Hey Stefan,
Thanks a lot for setting up GSoC this year again!
On 15.01.24 17:32, Stefan Hajnoczi wrote:
Dear QEMU and KVM communities,
QEMU will apply for the Google Summer of Code and Outreachy internship
programs again this year. Regular contributors can submit project
ideas that they'd like to mentor by replying to this email before
January 30th.
Internship programs
---------------------------
GSoC (https://summerofcode.withgoogle.com/) and Outreachy
(https://www.outreachy.org/) offer paid open source remote work
internships to eligible people wishing to participate in open source
development. QEMU has been part of these internship programs for many
years. Our mentors have enjoyed helping talented interns make their
first open source contributions and some former interns continue to
participate today.
Who can mentor
----------------------
Regular contributors to QEMU and KVM can participate as mentors.
Mentorship involves about 5 hours of time commitment per week to
communicate with the intern, review their patches, etc. Time is also
required during the intern selection phase to communicate with
applicants. Being a mentor is an opportunity to help someone get
started in open source development, will give you experience with
managing a project in a low-stakes environment, and a chance to
explore interesting technical ideas that you may not have time to
develop yourself.
How to propose your idea
----------------------------------
Reply to this email with the following project idea template filled in:
=== TITLE ===
'''Summary:''' Short description of the project
Detailed description of the project that explains the general idea,
including a list of high-level tasks that will be completed by the
project, and provides enough background for someone unfamiliar with
the codebase to do research. Typically 2 or 3 paragraphs.
'''Links:'''
* Wiki links to relevant material
* External links to mailing lists or web sites
'''Details:'''
* Skill level: beginner or intermediate or advanced
* Language: C/Python/Rust/etc
=== Implement -M nitro-enclave in QEMU ===
'''Summary:''' AWS EC2 provides the ability to create an isolated
sibling VM context from within a VM. This project implements the machine
model and input data format parsing needed to run these sibling VMs
stand alone in QEMU.
Nitro Enclaves are the first widely adopted implementation of hypervisor
assisted compute isolation. Similar to technologies like SGX, it allows
to spawn a separate context that is inaccessible by the parent Operating
System. This is implemented by "giving up" resources of the parent VM
(CPU cores, memory) to the hypervisor which then spawns a second vmm to
execute a completely separate virtual machine. That new VM only has a
vsock communication channel to the parent and has a built-in lightweight
TPM called NSM.
One big challenge with Nitro Enclaves is that due to its roots in
security, there are very few debugging / introspection capabilities.
That makes OS bringup, debugging and bootstrapping very difficult.
Having a local dev&test environment that looks like an Enclave, but is
100% controlled by the developer and introspectable would make life a
lot easier for everyone working on them. It also may pave the way to see
Nitro Enclaves adopted in VM environments outside of EC2.
This project will consist of adding a new machine model to QEMU that
mimics a Nitro Enclave environment, including NSM, the vsock
communication channel and building firmware which loads the special
"EIF" file format which contains kernel, initramfs and metadata from a
-kernel image.
If the student finishes early, we can then proceed to implement the
Nitro Enclaves parent driver in QEMU as well to create a full QEMU-only
Nitro Enclaves environment.
'''Tasks:'''
* Implement a device model for the NSM device (link to spec and driver
code below)
* Implement a new machine model
* Implement firmware for the new machine model that implements EIF parsing
* Add tests for the NSM device
* Add integration test for the machine model executing an actual EIF payload
'''Links:'''
* https://aws.amazon.com/ec2/nitro/nitro-enclaves/
*
https://lore.kernel.org/lkml/20200921121732.44291-10-andra...@amazon.com/T/
*
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/misc/nsm.c
'''Details:'''
* Skill level: intermediate - advanced (some understanding of QEMU
machine modeling would be good)
* Language: C
* Mentor: agraf
* Suggested by: Alexander Graf (OFTC: agraf, Email: g...@amazon.com)
Alex