Until now SPI flash memory was not considered to be a storage for a hypervisor, because they were relatively too small. We've embedded Bareflank-based hypervisor into SPI flash to be launched directly from coreboot and load SeaBIOS, also embedded inside SPI flash. For this purpose, we had to change architecture from 32-bit used by coreboot to 64-bit used by a hypervisor, and then get back to 32-bit to load SeaBIOS as a payload. This is a compact solution for multiple purposes using Virtual Machines that provides separation, stability, and security. Fact, that the hypervisor is embedded in the SPI means, that simple disk removal doesn't affect it. In this paper, we will show how we've done it and what are the possible extensions and usages of our concept.
Speakers: Piotr Król