Aug 16 2013

Building an ARM-based VM for SDL Training

Published by at 4:02 pm under Linux,Technology,Virtualization

Before I get into the details of this post I want to provide a bit of a background to this project.  I run the Security Engineering Team for a manufacturer.  We build hardware and software products and my responsibilities include integrating a Security Development Lifecycle (SDL) into our product development process.  I’ve been working on this for about two years, slowly integrating a Microsoft-style SDL into each product’s development lifecycle.  Part of this effort involves developer and architect training.  Initially we chose to use a third-party to provide this training to our developers and kicked off that effort in April of last year.  Unfortunately, the initial training did not go well.  We had significant problems which forced us to re-evaluate our approach to the training.  After the problems we had with the initial round of the Class-Based Training (CBT) we decided to move forward with our own internally developed training.  I mentioned this in a previous blog post that I’ve been focused on putting together training on topics like:

  • Threat Modeling
  • Secure Coding in C and C++
  • Secure Coding in C#/.NET

I went about putting the relevant material for these classes and building out both class presentations as well as hands-on lab materials.  The curve ball I was thrown which resulted in my putting together this VM was sent my way when I gave this class at one of our facilities in France.  I always ask for feedback from the attendees and I got very positive feedback from this class.

About a week after the class was over I got the “unofficial” feedback through one of the guys who works in the Security Engineering Team in Europe.  The gist of this feedback was that while they really liked the labs they felt that it would be more realistic if the labs were done on an ARM-based processor VM rather than the Intel x86 based VMs that I was using.   All of our  hardware products utilize an ARM based processor due to a wide-variety of reasons – not least of which is that they’re embedded devices.

On top of that request the developers were more familiar with Windows (they do all of their development either in Eclipse or, in the case of the guys who develop our .NET based applications, Visual Studio) and they wanted more of a windowing environment like Windows (I don’t know of any version of Windows that runs on the ARM processor).  So, between these two requests I had to start looking at building my own ARM based VM – with the caveat is that it has to run under Windows…yeah…fun!

First thing I had to do was find a processor emulator.  That part was pretty easy – QEMU!  QEMU is a fantastic VM tool – while everyone talks about VMware or VirtualBox or Xen – people tend to overlook QEMU.  QEMU not only provides for building out your own VM that is x86 based but it also allows you to build out VMs that use other processor architectures like ARM, PowerPC, Alpha, SPARC, S390, Motorola 68K, and others.  I mean, this is a really cool tool.

I downloaded the latest version of QEMU (at least it was the latest when I downloaded it): 1.5.1 and installed it on my Windows 7 laptop and then did a search for pointers on how to build an ARM based VM using QEMU.  And boy did I find the links – unfortunately they were all expecting that you would build the VM under a Linux system – not a Windows system.  Some of the links I found that were really helpful were:

Between these sites and some tinkering I was finally able to get the ARM based Debian image built.  However, I had such difficulties with building it under Windows 7 that I finally punted and built it on a spare machine I had in the basement (an HP DL380 2U server with 12GB of memory and 216 GB of hard drive space – you’d think that was overkill but believe it or not the VM took almost half a day to finish building – and then it was a matter of getting the development packages installed!).  I’ll post about the whole effort (and the effort of building the VM under Windows in the next few weeks).

One response so far

One Response to “Building an ARM-based VM for SDL Training”

  1. Rabiaon 16 Oct 2015 at 10:23 pm

    Love the tutorial man, and thakns alot, I’m having one issue. I have the client connecting to the ASA already, authenticated and everything, I’m able to ping the devices in the internal network, but my internet stops works, I’m unable to go out.What could be the issue?

Trackback URI | Comments RSS

Leave a Reply