#+TITLE: GNU Guix and the RISC-V future #+AUTHOR: Pjotr Prins # Images: C-c C-x C-v # org-tree-slide-mode C-< and C-> * Whoami? - I write code (40 years) - I deploy systems (20 years up to 40 machines) - Contributed to ROCK Linux (bash based distro, because we can!) - Start of Nix (20 years) - Start of GNU Guix (8 years) + `Growing a GNU with Guix' with a live boot into a VM (Ludovic 2014) + We use Guix at scale to deploy a complex web service on genetics (counting 20+ services) + Because of Guix I sleep at night - Organise the minimalism devrooms at FOSDEM with Manolis (6 years) - Start of GNU Mes (5 years) - Created a Guix packages HPC in Memphis (all remote with Efraim) + 11 AMD EPYC machines (264 real cores) => https://genenetwork.org/facilities/ - Recently I got interest in RISC-V (3 years) * Take Home Message - RISC-V is important - Open hardware matches Guix in spirit * NSF Grant - $5 million NSF grant with Cornell and the University of Washington to develop a 1 million core RISC-V computer for pangenomics => https://news.cornell.edu/stories/2021/11/5m-grant-will-tackle-pangenomics-computing-challenge - Unlike a GPU these RISC-V cores can run independent instructions - Fully modern instruction set, including atomic instructions - Blackparrot: 500 cores on one board and these are hyperconnected - This grant originated from a FOSDEM discussion(!) - At International Symposium on Computer Architecture (ISCA) we presented Guix packages for simulating RISC-V hardware - Efraim, Jan, Arun and Ekaitz supported that effort - The team is particularly excited about controlling dependencies with GNU Guix - Hardware is just software -> goal is reproduce all the way to tape out The Case for Using Guix to Enable Reproducible RISC-V Software & Hardware => https://carrv.github.io/2022/papers/CARRV2022_paper_1_Batten.pdf This paper is on *emulating* new RISC-V architectures (on Intel) * Minimalism matters - To trust systems we need to be able to understand them completely - Binary blobs . 350Mb Debian bootstrap (includes gcc 6.x) . 1GB Docker images download - No way to reproduce these faithfully - Who is to say they are compromised? - Are we driving on luck alone? * What is minimalism really? - Simple - Transparent - Clear dependencies - Clear APIs - Well defined behaviour - Easy to *read* * Openssl heartbleed disaster - was caused by code no longer being minimalistic, even if it is free and open source software. - Cisco Systems identified 78 of its products as vulnerable, including IP phone systems and telepresence (video conferencing) systems - Cost millions of dollars - OpenSSL only has two [fulltime] people to write, maintain, test, and review 500,000 lines of business critical code - Old code was left in the libraries * How many source lines of code? - Linux kernel + drivers - Windows - OSX - Android - Mozilla - Facebook * All software contains vulnerabilities 25 million lines of code incl. drivers * Browsers - Attack surface is huge for browsers has had 996,214 commits made by 6,495 contributors representing 36,890,150 lines of code is mostly written in C++ Wait! * Does it differ for closed source? Windows: estimated 50 million lines of code OSX: apparently even more Android: 12 million lines of code * How many transistors in a CPU? Anyone? * Hardware manufucturers Intel 80386 275,000 1985 Intel Core 2 Duo 411,000,000 2007 Intel 8-core Core i7 2,600,000,000 2014 Intel 32-core AMD Epyc 19,200,000,000 2017 AMD * ARM is simpler? * ARM is not simpler octa-core ARM64 "mobile SoC" 8,500,000,000 2018 Qualcomm Apple M1 is at 100 billion. * RISC-V SiFive is at 250,000,000. That is less than Intel in 2007 Even if they get to 1 billion that is 1% of the latest ARM. * Intel Management Engine (ME)? - Minix on a chip - Come again? * Intel Management Engine (ME) The Intel Management Engine (ME), also known as the Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008 Several weaknesses have been found in the ME. On May 1, 2017, Intel confirmed a Remote Elevation of Privilege bug (SA-00075) in its Management Technology. It is normally not possible for the user to disable the ME. https://en.wikipedia.org/wiki/Management_Engine * ME From https://itsfoss.com/fact-intel-minix-case/ Intel claims that ME is needed to get the best of your Intel Chipset. Most useful, it can be used especially in a corporate environment for some remote administration and maintenance tasks. But, no one outside Intel knows exactly what it CAN do. Being close sourced that leads to legitimate questions about the capabilities of that system and the way it can be used or abused. For example, Intel ME has the potential for reading any byte in RAM in search for some keyword or to send those data through the NIC. In addition, since Intel ME can communicate with the operating system—and potentially applications— running on the main CPU, we could imagine scenarios where Intel ME would be (ab)used by a malicious software to bypass OS level security policies. * Tanenbaum on Intel ME Tannenbaum explains his position: For the record (...) if I had suspected they might be building a spy engine, I certainly wouldn’t have cooperated * AMD? AMD Accelerated Processing Unit (APU) line of microprocessors have a similar feature where they embed an extra ARM-based microcontroller, but this time directly on the CPU die. Amazingly enough, that technology is advertised as “TrustZone” by AMD. But like for its Intel counterpart, no one really know what it does. And no one has access to the source to analyze the exploit surface it adds to your computer. https://itsfoss.com/fact-intel-minix-case/ * Modern CPUs are like city maps - Many many components - They look composable - But in truth they are very very complex - Intel adds one new CPU instruction per month on average (30 years) - We rely on that technology throughout - That is why Huawei is such a concern - That is why EU and USA want to bring back hardware * Minix is minimalistic MINIX 3 has about 4,000 lines of executable kernel code. Minix believes this code can eventually be made fairly close to bug free. Small helps with minimalism Irony. * Design helps with minimalism - Simple components - Composability (API) - Unix philosophy - Still we need to drive for minimalism * Is technology neutral? - We often assume yes - But it is obviously not true + image recognition + medical treatment + record private information - But it is more: + drives capitalism + the richer get richer etc. * RISC-V is an opportunity - It won't save the world - But it gives an minimalistic platform - The architecture is open - Extensible on chip and with SOC modules (GC example) - Allows countries and companies to roll their own + USA, EU, India, China + SiFive, Seagate, NVIDIA - RISC-V chips on board - CUDA port for RISC-V - Playground for academia - Anyone can create hardware - Why not create a CPU from scratch every time? * Why is this interesting for GNU Mes and GNU Guix? - RISC-V is for small devices (no license fee) - RISC-V is for high-performance-computing (runs cool, Ghz, manycores) - RISC-V is for trust (who wants trust?) Industry interest: - Many hardware targets - Heterogeneous boot requirements - Reproducible RISC-V development/emulation environments * GNU Mes Reduce the 350MB binary blob to 500 bytes of binary code to bootstrap (all) GNU/Linux distributions. - Done for AMD64! - Done for ARM64! - RISC-V-64 on the way + Ekaitz Zarraga backported gcc 4.6 to RISC-V + Working on backmerging Tiny-CC for RISC-V into Mes C + Challenges with Guix packaging: => https://ekaitz.elenq.tech/bootstrapGcc5.html + Note all these great projects funded by NLNet! * GNU Guix - Liberating: respects the freedom of computer users. - Dependable: transparent and reproducible software deployment. - Hackable: it talks with a Lisp * GNU Guix for RISC-V - Efraim Flashner is porting - 90% of Guix packages build! - Two talks on Sunday! The short of it: amazing work. + Efraim is also funded by NLNet. * Polarfire I brought a Polarfire RISC-V computer for someone to help with GNU Mes/GNU Guix => https://www.cnx-software.com/2020/07/20/polarfire-soc-icicle-64-bit-risc-v-and-fpga-development-board-runs-linux-or-freebsd/ Boots Debian => https://guiand.xyz/blog-posts/bootstrapping-debian-polarfire-soc.html * Conclusion - RISC-V matters - RISC-V allows anyone to work on new hardware - RISC-V is for trust - RISC-V is for small devices - RISC-V is for high-performance-computing - Bit like Linux, RISC-V is everywhere - There is some amazing RISC-V work going on in GNU Mes + GNU Guix - I have a RISC-V hardware board for someone who wants to help Pjotr Prins (https://thebird.nl/)