1 My Challenge of embedding mruby into a bare-metal hypervisor 1 Yuki Nakata (@chikuwa_IT) Future University Hakodate(B2 student)

2 2 My project : mruby in BitVisor • Embed mruby into a bare-metal hypervisor BitVisor • objective : implement monitoring and manipulating I/O between OS and Hardware device with efficient coding by mruby RiteVM mrbgems(Ruby) mrbgems(C) mruby Applications 2 .BD04 BitVisor

3 3 Utilizing the Intel VT-x/AMD-V virtualization hardware Storage Management Encryption Authentication / Key management VPN Virtual Machine Monitor (VMM) Core ID Management Network Management Hardware Devices OS X Guest OS - Small & Light-weight Hypervisor • 128MiB footprint and 100K SLOC • Targeted for Intel VT-x and AMD-V virtualization hardware - Security Functions to Prevent Data Breaches • Disk encryption for HDD, USB sticks • OS-agnostic mandatory VPN • Insecure or unused device hardware isolation BitVisor is a hypervisor for security purposes Significant Features of BitVisor

4 4 1. No complete 'libc' library for BitVisor 2. Prohibit of any floating point arithmetic inside BitVisor because of FPU unavailable Technical issues on embedding mruby into BitVisor

1.The Standard C Library doesn’t exist 5 5 - BitVisor provides minimal libraries - some of the functions are available in BitVisor, such as printf() and free(), but they may be incompatible to the standard libc ones - Of course, mruby depends on the libc library - Mainly string and math related functions are missing - e.g. memmove, strncmp, pow, floor Most of libc function calls in the mruby code should be implemented from scratch

6 6 void *memmove(void *dst, const void *src, unsigned int count) { void *ret = dst; if(dst == NULL || src == NULL || count == 0){ return NULL; } if(dst <= src || (unsigned char *)dst >= ((unsigned char *)src + count)){ while(count--){ *(unsigned char *)dst = *(unsigned char *)src; dst = (unsigned char *)dst + 1; src = (unsigned char *)src + 1; } }else{ dst = (unsigned char *)dst + count - 1; src = (unsigned char *)src + count - 1; while(count--){ *(unsigned char *)dst = *(unsigned char *)src; dst = (unsigned char *)dst -1; src = (unsigned char *)src - 1; } } return ret; } example(memmove) - Memmove is a function to moveɹɹ n bytes of memory block - Memmove does not exist in BitVisor - Need to implement it myself

7 7 - Floating point instructions should not be used in BitVisor - In the current BitVisor implementation, any FPU instructions must be kept away from the VMM the because the preempted guest OS might use the FPU Use software emulation of floating point numbers 2. Unavailable for floating point number

Issues of using software float 8 8 - For ARM and MIPS, It can be enabled with compiler options - Can not do the same with x86_64 Architecture… - Replace it by yourself instead of the compiler - Integrate the Berkeley SoftFloat library into BitVisor

9 9 Replace float with software float - Berkeley SoftFloat can handle arithmetic operations - Replace numeric.c, string.c, vm.c, etc.

10 10 Running a mruby code before OS boot 10.times do |n| Bitvisor.print(“#{n} Hello”) end bitvisor_mruby/mruby_components/sample/sample.rb

11 github.com/chikuwait/bitvisor_mruby 11