Piotr Król is Founder and Embedded Systems Consultant at 3mdeb - the licensed provider of coreboot consulting services. He attained M. Sc. degree in Computer Systems Networking and Telecommunication after graduating from the Gdańsk University of Technology. After working as Storage Controllers Validation Engineer and BIOS Software Engineer in Intel Technology Poland for over 7 years, he created his own consulting business focused on Embedded Firmware (coreboot, UEFI/EDK2/BIOS) and Embedded Linux (Yocto, Linux Device Drivers, Qt/C++/Go/Python applications). He combines his work and passion building firmware that
enables advanced hardware features and follows best security practices. His team maintains PC Engines platforms in coreboot and actively work on and contribute to Open Source Firmware. Feel free to contact Piotr if you have any questions about the related topic.
Until now SPI flash memory was not considered to be a storage for a hypervisor,
because they were relatively too small.
We've embedded Bareflank-based hypervisor into SPI flash to be launched directly
from coreboot and load SeaBIOS, also embedded inside SPI flash. For this purpose,
we had to change architecture from 32-bit used by coreboot to 64-bit used by
a hypervisor, and then get back to 32-bit to load SeaBIOS as a payload.
This is a compact solution for multiple purposes using Virtual Machines that
provides separation, stability, and security. Fact, that the hypervisor is
embedded in the SPI means, that simple disk removal doesn't affect it.
In this paper, we will show how we've done it and what are the possible
extensions and usages of our concept.
In this paper, we are going to explain TrenchBoot implementation for AMD and
prove a boot chain leveraging it. We will outline how this solution coexists
with open-source firmware like coreboot in flash, explain required bootloader
extension based on GRUB2 implementation, discuss Landing Zone (LZ) secure
loader implementation and required Linux kernel modifications.
Finally, we will explain what benefits this solution has over the previous OSLO,
Flicker, Soft Cards and others.