1 files changed, 122 insertions, 0 deletions

diff --git a/lectures/13-virtualization.org b/lectures/13-virtualization.org
new file mode 100644
index 0000000..1d4b5f6
--- /dev/null
+++ b/lectures/13-virtualization.org
@@ -0,0 +1,122 @@
+#+title: Virtualization & Emulation
+#+date: 2026-06-15 Mon
+#+author: W. Kosior
+#+email: wkosior@agh.edu.pl
+
+* Hypervisors
+- type 1
+  - Xen
+  - WMWare ESX
+- type 2
+  - QEMU
+  - Bochs
+  - VirtualBox
+  - VMWare Workstation
+- Hyper-V?
+- KVM?
+
+* KVM & Hyper-V
+- hypervisor included in the kernel
+  - Linux (KVM)
+  - Windows kernel (Hyper-V)
+- used as backend (QEMU, VMWare Workstation)
+  - VirtualBox to drop custom kernel module
+- sporadically with distinction (according to Wikipedia)
+  - Virtual Machine Monitor (VMM) — userspace application
+  - hypervisor — kernel part
+
+* Virtualiation Approaches
+- code interpretation
+- binary compilation
+- trapping privileged, state-changing instructions
+  - guest code in non-privileged mode
+  - emulated interrupts & IO
+  - MMU → "shadow tables"
+  - limitation: only compatible architectures
+    - e.g., x86 / x86_64 on x86_64
+  - problem: not all instructions trapped
+    - x86 & ARM extensions
+- paravirtualization
+
+* Hardware-Assisted Virtualization
+- what:
+  - trap-and-emulate enablers (where needed)
+    - Intel VT-x, AMD-V, ARMv7-A Virtualization Extensions
+    - not needed: Power, RISC-V
+
+* Hardware-Assisted Virtualization, Cont.
+- what:
+  - trap-and-emulate enablers (where needed)
+    - Intel VT-x, AMD-V, ARMv7-A Virtualization Extensions
+    - not needed: Power, RISC-V
+  - hardware-virtualized privileged state (e.g., extra)
+  - hardware-virtualized address translation (e.g., 2-level translation in ARM)
+  - hardware-virtualized IO (e.g., Intel VT-d, AMD-V 2.0)
+  - hardware-virtualized interrupts (e.g., Intel VT-x)
+  - …
+
+* Hardware-Assisted Virtualization, Cont…
+- what:
+  - trap-and-emulate enablers (where needed)
+    - Intel VT-x, AMD-V, ARMv7-A Virtualization Extensions
+    - not needed: Power, RISC-V
+  - hardware-virtualized privileged state (e.g., extra)
+  - hardware-virtualized address translation (e.g., 2-level translation in ARM)
+  - hardware-virtualized IO (e.g., Intel VT-d, AMD-V 2.0)
+  - hardware-virtualized interrupts (e.g., Intel VT-x)
+  - …
+- some support in major architectures
+  - x86_64, ARM, Power, RISC-V
+  - exceptions
+    - e.g., Intel Atom
+
+* Xen
+# wget -O XenFuPandaWiki.png https://wiki.xenproject.org/resources/assets/XenFuPandaWiki.png?60ae8
+[[./XenFuPandaWiki.png]]
+- dom0
+- domU
+
+* Xen Virtualization Modes
+- PV
+- HVM
+- PVH
+
+* VM vs Container
+- ?
+
+* VM vs Container, Cont.
+- ?
+- Xen: 18 security advisories in 2026
+- Linux: over 2k CVEs
+- /(is that comparable?)/
+
+* VM vs Container, Cont…
+- ?
+- Xen: 18 security advisories in 2026 (15 in 2025)
+- Linux: over 2k CVEs in 2026
+- /(is that comparable?)/
+- combination: VM + unprivileged user account
+  - defense in depth
+    - unprivileged user (no root)
+    - user mode (lockdown kernel module)
+    - VM
+
+* Qubes OS
+
+* Qubes OS & Xen Architecture Support
+- x86_64
+- ARMv7 + Virtualization Extensions
+- ARMv8
+
+* Qubes OS & Xen Architecture Support, Cont.
+- x86_64
+- ARMv7 + Virtualization Extensions
+- ARMv8
+- 2025 — Xen RISC-V support
+
+* Application-Level Emulation
+- e.g., AArch64 on x86_64
+- vice-versa
+- QEMU User space emulator
+- Rosetta2
+- binfmt_misc