First I want to say, really cool work!
I am a PhD student working at the University of Illinois at Urbana Champaign and recently observed your IKGT work. This looks extremely interesting.
The first thing I would like to mention is that IKGT greatly overlaps with my recent efforts to create a new operating system architecture called the Nested Kernel. In fact it appears as almost the same thing—the example policies listed on the web page are all enforced by the Nested Kernel.
The two approaches seem to provide equivalent protection capabilities, but we would like to understand the exact capabilities of IKGT better.
One key difference is that the Nested Kernel x86-64 design provides a new technique that virtualizes ring 0 using the WP-bit as the privilege switch mechanism in contrast to the VT-x based isolation.
I am wondering if you have a paper on it so that I can get a few more details? I am working through the source code as well.
Also, I would be interested if any of the creators would be able to review the nested kernel paper at nestedkernel.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__nestedkernel.org&d=Aw...>. I am interested to ascertain how much overlap exists between the features.
Some technical questions:
— Are you using VMFUNC for fast context switching? The code appears to do this, but I am just wondering.
— Do you have any performance evaluation of the system?
- Nathan Dautenhahn
I would like to know the HoT (High Order Thinking)
Problems on which the team is working.
I believe kernel development can pave ways for newer
3rd Year ECE
Recently, I make some research on iKGT and found some issues as following:
(1) The screen will become black when we load iKGT on a board with 48 GB, then we remove some memories, it will boot to ubuntu. It seems iKGT doesn't support larger memory.
(2) We can't build the whole project in a DEBUG way. There are some errors with make debug=1 building.
(3) In readme, tell us to use ./check_vtx.sh to test whether the processor VT-x feature is being used.
On my board, it shows Vtx is available when we boot to ubuntu without iKGT, but if we boot to ubuntu with iKGT, it becomes VTx is not available.
The ubuntu is using VCPU instead of physical CPU when we enabled iKGT, maybe the vmx flag is gone in VCPU?