11^th^ of Intel graphics
* **Streaming**
* Making encoding and decoding a virtual machine desktop or display more efficient would allow for more diverse uses, including usable remote desktops.
* For that to happen, it would mean to support virtio-video.
* Another route would be to use WebRTC on Wayland.
* **Support the Virtual I/O Device (VIRTIO) Version 1.2**
* Version 1.2 of the VIRTIO specification will soon be released with new virtual devices. Phyllome OS will need to support these.
* **Support platform-dependent confidential computing features**
* On public clouds -- where many virtual machines are collocated underneath the same hypervisor -- there are ongoing efforts to
make it possible to run workloads without having to blindly trust the host system. Some of those efforts rely on
platform-specific technologies, such as Intel's SGX Secure Enclave or and AMD's Secure Encrypted Virtualization (SEV). It
would be nice to be able to support these.
- First-class support for more open x86 hardware
- It would be great to optimize Phyllome OS to work on a recent,
more open x86 motherboard that supports both openBMC and
* **First-class support for more open x86 hardware**
* It would be great to optimize Phyllome OS to work on a recent, more open x86 motherboard that supports both openBMC and
Coreboot[^54].
- Support beyond the x86 architecture
- Support for hardware based on ARM and RISC-V architectures would
be great.
* **Support beyond the x86 architecture**
* Support for hardware based on ARM and RISC-V architectures would be great.

3
phyllomeos/sbom.md
View File

@ -8,6 +8,9 @@ editor: markdown
dateCreated: 2021-11-12T15:32:04.404Z
---
> Section under construction.
{.is-warning}
# List of software
The basic idea is to list software Phyllome OS relies on to function.

5
phyllomeos/use-cases.md
View File

@ -8,7 +8,8 @@ editor: markdown
dateCreated: 2021-11-11T19:07:41.722Z
---
# Use cases
Your content here
> Section under construction. Sources are missing.
{.is-warning}
For example, a virtual display in a virtual machine can be set to a resolution that exceeds what the underling physical display is capable of, and such a virtual display may be accessible remotely, over the network.