It's a short update this week, because most of what I did was a continuation of stuff from last week.
Last week, I mentioned I'd identified some Rust safety issues in rust-vmm. Most of the patches for these are now up. The first has been accepted already, and I expect another to be accepted later today. There's still a UB issue I'm aware of and haven't sent a fix for yet, because there are a number of ways to fix it and I wanted to get my other patches in first before I decided how to fix that one.
I deliberately haven't made any progress on using cloud-hypervisor's vhost-user-net backend with crosvm, which is what got me looking at this code in the first place. I want to make sure I can work on rust-vmm-adjacent things at a pace where I don't get overwhelmed with having to keep track of loads of patches and whether I've got them upstream yet. So I'll be putting that work on hold until the current round of patches are upstreamed.
: https://github.com/rust-vmm/vhost/pull/68 : https://github.com/rust-vmm/vmm-sys-util/pull/135 : https://github.com/rust-vmm/vhost/pull/69
For the past little while, in the time when I wasn't writing regular updates, I've been working on a live system for testing Spectrum. This will be especially useful for testing things like GPU support, because I can just build a live image with everything I might need, plug it into all the computers I want to test, and have everything be automatic from there. It will also probably evolve directly into what becomes the Spectrum base system that we'll hopefully all be running as the host system on our machines at some point.
I shifted my focus back to this this week because of wanting to not get ahead of myself with rust-vmm. (I have a funding milestone for GPU support, so getting that checked off soon would be good.) The main thing I did this week was integrate dm-verity, which I did mostly for fun and to satisfy my curiosity.
dm-verity is a Linux mechanism to efficiently ensure that a read-only filesystem hasn't been tampered with, by constructing a Merkle tree out of filesystem block hashes, and providing the root hash to the kernel when the filesystem is mounted. dm-verity is a _great_ fit for Nix, because we can generate the hashes at the same time as creating the filesystem image, and then embed the hash into the initramfs we're also building. Getting this all working took less than a day. The idea is that (long) in the future, we'll also implement Secure Boot, which will make sure the kernel and initramfs haven't been tampered with, and dm-verity will extend that integrity guarantee to the host system's root filesystem. I recommend reading "Producing a trustworthy x86-based Linux appliance" by Matthew Garrett for an overview of how this all comes together.
dm-verity is something that's particularly exciting to me, because it's very useful to us, but it's something that's generally used to frustrate end user attempts to control computers they own. In Spectrum, it's instead a tool that protects the end user against malicious filesystem changes, while being almost completely transparent to the user if they do want to modify their own system.
Protecting against root filesystem tampering (which would require a VM escape or physical device access) is hardly the biggest priority for Spectrum, but integrating dm-verity was fun, interesting, and provided good motivation for working on the live image, which is one of the highest priority bits of the system. (Because I'm tired of having to say "you can't" when people ask me how they can try out Spectrum.)
: https://lwn.net/Articles/459420/ : https://mjg59.dreamwidth.org/57199.html
This week, I'm going to take a bit of time off as an anti-burnout defense, but probably not the whole week. I'll still keep an eye on the rust-vmm patches throughout this time as well, to make sure they're not delayed in getting accepted upstream.