Installing KF x In A VirtualBox Macos Host - novafacing/kernel-fuzzer-for-xen-project GitHub Wiki

This section walks through installation of Ubuntu in a VM and installation of KF/x on Ubuntu in that VM for MacOS host machines. These instructions are tested on a Ubuntu 22.04 host machine as well as a Fedora 37 host machine, but should work with few modifications on other distributions.

Install VirtualBox (MacOS)

For Intel Macs, you can download VirtualBox from the Oracle VirtualBox Downloads Page. Apple Silicon Mac support is in Beta, and you can download VirtualBox for Apple Silicon Macs here. Note that on Apple Silicon Macs, you may need to download the x86 version of Ubuntu instead of the amd64 version, and other unknown issues may occur. As of last writing, M2 macbooks will boot Ubuntu 22.04.2, but will crash before the installation dialogue appears.

Create a Ubuntu 22.04 Virtual Machine (MacOS)

Download Ubuntu 22.04.2 LTS

First, download the Ubuntu 22.04.2 LTS operating system image from Canonical here. We highly recommend using the Server image, and the documentation below uses that image. This tutorial will assume the image has been downloaded to ~/Downloads/ubuntu-22.04.2-live-server-amd64.iso.

Ensure VBoxManage Works

Open a terminal and ensure the output of the command:

vboxmanage --version

matches the version you installed.

Create and Configure Ubuntu 22.04.2 LTS Virtual Machine

First, create the Virtual Machine and register it with VirtualBox.

vboxmanage createvm --name Kfx-Ubuntu-22.04 --register

Now, we will set up our VM. There are many settings here, most of which do not need modification. Some settings may be adjusted depending on your hardware, however:

  • --memory - 4096 MB is a minimum and you should increase this value to 8192 or 16384 if you have enough RAM available.
  • --cpus - 2 CPUs is a minimum and you should increase this value as much as possible.

To understand the remaining settings, you can consult the documentation.

vboxmanage modifyvm Kfx-Ubuntu-22.04 \
	--ostype Ubuntu_64 \
	--memory 4096 \
	--cpus 2 \
	--vram 33 \
	--cpuexecutioncap 100 \
	--hpet off \
	--cpu-profile host \
	--chipset piix3 \
	--firmware bios \
	--pae off \
	--longmode on \
	--triplefaultreset off \
	--apic on \
	--x2apic on \
	--hwvirtex on \
	--boot1 disk \
	--boot2 dvd \
	--boot3 none \
	--boot4 none \
	--acpi on \
	--ioapic on \
	--biosapic apic \
	--biossystemtimeoffset 0 \
	--rtcuseutc on \
	--nestedpaging on \
	--largepages on \
	--vtxvpid on \
	--paravirtprovider kvm \
	--graphicscontroller vmsvga \
	--teleporter off \
	--tracing-enabled off \
	--autostart-enabled off \
	--nic1 nat \
	--nictype1 82540EM \
	--cableconnected1 on

Our machine needs a hard drive. We will create a virtual disk in a location with sufficient storage, and attach both the virtual disk and our Ubuntu 22.04.2 ISO to the VM. The created disk will be 128GB in size, enough to store at least one MacOS image. If size is very constrained, use 98304, or 96GB instead.

Note: Be sure to change:

  • The path to your downloaded ISO file, if it is different
  • The path to the .vdi file you are about to create and use, if you would like to place it elsewhere (for example, an alternate drive)

We will first create a directory in the location we wish to create a Virtual Hard Disk. You may put this location anywhere, even a removable drive, but we default to the directory VirtualBox uses.

vboxmanage createhd --filename "~/VirtualBox VMs/Kfx-Ubuntu-22.04.vdi" \
    --size 131072
vboxmanage storagectl Kfx-Ubuntu-22.04 --add sata --controller IntelAHCI \
    --name "SATA"
vboxmanage storageattach Kfx-Ubuntu-22.04 --storagectl "SATA" --port 0 --device 0 \
    --type hdd --medium "~/VirtualBox VMs/Kfx-Ubuntu-22.04.vdi"
vboxmanage storageattach Kfx-Ubuntu-22.04 --storagectl "SATA" --port 1 --device 0 \
    --type dvddrive --medium "~/Downloads/ubuntu-22.04.2-live-server-amd64.iso"

You should now have a fully configured VM ready to install Ubuntu 22.04.2.

Install Ubuntu 22.04.2 (MacOS Host)

With our VM created and configured, we can now set up Ubuntu 22.04.2. Run the command below to start the VM. A VirtualBox GUI window should appear with the machine video output soon after running the command.

vboxmanage startvm Kfx-Ubuntu-22.04

After booting, the machine should open to the Ubuntu 22.04.2 installer. At the language select screen, select English by pressing Enter.

On the next screen, press the Up Arrow to select Update to the new installer, then press Enter to confirm. You should see a brief download screen followed by the installer restarting.

The default keyboard configuration is almost certainly correct. Press Enter to continue.

Select Ubuntu Server as the type of install, and press Space to accept Search for third-party drivers then press Enter to continue.

Accept the automatically detected network configuration. This is the NAT network we attached earlier.

On the screen to Configure proxy, do not enter a proxy address. We will configure proxy addresses as needed for certain commands later.

Accept the default Ubuntu archive mirror by pressing Enter.

On the next page, Guided storage configuration, press Tab until the Done option is highlighted, then press Enter to accept the default configuration.

The installer will then present a summary of the disk changes. Press Enter to accept.

A confirmation dialog will appear. Press the down arrow key to highlight Continue, then Enter to accept.

Next, set a name, hostname, username, and password. These can all be any value you choose, but make sure to remember them.

Do not enable Ubuntu Pro, it is not free for commercial use.

Next, on the SSH setup page, select Install OpenSSH server by pressing the space button with the menu option selected. You may wish to import your public SSH keys from GitHub as well by selecting from Github under the Import SSH identity dropdown by selecting the dropdown with the space button. Finally, select Allow password authentication over SSH if you did not import your SSH key from GitHub (you may wish to enable this anyway if you are not on a public network).

You should see a confirmation dialog informing you your SSH public keys have been fetched. Press Enter to confirm.

There are most likely no third-party drivers. Press Enter to continue when the installer informs you of this.

No featured snaps are needed. Press Tab, then Enter to proceed.

The install process will now proceed until it is complete. When it is, you will be presented with an option to reboot. Press Enter to begin the reboot process.

You will most likely be presented with an error Failed unmounting /cdrom. This is OK, we will run a command below to shut down the VM and remove the drive. Do not press Enter.

In your terminal, run the commands below to power down the VM and remove the ISO drive.

vboxmanage controlvm Kfx-Ubuntu-22.04 poweroff
vboxmanage storageattach Kfx-Ubuntu-22.04 --storagectl "SATA" --port 1 --device 0 \
    --type dvddrive --medium none

Ubuntu set up is now complete. We will test the installation by powering up the VM first:

vboxmanage startvm Kfx-Ubuntu-22.04

The VM should boot, and soon after you will see a login prompt like the one below:

Log in by typing your username and password, then shut down the machine by running the command below in the VM.

sudo shutdown now

After booting up, logging in, then shutting the VM down again, we will discover the name of our Host-Only interface to attach it to our machine.

vboxmanage list hostonlyifs

You should see output similar to the output below.

Name:            VirtualBox Host-Only Ethernet Adapter
GUID:            6e8f7365-f167-4ba0-8705-c28dec796c5e
DHCP:            Disabled
IPAddress:       192.168.56.1
NetworkMask:     255.255.255.0
IPV6Address:     fe80::8921:e7bb:efa2:72e9
IPV6NetworkMaskPrefixLength: 64
HardwareAddress: 0a:00:27:00:00:3e
MediumType:      Ethernet
Wireless:        No
Status:          Up
VBoxNetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter

If there is no output (that is, the list is empty), we need to create a Host-Only network by running the command below. Otherwise, you can move on.

vboxmanage hostonlyif create

Followed by:

vboxmanage list hostonlyifs

You will see some output of the form below, where the Name field is the important information.

Name:            VirtualBox Host-Only Ethernet Adapter
GUID:            6e8f7365-f167-4ba0-8705-c28dec796c5e
DHCP:            Disabled
IPAddress:       192.168.56.1
NetworkMask:     255.255.255.0
IPV6Address:     fe80::8921:e7bb:efa2:72e9
IPV6NetworkMaskPrefixLength: 64
HardwareAddress: 0a:00:27:00:00:3e
MediumType:      Ethernet
Wireless:        No
Status:          Up
VBoxNetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter

We then modify the VM again to attach our Host-Only interface.

vboxmanage modifyvm Kfx-Ubuntu-22.04 --nic2 hostonly `
    --hostonlyadapter2 "VirtualBox Host-Only Ethernet Adapter" --nictype2 82540EM

After creating the Host-Only interface and attaching the NIC, we will boot our machine back up.

vboxmanage startvm Kfx-Ubuntu-22.04

To use the Host-Only interface, we need to enable it in our VM. On the command line of the vm, run:

sudo ip addr

You should see output similar to the below. Note that the interface names (the names starting with enp) may be different, so make a note of them. The first name is the NAT network interface, and should have an IP address assigned (in this case 10.0.2.15). The second is the Host-Only network interface, and will likely not have an IP address assigned.

We will now use Netplan to configure networking for the VM. If you have not used it before, feel free to take a look at the netplan docs, although for this tutorial you can simply copy the configurations provided. In the VM, run vim to edit the configuration file. If you are not comfortable using vim, feel free to use nano instead (sudo nano /etc/netplan/99_config.yaml).

sudo vim /etc/netplan/99_config.yaml

This will open the text editor. Type the following configuration. Note that indentation characters are spaces. If the names of your network interfaces printed above are different than those in this configuration file, be sure to substitute the values displayed in your VM.

network:
	version: 2
	renderer: networkd
	ethernets:
		enp0s3:
			dhcp4: true
		enp0s8:
			dhcp4: true

Save the file (:x in vim or Ctrl+X, Y, Enter in nano). Then run:

sudo netplan generate
sudo netplan apply

This will apply the new network configuration. Finally, shut down the machine.

sudo shutdown now

Now that we have our network interfaces configured, we can boot the machine in headless mode to avoid needing GUI windows and connect via SSH instead. Boot up the machine in headless mode.

vboxmanage startvm Kfx-Ubuntu-22.04 --type headless

Note: While running in headless mode, the VM can be shut down at any time by running:

vboxmanage controlvm Kfx-Ubuntu-22.04 poweroff

After booting the machine, we will determine the IP address of its Host-Only network interface to allow us to connect via SSH.

MAC = vboxmanage showvminfo Kfx-Ubuntu-22.04 \
    | grep -oE "MAC:\s+([0-9A-F]+).*VirtualBox Host-Only Ethernet Adapter"
vboxmanage dhcpserver findlease \
    --interface "VirtualBox Host-Only Ethernet Adapter" --mac-address "${MAC}"

After running these two commands, you should get output similar to the below.

IP Address:  192.168.56.105
MAC Address: 08:00:27:03:f9:81
State:       acked
Issued:      2023-02-16T18:24:23Z (1676571863)
Expire:      2023-02-16T18:34:23Z (1676572463)
TTL:         600 sec, currently 372 sec left

Now, you can SSH to this IP address:

$ ssh [email protected]
The authenticity of host '192.168.56.105 (192.168.56.105)' can't be established.
ECDSA key fingerprint is SHA256:x1i0Fp+FHryUZgVKxjMEW45XiWll/gWG1G+HojdYu6k.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.56.105' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 22.04.2 LTS (GNU/MacOS 5.15.0-60-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Thu Feb 16 06:28:54 PM UTC 2023

  System load:  0.0                Processes:               170
  Usage of /:   10.6% of 61.71GB   Users logged in:         0
  Memory usage: 5%                 IPv4 address for enp0s3: 10.0.2.15
  Swap usage:   0%                 IPv4 address for enp0s8: 192.168.56.105


62 updates can be applied immediately.
To see these additional updates run: apt list --upgradable


Last login: Thu Feb 16 18:04:36 2023
rhart@kfx-ubuntu-2204:~$

We now have a working SSH-able VirtualBox VM! Next, we'll install KF/x Xen on it and prepare the machine for fuzzing.

Installing KF/x

To install the Xen Hypervisor, first download the kfx-bundle deb package from the project releases tab. This tutorial uses the 4.16.1-0.0.1-git-184b844 version, but you should download the latest release. Because you need to be on the Intel VPN and authorized through SSO to download releases from GitHub, you will need to download this release file from your web browser to your host machine. After downloading, you can transfer the file to your guest machine (note: this assumes the release was downloaded to the ~Downloads directory. If your downloads are configured to go elsewhere, substitute the command appropriately).

$ cd Downloads
$ sftp [email protected]
sftp> put kfx-bundle_4.16.1-0.0.1-git-184b844-jammy_amd64.deb
Uploading kfx-bundle_4.16.1-0.0.1-git-184b844-jammy_amd64.deb to /home/rhart/kfx-bundle_4.16.1-0.0.1-git-184b844-jammy_amd64.deb
kfx-bundle_4.16.1-0.0.1-git-184b844-jammy_amd64.deb    100%   75MB 113.9MB/s   00:00

After transferring the package to your guest machine, return to your SSH window and run the commands below. Note: If your host machine is currently connected to the Intel VPN, you will need to add the options -o Acquire::http::Proxy="http://proxy-us.intel.com:911" -o Acquire::http::Proxy="http://proxy-us.intel.com:912" after apt in the install command.

chmod 777 ./kfx-bundle_4.16.1-0.0.1-git-184b844-jammy_amd64.deb   
sudo apt install ./kfx-bundle_4.16.1-0.0.1-git-184b844-jammy_amd64.deb

You'll see output something like this:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'kfx-bundle' instead of './kfx-bundle_4.16.1-0.0.1-git-184b844-jammy_amd64.deb'
The following additional packages will be installed:
  genisoimage libasyncns0 libfdt1 libflac8 libfuse2 libjpeg-turbo8 libjpeg8 libogg0 libopus0  
  libpixman-1-0 libpulse0 libsndfile1 libvorbis0a libvorbisenc2 libx11-xcb1 libyajl2
Suggested packages:
  wodim cdrkit-doc opus-tools pulseaudio
The following NEW packages will be installed:
=> GRUB_TIMEOUT=30 seconds
=> GRUB_TIMEOUT_STYLE=menu
=> dom0 Memory:    1962 MB
=> dom0 CPU cores: 1 Cores
=> Xen Options: dom0_mem=1962M,max=1962M dom0_max_vcpus=1 hap_1gb=false hap_2mb=false loglvl=all guest_loglvl=all earlyprintk=xen vpmu=bts hpet=legacy-replacement iommu=no-sharept spec-ctrl=0 altp2m=1 xpti=0
=> MacOS With Xen Options:  splash
!  If you need to make changes to these options,
!  edit /etc/default/grub.d/xen.cfg then run
!  'sudo update-grub' to update the GRUB configuration.
------------------------------------------
WARNING: GRUB_DEFAULT changed to boot into Xen by default
!         Edit /etc/default/grub.d/xen.cfg to avoid this warning.
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.0-43-generic
Found initrd image: /boot/initrd.img-5.15.0-43-generic
dpkg: warning: version '/boot/xen.gz' has bad syntax: version number does not start with digit
Found linux image: /boot/vmlinuz-5.15.0-43-generic
Found initrd image: /boot/initrd.img-5.15.0-43-generic
Found linux image: /boot/vmlinuz-5.15.0-43-generic
Found initrd image: /boot/initrd.img-5.15.0-43-generic
Found linux image: /boot/vmlinuz-5.15.0-43-generic
Found initrd image: /boot/initrd.img-5.15.0-43-generic
Found linux image: /boot/vmlinuz-5.15.0-43-generic
Found initrd image: /boot/initrd.img-5.15.0-43-generic
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done
Created symlink /etc/systemd/system/multi-user.target.wants/xen-qemu-dom0-disk-backend.service → /usr/local/lib/systemd/system/xen-qemu-dom0-disk-backend.service.
Created symlink /etc/systemd/system/multi-user.target.wants/xen-init-dom0.service → /usr/local/lib/systemd/system/xen-init-dom0.service.
Created symlink /etc/systemd/system/multi-user.target.wants/xenconsoled.service → /usr/local/lib/systemd/system/xenconsoled.service.add xenfs to /etc/fstab
Detected system is not running on Xen, checking EPT support in /proc/cpuinfo...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Processing triggers for man-db (2.10.2-1) ...
Scanning processes...
Scanning linux images...

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

Next, you will need to restart your machine to reboot into the Xen hypervisor. Run:

sudo reboot now

Ubuntu with Xen Hypervisor will now be the default boot option, and your machine should boot into Xen after 30 seconds (if you would like, you can view the screen at boot time by selecting the Show option in the Oracle VM VirtualBox Manager window to monitor the progress, or you can simply wait until SSh connects). After approximately 3 minutes (depending on the speed of your machine), you will be able to reconnect via SSH.

To ensure you are running in the Xen hypervisor, run:

xen-detect

You should see:

Running in PV context on Xen V4.16.

This means we have successfully installed the Xen hypervisor!

⚠️ **GitHub.com Fallback** ⚠️