ronald g. minnich
.ical

ron started the coreboot project in 1999. He also started the u-root and linuxboot projects, more recently.

The speaker’s profile picture
Employer

google

 Twitter

coreboot

 Github

rminnich

 Country

usa

Sessions

11-30
20:20
45min
Open-Source Firmware Foundation - Discussion Round
Philipp Deppenwiese, ronald g. minnich, Christian Walter, Fredrik Stromberg, Alex Matrosov, Bryan Cantrill

The Open-Source Firmware Foundation has been founded 6 month ago - we like to look back on the founding process, and like to invite guest to talk about workstreams within the OSFF, and the future of open-source firmware.

Confirmed Guests:
* Philipp and Chris summarize the past year, trying to bring the foundation to live and solving problems along the way.
* Alex Matrosov is one of the first individuals leading the security workstream within the Open-Source Firmware Foundation
* Bryan Cantrill, Co-Founder of Oxide, refers about open-source firmware and the rising importance of OSF within the industry
* and some more..

Join in on 45 minutes of "behind the scenes" of the OSFF and general talks on why OSF is important. We will shim some light on these topics from an industry point-of-view.

This session will be moderated by 9elements which will guide you through the discussion.

Main Stage
12-01
20:30
30min
RunDXERun: safely running DXE bootloaders, in a VM, with a Go VMM
ronald g. minnich

RunDXERun allows safe execution of UEFI boot applications. It runs these applications in a KVM-based VM, using a Virtual Machine Manager (VMM) written in Go. As the boot applications call UEFI services, they exit the VM and and the RunDXERun VMM handles them. The services themselves are also implemented in Go.

RunDXERun is intended to be compiled as part of u-root and used in firmware images. As of October, RunDXERun successfully starts the u-boot EFItest program, and runs one of its tests.

RunDXERun in a u-root image increases its size by about 500K (uncompressed) or 145K (xz compressed). This is not much larger than building in a full EDK2. It fits easily in payloads destined for coreboot.

The reason to use RunDXERun is for the security it provides. Normally, UEFI boot applications run at the highest privilege level of a machine, as do the boot services. RunDXERun allows running both applications and UEFI services at the lowest privilege level, and the services are implemented in a memory safe language. RunDXERun is similar in spirit to the "safe" ROM support already in coreboot.

RunDXERun compiles for both x86 and ARM64; writing the initial port for ARM64 took four hours.

Main Stage