Hello,
As part of our efforts to enable dynamic FPGA bitstream loading in snap environment, I snapped the dfx-mgr application provided by AMD. dfx-mgr is an application that loads binaries to FPGA and changes device-trees by utilizing configfs. So we need write access to configfs.
By the time of implementation of the snap application, there is no way to use a specific interface designed of this job so we need to use system-files interface with write access to /sys/kernel/config
plugs:
system-files:
write:
- /sys/kernel/config
Since the project is open-source source code can be found here
Looking forward to hear your opinions
Best Regards,
Talha
Hi Talha, this request would need to get approval according to the process.
@reviewers Could you please check and approve?
Hey @tchavadar,
Since no interface for configfs
filesystem is available, this request looks legitimate, but write access to /sys/kernel/config
is sensitive since it contains many device driver configurations, kernel modules objects and many more things. Can you limit this write access to a specific sub-dir in configfs for dfx-mgr
snap?
@0xnishit thank you very much for your input. Yes I can limit it to /sys/kernel/config/device-tree
if thats ok with you as well. dfx-mgr needs the configfs for device-tree manipulation
@reviewers note manipulation of device-tree allows full device ownership since the device tree can specify arbitrary kernel modules to be loaded. So unless something has changed siginificantly from the discussion I had back in Guidance on snap interface to load a device-tree overlay on RPi Core18 then I am not sure this is a suitable use-case for a snap at this time.
1 Like
Yes Alex that is correct, it will make dfx-mgr is a sort of god for the platform. Idea here is to enable dynamically configurable FPGA use case in Ubuntu Core. This is a requirement for AMD Xilinx platforms, to make them practical in Ubuntu Core
Maybe we can introduce some sort of sign check mechanism into dfx-mgr applications so that we can be sure that the bitstream that is being loaded is the one we allow, or the one that the system knows.
I am open for any feedbacks to improve security in that aspect.
I think this needs wider discussion with the snapd team - @pedronis can you comment?
We had this discussion in Madrid with snapd team, decision was to enable dfx-mgr so for the other use-cases people will just use dfx-mgr instead of requesting these permissions for all of the applications in FPGA that requires bitstream.
But I would like to hear from @pedronis as well to clear things here in the forum as well.
In the current absence of a design to mediate device tree loading, I think a reduced scope system-files would be acceptable given the nature of the snap but the snap would need to be published by a vetted publisher. (cc @alexmurray)
Hey @tchavadar
Would manual connection of the requested interface suffice the requirements of your use case?
Thanks
Hi @jslarraz,
It is not ideal but of course it is better than nothing. we are working on making dfx-mgr published by a vetted publisher but this is still a work in progress. Until that time we can manually connect the interface.
Thank you for the solution
Following @pedronis’s feedback, +1 from me for manual connection system-files
interface with write access on /sys/kernel/config/device-tree
Will need publisher vetting
thanks
+1 from me too for manual-connection of system-files
named sys-kernel-config-device-tree
for write
access to /sys/kernel/config/device-tree
.
+2 votes for, 0 votes against. @tchavadar can you please look at getting this published by a vetted publisher and then we can grant the request. Thanks.
Ping @tchavadar - any update on having this published by a vetted publisher?
@alexmurray there is no progress about this on vendor. So I will discuss this issue within our team to figure out the possibility of publishing this package in the name of our team (Canonical Partner Engineering)
Do you think it is good enough to allow this app to be published in snapstore?
Yes, publishing under a Canonical account would meet the definition of a vetted publisher.