文章目录
- 安装虚拟机
- dangzero
- Compile the KML kernel
- Obtain Ubuntu 20.04
- Create VM
- Install Ubuntu
- Run Ubuntu
- Move KML kernel to VM
- Inside VM: Install Kernel
- Update grub to auto-select KML kernel
- Boot parameters
- Run KML
- Test KML
- Obtain glibc-2.31
- Install gcc-5 for kernel module
- Install the kernel module
- Test DangZero
安装虚拟机
参考链接
注意点:
虚拟机位置要放在固态硬盘里,最少要512B,因为后面还需要在虚拟机里套虚拟机。
内存也开到8G:
磁盘大小给到512G:
dangzero
按照开源代码的README逐行运行下载
Compile the KML kernel
- 下载git源码后,进入dangzero目录
sudo apt install git git clone https://github.com/vusec/dangzero.git - 下载docker
先使用docker version命令检查docker是否已下载
根据提示,我的ubuntu为ubuntu-22.04.3-desktop-amd64.iso,因此使用cmh@cmh-virtual-machine:~/dangzero/kml-image$ docker version 找不到命令 “docker”,但可以通过以下软件包安装它: sudo apt install podman-docker # version 3.4.4+ds1-1ubuntu1.22.04.2, or sudo apt install docker.io # version 24.0.5-0ubuntu1~22.04.1sudo apt install docker.io命令下载docker镜像cmh@cmh-virtual-machine:~/dangzero/kml-image$ sudo apt install docker.io 正在读取软件包列表... 完成 正在分析软件包的依赖关系树... 完成 。。。。。。 - 若不是root超级用户,则将使用的用户添加到docker用户组
cmh@cmh-virtual-machine:~/dangzero/kml-image$ sudo groupadd docker groupadd:“docker”组已存在 cmh@cmh-virtual-machine:~/dangzero/kml-image$ sudo gpasswd -a cmh docker 正在将用户“cmh”加入到“docker”组中 cmh@cmh-virtual-machine:~/dangzero/kml-image$ newgrp docker cmh@cmh-virtual-machine:~/dangzero/kml-image$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE - readme执行!
需要注意的是,Step 7/10 : RUN wget -O kernel.gz download.vusec.net/dataset/kml-kernel.tar.gz的文件较大,且在虚拟机中下载速度很慢,我失败了2次,白天下载速度是20K/s,凌晨下载的速度会是1M/s,暂时不知道为什么,所以建议晚上下载,先去睡觉,第二天早上就下载完毕!cmh@cmh-virtual-machine:~/dangzero/kml-image$ bash build_kml.sh DEPRECATED: The legacy builder is deprecated and will be removed in a future release.Install the buildx component to build images with BuildKit:https://docs.docker.com/go/buildx/Sending build context to Docker daemon 3.584kB Step 1/10 : FROM ubuntu:14.04---> 13b66b487594 Step 2/10 : ARG DEBIAN_FRONTEND=noninteractive---> Using cache---> f208b78419c9 Step 3/10 : RUN apt update---> Using cache---> e6e9104e8d36 Step 4/10 : RUN apt install -y build-essential libncurses-dev bison flex libelf-dev libssl-dev bc wget---> Using cache---> 24bd00a774fc Step 5/10 : RUN mkdir -p /home/kml---> Using cache---> 5a00886e6ed7 Step 6/10 : WORKDIR /home/kml---> Using cache---> d4f1c2b90429 Step 7/10 : RUN wget -O kernel.gz download.vusec.net/dataset/kml-kernel.tar.gz---> Running in 6320086b7bfa --2023-11-08 15:57:57-- http://download.vusec.net/dataset/kml-kernel.tar.gz Resolving download.vusec.net (download.vusec.net)... 130.37.53.80 Connecting to download.vusec.net (download.vusec.net)|130.37.53.80|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://download.vusec.net/dataset/kml-kernel.tar.gz [following] --2023-11-08 15:57:59-- https://download.vusec.net/dataset/kml-kernel.tar.gz Connecting to download.vusec.net (download.vusec.net)|130.37.53.80|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 4315393639 (4.0G) [application/x-gzip] Saving to: 'kernel.gz'0K .......... .......... .......... .......... .......... 0% 6.87K 7d2h50K .......... .......... .......... .......... .......... 0% 16.7K 5d0h
Obtain Ubuntu 20.04
readme执行!需要注意ubuntu的版本,readme中的是20.04.5,但是官网找不到这个版本,所以就用了20.04.6的,经过实验也是可行的。
cmh@cmh-virtual-machine:~/dangzero$ wget https://releases.ubuntu.com/20.04/ubuntu-20.04.6-desktop-amd64.iso
--2023-11-11 10:04:49-- https://releases.ubuntu.com/20.04/ubuntu-20.04.6-desktop-amd64.iso
正在解析主机 releases.ubuntu.com (releases.ubuntu.com)... 91.189.91.123, 185.125.190.37, 91.189.91.124, ...
正在连接 releases.ubuntu.com (releases.ubuntu.com)|91.189.91.123|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度: 4351463424 (4.1G) [application/x-iso9660-image]
正在保存至: ‘ubuntu-20.04.6-desktop-amd64.iso’ubuntu-20.04.6-desktop-amd64.iso 21%[==============> ] 900.35M 922KB/s 剩余 ubuntu-ubuntu-20.04.6-desktop-amd64.iso 51%[====================================> ] 2.09G 888KB/s ubuntu-20.04.6ubuntu-20.04.6-desktop-amd64.iso 62%[============================================> ] 2.53G 100ubuntu-20.04.6-desktoubuntu-20.04.6-desktop-amd64.iso 83%[============================================================> ] 3.4ubuntu-20.04.6-desktop-amd64.iso 100%[===================================================================>] 4.05G 894KB/s 用时 78m 44s2023-11-11 11:23:34 (900 KB/s) - 已保存 ‘ubuntu-20.04.6-desktop-amd64.iso’ [4351463424/4351463424])
Create VM
- 使用
sudo apt install qemu-utils下载qemu工具 - readme执行!
cmh@cmh-virtual-machine:~/dangzero$ qemu-img create -f qcow2 ubuntu.img 60G Formatting 'ubuntu.img', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=64424509440 lazy_refcounts=off refcount_bits=16
Install Ubuntu
- 根据参考链接关闭windows所有虚拟化所有的内容,注意在配置之前先将虚拟机关闭。
- 执行
sudo apt install qemu-system-x86下载qemu工具 - readme执行!
- 注意
-m指定内存数,-smp指定核心数,readme中分别是16G和8,但是我的虚拟机都没这么大,因此我分别配置成4G和4 -cdrom参数的镜像也需要注意使用自己下载的版本- 添加-cpu host选项
- 最终的命令如下:
cmh@cmh-virtual-machine:~/dangzero$ qemu-system-x86_64 -cdrom ubuntu-20.04.6-desktop-amd64.iso -drive "file=ubuntu.img,format=qcow2" -enable-kvm -m 4G -smp 4 -cpu host - 注意
Run Ubuntu
注:从此节往后若不做说明,均不是在QEMU的虚拟机上操作。
在上一步Install Ubuntu之后,不要关闭该终端,则QEMU上会出现一个新的Ubuntu界面,在QEMU中我擅自做了以下1、2步(可能没有必要,但总之我做了这个工作)
- 创建了新用户cmh
- 设置了超级用户root的密码
- 关闭上一步
Install Ubuntu产生的终端,以关闭QEMU
- readme执行!
和上一步Install Ubuntu的第三步注意点一致,在此不赘述。cmh@cmh-virtual-machine:~/dangzero$ qemu-system-x86_64 -drive "file=ubuntu.img,format=qcow2" -enable-kvm -m 4G -smp 4 -cpu host -net nic -net user,hostfwd=tcp::1810-:22
Move KML kernel to VM
-
readme执行!在【qemu的虚拟机】终端上先安装openssh,以支持文件传输
apt-get install openssh-server -
readme执行!将文件传输到QEMU的虚拟机上:
cmh@cmh-virtual-machine:~/dangzero$ scp -P 1810 kml-image/linux-*.deb cmh@localhost:~/ cmh@localhost's password: linux-firmware-image-4.0.0-kml_4.0.0-kml-6_am 100% 944KB 37.6MB/s 00:00 linux-headers-4.0.0-kml_4.0.0-kml-6_amd64.deb 100% 6758KB 36.8MB/s 00:00 linux-image-4.0.0-kml_4.0.0-kml-6_amd64.deb 100% 38MB 39.2MB/s 00:00 linux-image-4.0.0-kml-dbg_4.0.0-kml-6_amd64.d 100% 366MB 54.5MB/s 00:06 linux-libc-dev_4.0.0-kml-6_amd64.deb 100% 772KB 27.9MB/s 00:00 cmh@cmh-virtual-machine:~/dangzero$
Inside VM: Install Kernel
- readme执行!
cd ~/
sudo dpkg -i linux-*.deb
2. 关闭QEMU
Update grub to auto-select KML kernel
readme执行!编辑/etc/default/grub,以在启动QEMU时不出现GUI界面,命令行比较舒服!
GRUB_DEFAULT="1>4" # depends on menu entries of grub
#GRUB_TIMEOUT_STYLE=hidden # comment out
GRUB_TIMEOUT=2 # if you want to see menu entries with GUI
Boot parameters
readme执行!编辑/etc/default/grub,以修改启动Linux的引导项(我也不懂,跟着配就行了)!
GRUB_CMDLINE_LINUX_DEFAULT="vga=normal"
# Add console=ttyS0 if you want to run without GUI
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0 vga=normal"
# Add make-linux-fast-again for performance:
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0 vga=normal noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off"
Run KML
readme执行!
qemu-system-x86_64 -drive "file=ubuntu.img,format=qcow2" -enable-kvm -m 4G -smp 4 -cpu host,-avx,-f16c,-avx512f,-pdpe1gb -nographic -serial mon:stdio -net nic -net user,hostfwd=tcp::1810-:22
KML开始启动
启动成功后,就可以愉快地使用命令行执行了!
Test KML
readme执行!
注:此节均是在QEMU中执行!没有问题,不记录。
测试成功的结果是,在QEMU虚拟机的/trusted目录下为ring0,而在其他目录下为ring 3。
Obtain glibc-2.31
readme执行!没问题!
注:此节除了scp -P 1810 patchglibc.diff u16@localhost:/trusted/glibc/glibc-2.31/,其他命令均在QEMU中执行!
Install gcc-5 for kernel module
readme执行!没问题!
Install the kernel module
- 在QEMU虚拟机里用git下载一份dangzero的源码,或者从外层虚拟机下载后scp到QEMU的虚拟机中
- 在QEMU的dangzero目录下readme执行!
Test DangZero
-
在QEMU虚拟机中先使用
sudo update-alternatives --config gcc命令选择gcc-9,执行命令后出现以下界面,选择2There are 2 choices for the alternative gcc (providing /usr/bin/gcc).Selection Path Priority Status ------------------------------------------------------------0 /usr/bin/gcc-9 90 auto mode * 1 /usr/bin/gcc-5 50 manual mode2 /usr/bin/gcc-9 90 manual modePress <enter> to keep the current choice[*], or type selection number: 2 -
回到danzero目录,readme执行!
bash test.sh
然后我们就成功了!完结撒花~~~~
