CN102609638A - Xen virtual machine framework based on UEFI (unified extensible firmware interface) runtime service and implementation method thereof - Google Patents
Xen virtual machine framework based on UEFI (unified extensible firmware interface) runtime service and implementation method thereof Download PDFInfo
- Publication number
- CN102609638A CN102609638A CN2011104356717A CN201110435671A CN102609638A CN 102609638 A CN102609638 A CN 102609638A CN 2011104356717 A CN2011104356717 A CN 2011104356717A CN 201110435671 A CN201110435671 A CN 201110435671A CN 102609638 A CN102609638 A CN 102609638A
- Authority
- CN
- China
- Prior art keywords
- uefi
- virtual machine
- drives
- xen
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a Xen virtual machine framework based on UEFI (unified extensible firmware interface) runtime service and an implementation method of the Xen virtual machine framework. The Xen virtual machine framework comprises a hardware platform, a BIOS (basic input /output system) system, a virtual machine monitor and an operating system, wherein the UEFI BIOS comprises a UEFI boot service and a UEFI runtime service; a privilege domain is communicated with a device front drive as one part of the UEFI runtime service in an operation stage of the operating system; the virtual machine monitor is located between the system hardware platform and the operating system software of the virtual computing domain to monitor lower hardware; the operating system comprises a device front drive in an inner nuclear layer and a functional test program in a user layer. Because the privilege domain is not stored in the hardware and is stored in a Flash chip as UEFI runtime service, the Xen virtual machine framework solves the problem that the existing Xen virtual machine framework has low-level safety protection. The simplification of the Xen privilege domain is achieved.
Description
Technical field
The present invention relates to a kind of new Xen virtual machine architecture, particularly relate to a kind of based on UEFI framework of new generation and its implementation.
Background technology
The Xen virtual machine architecture is an actual virtualization solution standard of increasing income, the dynamic portability function that it has the characteristic of increasing income, approaches the performance of primary system, never shuts down, and to the characteristics such as support of primary operating system." unified Extensible Firmware Interface (UEFI) " is a BIOS technical standard of new generation of describing interface between platform firmware and operating system and other application software.UEFI mainly by a series of system's tables that comprise the platform relevant information during with startup service that supplies booting operating system program, operating system to call and operation service constitute.It is that the startup of an operating system and the execution of pre-start-up procedure provide a standard environment that these parts are joined together.Behind os starting, start service and will all be unloaded, still be trapped in the Installed System Memory and serve during operation, call for upper strata operating system.
In up-to-date Xen virtual machine architecture, what it adopted is the separation equipment drive pattern.This pattern is set up front-end equipment and is driven in each user domain, in privileged domain, set up rear end equipment and drive.All user domain operating system is as using conventional equipment forward end equipment to send request, and front-end equipment sends to the rear end equipment that is in the privileged domain through I/O request descriptor and device channels with the identity information of these requests and user domain.The rear end drives the validity that can check this request, carries out the conversion of virtual unit address to physical device address.In case but this framework existing problems are that privileged domain is broken, the rear end drives and is prone to be destroyed or distort, and will cause all virtual Domain all will lose protection mechanism, can't prevent significant data file and confidential information leakage, steal.In addition, realize that in privileged domain the rear end equipment driving of communicating by letter with front-end driven can cause the privileged domain complex system, also do not meet the design original intention of simplifying of Xen privileged domain.
Summary of the invention
The object of the present invention is to provide a kind of new Xen virtual machine architecture and its implementation, it is not high to solve present Xen virtual machine architecture security protection rank, and the privileged domain system is the problem of safety inadequately.Wherein, privileged domain is not stored in the hard disk, but when moving as UEFI service memory in the Flash chip.
The present invention is a kind of to move the Xen virtual machine architecture of time service based on UEFI, be to adopt following technological means to realize:
A kind of Xen virtual machine architecture that moves time service based on UEFI; Comprise hardware platform, BIOS system, virtual machine monitor (Xen hypervisor) and operating system; Service when service and UEFI moved when wherein UEFI BIOS comprised the UEFI startup; The part of service when privileged domain is moved as UEFI, it comprises that the equipment rear end drives, and drives with front equipment end in the operating system stage and communicates by letter; Virtual machine monitor is responsible for monitoring lower floor hardware between system hardware platform and virtual computational fields operating system software, but and become the entity of management and dispatching to keep supplying layer computational fields hardware abstraction to use, also effective isolation mech isolation test is provided for the upper strata computational fields; Operating system comprises that the front equipment end of inner nuclear layer drives and the functional test program of client layer.
The conventional block device driver of Xen is divided into front-end driven and the rear end drives two parts.Can be after the front end device driver is being received from the read-write requests of virtual Domain operating system through event channel and shared drive equipment proposition to the back-end services request.The rear end is the UEFI device driver that operates in the privileged domain, is responsible for the I/O request that receiving front-end is transmitted, and through real device drive visit physical equipment, or use form of software to handle, accomplish the I/O request.
The present invention is a kind of to move the Xen virtual machine architecture of time service based on UEFI implementation method is to adopt following technological means to realize.
The functional test program transmission I/O read-write requests that operates in the user domain drives to front equipment end;
Front equipment end drives after receiving the I/O read-write requests, and the I/O read-write requests is sent to Xen Hypervisor;
Xen Hypervisor sends to the equipment rear end through event channel and shared drive with the I/O read-write requests and drives;
The equipment rear end that operates in the privileged domain drives after receiving the I/O read-write requests, and the primary device drives through wherein sends to hardware device with the I/O read-write requests;
After hardware device is handled, data are returned to the equipment rear end drive;
The equipment rear end drives the data that get access to is sent to Xen Hypervisor;
Xen Hypervisor returns to front equipment end through event channel and shared drive with the data that get access to and drives;
Front equipment end drives the data that get access to is returned to the functional test program.
Xen virtual machine architecture and its implementation of service compared with prior art, have following remarkable advantages and beneficial effect when the present invention is based on the UEFI operation.
Xen virtual machine architecture and its implementation of service when the present invention is based on the UEFI operation; Because privileged domain is not stored in the hard disk; But service memory has solved the not high problem of security protection rank that present Xen virtual machine architecture exists in the Flash chip when moving as UEFI.Realized simplifying of Xen privileged domain simultaneously.
Description of drawings
Fig. 1 is the structural representation of Xen virtual machine architecture of the present invention;
Fig. 2 is the synoptic diagram of Xen virtual machine architecture implementation method of the present invention.
Embodiment
Below in conjunction with Figure of description, specific embodiment of the present invention is explained.
See also shown in Figure 1ly, be the structural representation of Xen virtual machine architecture of the present invention.As can be seen from the figure, the Xen virtual machine architecture is made up of operating system, virtual machine monitor, BIOS system and hardware platform.Wherein,
The functional test program module is positioned at user domain (operating system) layer, belongs to user's attitude program, is used for hardware device is carried out each item test.
The front equipment end driver module is positioned at user domain (operating system) layer, belongs to the kernel state program, is used for communicating by letter with the driving of equipment rear end, and different with the primary device drives of tradition, it is access hardware devices directly.
Xen Hypervisor: be positioned at virtual level, be used to the mechanism such as event channel and shared drive are provided of communicating by letter between user domain and privileged domain.
The equipment rear end drives: be positioned at privileged domain (UEFI BIOS) layer, service routine when belonging to the UEFI operation is used for communicating by letter and communicating by letter with hardware device with the front equipment end driving.It provides unique interface of platform access hardware device, and it also is responsible for communicating with the front equipment end driving when comprising traditional primary device drives part.
Hardware device: be positioned at the hardware platform layer, like hardware devices such as PCI network interface card, SAS cards.
See also shown in Figure 2, the synoptic diagram of Xen virtual machine architecture implementation method of the present invention.Concrete steps are of scheming.
The functional test program transmission I/O read-write requests that operates in the user domain drives to front equipment end.
Front equipment end drives after receiving the I/O read-write requests, and the I/O read-write requests is sent to Xen Hypervisor.
Xen Hypervisor sends to the equipment rear end through event channel and shared drive with the I/O read-write requests and drives.
The equipment rear end that operates in the privileged domain drives after receiving the I/O read-write requests, and the primary device drives through wherein sends to hardware device with the I/O read-write requests.
After hardware device is handled, data are returned to the equipment rear end drive.
The equipment rear end drives the data that get access to is sent to Xen Hypervisor.
Xen Hypervisor returns to front equipment end through event channel and shared drive with the data that get access to and drives.
Front equipment end drives the data that get access to is returned to the functional test program.
What should explain at last is: above embodiment only in order to the explanation the present invention and and unrestricted technical scheme described in the invention; Therefore, although this instructions has carried out detailed explanation to the present invention with reference to each above-mentioned embodiment,, those of ordinary skill in the art should be appreciated that still and can make amendment or be equal to replacement the present invention; And all do not break away from the technical scheme and the improvement thereof of the spirit and the scope of invention, and it all should be encompassed in the middle of the claim scope of the present invention.
Claims (2)
1. the Xen virtual machine architecture of a service when moving based on UEFI; Comprise hardware platform, BIOS system, virtual machine monitor and operating system; It is characterized in that: service when service and UEFI moved when UEFI BIOS comprised the UEFI startup; The part of service when privileged domain is moved as UEFI, it comprises that the equipment rear end drives, and drives with front equipment end in the operating system stage and communicates by letter; Virtual machine monitor is responsible for monitoring lower floor hardware between system hardware platform and virtual computational fields operating system software, but and become the entity of management and dispatching to keep supplying layer computational fields hardware abstraction to use, also effective isolation mech isolation test is provided for the upper strata computational fields; Operating system comprises that the front equipment end of inner nuclear layer drives and the functional test program of client layer;
The conventional block device driver of Xen is divided into front-end driven and the rear end drives two parts, after the front end device driver is being received from the read-write requests of virtual Domain operating system, passes through event channel and shared drive equipment proposition to the back-end services request; The rear end is the UEFI device driver that operates in the privileged domain, is responsible for receiving and accomplishing the I/O request that front end is transmitted.
2. the implementation method of the Xen virtual machine architecture of a service when moving based on UEFI is characterized in that: may further comprise the steps:
2.1, the functional test program in the user domain of operating in sends the I/O read-write requests and drives to front equipment end;
2.2, front equipment end drives after receiving the I/O read-write requests, and the I/O read-write requests is sent to XenHypervisor;
2.3, Xen Hypervisor sends to the equipment rear end through event channel and shared drive with the I/O read-write requests and drives;
2.4, the equipment rear end that operates in the privileged domain drives after receiving the I/O read-write requests, the primary device drives through wherein sends to hardware device with the I/O read-write requests;
2.5, after hardware device handles, data are returned to the equipment rear end drive;
2.6, the equipment rear end drives the data that get access to sent to Xen Hypervisor;
2.7, Xen Hypervisor returns to front equipment end through event channel and shared drive with the data that get access to and drives;
2.8, front equipment end drives the data that get access to returned to the functional test program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011104356717A CN102609638A (en) | 2011-12-22 | 2011-12-22 | Xen virtual machine framework based on UEFI (unified extensible firmware interface) runtime service and implementation method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011104356717A CN102609638A (en) | 2011-12-22 | 2011-12-22 | Xen virtual machine framework based on UEFI (unified extensible firmware interface) runtime service and implementation method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102609638A true CN102609638A (en) | 2012-07-25 |
Family
ID=46527001
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011104356717A Pending CN102609638A (en) | 2011-12-22 | 2011-12-22 | Xen virtual machine framework based on UEFI (unified extensible firmware interface) runtime service and implementation method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102609638A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103902884A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | System and method for protecting data of virtual machine |
CN104573553A (en) * | 2014-12-30 | 2015-04-29 | 中国航天科工集团第二研究院七O六所 | Xen-oriented memory sharing security isolation method for virtual machines |
CN105740050A (en) * | 2016-01-28 | 2016-07-06 | 华中科技大学 | Trust transferring method in virtualization environment |
CN109783082A (en) * | 2019-01-02 | 2019-05-21 | 郑州云海信息技术有限公司 | A kind of erection method of UEFI Http boot server |
CN111114320A (en) * | 2019-12-27 | 2020-05-08 | 深圳市众鸿科技股份有限公司 | Vehicle-mounted intelligent cabin sharing display method and system |
CN113485755A (en) * | 2021-06-30 | 2021-10-08 | 深圳市科力锐科技有限公司 | Device driver verification method, device and storage medium |
CN114520825A (en) * | 2022-01-07 | 2022-05-20 | 中汽创智科技有限公司 | Distributed Hypervisor microkernel architecture, communication method and device |
CN114978589A (en) * | 2022-04-13 | 2022-08-30 | 中国科学院信息工程研究所 | Lightweight cloud operating system and construction method thereof |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101409714A (en) * | 2008-11-18 | 2009-04-15 | 华南理工大学 | Firewall system based on virtual machine |
WO2009149588A1 (en) * | 2008-10-14 | 2009-12-17 | Cai Guangxian | Computer system based on virtualization technology and virtual machine generating method |
CN102135866A (en) * | 2010-10-29 | 2011-07-27 | 华南理工大学 | Display optimization method based on Xen safety computer |
CN102147840A (en) * | 2010-02-05 | 2011-08-10 | 中国长城计算机深圳股份有限公司 | Method for realizing network control through virtual machine |
US20110296408A1 (en) * | 2010-05-28 | 2011-12-01 | Dell Products, Lp | System and Method for Implementing a Secure Client Hosted Virtualization Service Layer in an Information Handling System |
-
2011
- 2011-12-22 CN CN2011104356717A patent/CN102609638A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009149588A1 (en) * | 2008-10-14 | 2009-12-17 | Cai Guangxian | Computer system based on virtualization technology and virtual machine generating method |
CN101409714A (en) * | 2008-11-18 | 2009-04-15 | 华南理工大学 | Firewall system based on virtual machine |
CN102147840A (en) * | 2010-02-05 | 2011-08-10 | 中国长城计算机深圳股份有限公司 | Method for realizing network control through virtual machine |
US20110296408A1 (en) * | 2010-05-28 | 2011-12-01 | Dell Products, Lp | System and Method for Implementing a Secure Client Hosted Virtualization Service Layer in an Information Handling System |
CN102135866A (en) * | 2010-10-29 | 2011-07-27 | 华南理工大学 | Display optimization method based on Xen safety computer |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103902884B (en) * | 2012-12-28 | 2017-03-15 | 中国电信股份有限公司 | Virtual-machine data protection system and method |
CN103902884A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | System and method for protecting data of virtual machine |
CN104573553A (en) * | 2014-12-30 | 2015-04-29 | 中国航天科工集团第二研究院七O六所 | Xen-oriented memory sharing security isolation method for virtual machines |
CN105740050A (en) * | 2016-01-28 | 2016-07-06 | 华中科技大学 | Trust transferring method in virtualization environment |
CN105740050B (en) * | 2016-01-28 | 2019-03-05 | 华中科技大学 | A kind of Trust transitivity method under virtualized environment |
CN109783082B (en) * | 2019-01-02 | 2022-02-18 | 郑州云海信息技术有限公司 | Erection method of UEFI Http boot server |
CN109783082A (en) * | 2019-01-02 | 2019-05-21 | 郑州云海信息技术有限公司 | A kind of erection method of UEFI Http boot server |
CN111114320A (en) * | 2019-12-27 | 2020-05-08 | 深圳市众鸿科技股份有限公司 | Vehicle-mounted intelligent cabin sharing display method and system |
CN113485755A (en) * | 2021-06-30 | 2021-10-08 | 深圳市科力锐科技有限公司 | Device driver verification method, device and storage medium |
CN113485755B (en) * | 2021-06-30 | 2023-08-18 | 深圳市科力锐科技有限公司 | Device driver verification method, device and storage medium |
CN114520825A (en) * | 2022-01-07 | 2022-05-20 | 中汽创智科技有限公司 | Distributed Hypervisor microkernel architecture, communication method and device |
CN114520825B (en) * | 2022-01-07 | 2023-12-26 | 中汽创智科技有限公司 | Hypervisor micro-kernel architecture based on distributed mode, communication method and equipment |
CN114978589A (en) * | 2022-04-13 | 2022-08-30 | 中国科学院信息工程研究所 | Lightweight cloud operating system and construction method thereof |
CN114978589B (en) * | 2022-04-13 | 2023-08-08 | 中国科学院信息工程研究所 | Lightweight cloud operating system and construction method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102609638A (en) | Xen virtual machine framework based on UEFI (unified extensible firmware interface) runtime service and implementation method thereof | |
CN101655798B (en) | Method for deployment and operation of application in computer and virtual machine environments | |
CN102262557B (en) | Method for constructing virtual machine monitor by bus architecture and performance service framework | |
CN108475217B (en) | System and method for auditing virtual machines | |
CN101866408B (en) | Transparent trust chain constructing system based on virtual machine architecture | |
CN104461678B (en) | A kind of method and system that cryptographic service is provided in virtualized environment | |
US20100262722A1 (en) | Dynamic Assignment of Graphics Processing Unit to a Virtual Machine | |
Zhai et al. | Live migration with pass-through device for Linux VM | |
US8776041B2 (en) | Updating a virtual machine monitor from a guest partition | |
US7779305B2 (en) | Method and system for recovery from an error in a computing device by transferring control from a virtual machine monitor to separate firmware instructions | |
CN101599022B (en) | Trustworthy computing base cutting method used for virtual machine system | |
US20080065854A1 (en) | Method and apparatus for accessing physical memory belonging to virtual machines from a user level monitor | |
US20050198632A1 (en) | Method, apparatus and system for dynamically reassigning a physical device from one virtual machine to another | |
CN102214277B (en) | Method and device for establishing trusted environments for virtual machine system of multicore processor | |
US20060184938A1 (en) | Method, apparatus and system for dynamically reassigning memory from one virtual machine to another | |
CN103984591B (en) | PCI (Peripheral Component Interconnect) device INTx interruption delivery method for computer virtualization system | |
CN101482832A (en) | System and method for supporting metered clients with manycore | |
CN101488174A (en) | Implementing method for dynamically transparent virtual credible platform module | |
CN103034524A (en) | Paravirtualized virtual GPU | |
US20120124186A1 (en) | Systems, devices, and methods for multiple host management | |
US20060005003A1 (en) | Method for guest operating system integrity validation | |
Knodel et al. | Migration of long-running tasks between reconfigurable resources using virtualization | |
WO2016101282A1 (en) | Method, device and system for processing i/o task | |
CN110968392B (en) | Method and device for upgrading virtualized simulator | |
US9164788B2 (en) | Apparatus and method for automatic para-virtualization of OS kernel |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120725 |