Consideration about enabling hypervisor in open source firmware

Security,

Until now SPI flash memory was not considered to be a storage for a hypervisor,
because they were relatively too small.
We've embedded Bareflank-based hypervisor into SPI flash to be launched directly
from coreboot and load SeaBIOS, also embedded inside SPI flash. For this purpose,
we had to change architecture from 32-bit used by coreboot to 64-bit used by
a hypervisor, and then get back to 32-bit to load SeaBIOS as a payload.
This is a compact solution for multiple purposes using Virtual Machines that
provides separation, stability, and security. Fact, that the hypervisor is
embedded in the SPI means, that simple disk removal doesn't affect it.
In this paper, we will show how we've done it and what are the possible
extensions and usages of our concept.

Resources: