Status Update: March, 2020

Has it already been a month since my last update? I guess March flew right by.

Enarx

Most of my time at work has been spent porting code into the main Enarx repository to form the basis for an Enarx Keep for SEV. A “keep” is a trusted execution environment that Enarx can deploy a workload into.

There are three main components to the task at hand: the hypervisor (keep); the microkernel that is loaded into the VM (shim); and the payload (the workload). The component that I am working on porting in to the main repository is the hypervisor. The hypervisor’s responsibility is to create a KVM context to form the basis for our (soon-to-be) encrypted virtual machine.

There is some coordination between the hypervisor and the microkernel it needs to load into the virtual machine. They need to agree on a few things. A good example of this would be communication between the microkernel and the hypervisor for proxying system calls to the host that the microkernel cannot service on its own inside the virtual machine.

This common interface between the hypervisor and the microkernel is actually the first order of business I’ve been trying to get merged into the repository. This way the other two pieces can fall into place more easily since the common core is already in place.

This common code is currently a crate called vmsyscalls. It’s been challenging to iterate on vmsyscalls, especially since the work I’ve done to refactor the hypervisor depends directly on it (as does the microkernel). The feedback loop for testing breaking changes (like an API or a struct) has been like being dragged over a cheese grater.

  1. One-time setup: check out the out-of-tree microkernel repository and patch it to depend on my local development crate
  2. Break something in vmsyscalls
  3. Rebase my hypervisor branch onto the newly updated vmsyscalls branch; fix all the build errors
  4. Fix all the build errors for the microkernel build
  5. Run the hypervisor and feed it the microkernel; pray to the machine that it doesn’t break

Breaking and refactoring a code base is a great way to learn it. I’ve also been exercising my Rust muscles quite a bit more. I’ve started using–and have quickly grown to like–the failure crate for handling errors and the structopt crate for quickly defining a conventional command line interface.

“Self-Hosted” Infrastructure

Outside of work I’ve been thinking of homelab-type things and/or running my “own” services in a VPS that I rent.

To that end, I’ve made a private Mediawiki instance on a $5/month DigitalOcean droplet for my D&D campaign that I run for my friends. It was actually quite a bit of fun to point them to some place on the internet and create accounts for them to make the space their own without having to deal with some of the intricacies of other platforms. I love the Wiki format, and some of the free/paid for alternatives just didn’t seem as straightforward or as nice to use as Mediawiki.

I just wanted a place where I could have a private Wiki with access control so my friends could use it! To be fair, the access control isn’t as granular as I would like. As a DM, it’d be nice to store all of my DM notes on the Wiki without them being able to have access to it since it contains plot points that they should not be privy to, but I’m fine with keeping those backed up locally.

I do still have a Google Cloud VM that runs my IRC bouncer, but I am considering moving that off and over to DigitalOcean. However, the (free) price tag for running that compels me to stay.

Ryzen Hackintosh

I installed macOS on my desktop computer. Just hear me out.

I’ve done a lot of experimenting with technology as a technologist. I’ve always messed around with computers since a very young age. Most of my life was spent on Windows, then in University for Computer Science I mainly ran a Linux distribution. I’ve stuck with Linux since I graduated for work and my personal life. Over the past ten years I’ve had two MacBooks but never for very long as I’d always switch back to a Windows box for gaming or a Linux box for programming. I’m kind of hungry for something new. There’s not much I haven’t done in terms of general every-day computing.

Furthermore, I recently bought myself a MacBook Pro to replace my personal laptop and for the most part have been having a pretty pleasant experience with it. In fact, more on that in a future blog post. But what does any of this have to do with a Ryzen Hackintosh?

Well, a couple of things.

  1. I’ve been enjoying macOS on my laptop and I’m curious to know how it feels on hardware that can afford to be pushed harder in terms of power and thermals.
  2. My significant other really enjoys macOS and I’m brainstorming what kind of a workstation we might build together in time for her to start veterinary school. A custom built Hackintosh will be way more cost-effective than an iMac or Mac Mini.
  3. I’ve always been fascinated by various computing scenes/communities around things like emulating and “homebrew” type stuff. The “Hackintosh” community definitely falls in that bucket, and I’ve been following some communities around the internet with a growing interest in it due to the above two items.

I kind of did it on a whim this weekend. I didn’t plan on hackintoshing an AMD system because my knee-jerk reaction was that it would be an absolute litany of suffering; but it’s not. I can’t believe how well it works and how stable it is. Even things that people said wouldn’t work do in fact work, like iMessage!

I followed the OpenCore Vanilla Guide from start to finish, paying special attention to the AMD Ryzen sections, of course, and it worked on first boot! I’m absolutely gobsmacked at how easy it was and how well it works. The main thing that doesn’t work for me is putting the system to sleep.

I’m particularly jazzed about this because if it works so well on an unsupported platform like Ryzen, imagine how seamless it would be on Intel? I think this is absolutely a viable route for building a workstation for my SO. I can check the macOS box for her but we could also build her a system capable of running World of Warcraft. I think she’d like that very much!

Also, it’s been a pretty fun experience sinking my teeth into something new. It was a fun project for a weekend morning. I’m excited to use the system for a bit longer to get a better idea of how everything works, but I anticipate writing a blog post about how the system is doing in a month or two. Variety is the spice of life.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s