Announcing the FreeBSD/Firecracker platform

The Firecracker Virtual Machine Monitor was developed at Amazon Web Services as a building block for services like AWS Lambda and AWS Fargate. While there are many ways of launching and managing VMs, Firecracker distinguishes itself with its focus on minimalism — important both for security (fewer devices means less attack surface) and reducing the startup time, which is very important if you're launching VMs on demand in response to incoming HTTP requests. When Firecracker was first released, the only OS which it supported was Linux; six months later, Waldek Kozaczuk ported the OSv unikernel to run on Firecracker. As of a few minutes ago, there are three options: FreeBSD can now run in Firecracker.

I started working on this on June 20th mainly out of curiosity: I had heard that Firecracker had PVH boot support (which was in fact mistaken!) and I knew that FreeBSD could boot in PVH mode from Xen, so I wondered just how hard it would be to get FreeBSD up and running. Not impossible, as it turned out, but a bit more work than I was hoping for.

I had a lot of help from other FreeBSD developers, and I'd like to thank in particular Bryan, Ed, Jessica, John, Kyle, Mark, Roger, and Warner for explaining code to me, helping review my patches, and even writing entirely new code which I needed. Among the changes which went into getting the FreeBSD/Firecracker platform working:

Now that FreeBSD supported Firecracker, there was one more thing to do: Make Firecracker support FreeBSD. I mentioned earlier that I mistakenly thought that Firecracker supported PVH booting; as it turned out, Alejandro Jimenez contributed patches two years ago, but they were never merged. Some of his code ended up in the linux-loader project (which Firecracker uses); but I spent a few weeks digging through his thousand lines of changes to figure out which went into linux-loader, which still applied cleanly to Firecracker, and which I had to rewrite from scratch — a task made more difficult by the fact that Firecracker is written in Rust, and I had never used Rust before! Nevertheless, I was eventually successful, and opened a PR with updated patches which I hope to see merged into mainline Firecracker in the upcoming weeks.

How to try FreeBSD/Firecracker

To try FreeBSD on Firecracker, you'll need to build a FreeBSD amd64 FIRECRACKER kernel, and build Firecracker with my patches: You'll probably also want to build a disk image so that FreeBSD has something to boot from; place vfs.root.mountfrom=ufs:/dev/vtbd0 into Firecracker's boot_args to tell FreeBSD to use the disk you attach (aka. the first Virtio block device) as the root disk. If there's significant community interest in experimenting with FreeBSD/Firecracker, I'll provide a prebuilt FreeBSD kernel, FreeBSD root disk, and Firecracker binary so people can skip the process of building these themselves.

Have fun!

Posted at 2022-10-18 06:05 | Permanent link | Comments

Recent posts

Monthly Archives

Yearly Archives