Arm64QemuQemu 2.0 includes arm64 support, and Debian 8 (and above) fully supports it. BackgroundIn October 2013 the arm64 (aarch64) qemu port became publicly available. It is a user-space emulation, so it may not be applicable to all development tasks. It is fine for building software, and it is _much_ faster and often easier to use than ARM's proprietary (free beer) Foundation Model. The development was done by folks at SUSE Linux, so kudos to them. This code was incorporated into Qemu 2.0 in March 2014 by Linaro, and there is no longer a need to build arm64 from the development branch. You can verify support by checking for the availability of the aarch64 interpreter: # update-binfmts --display | grep -i aarch qemu-aarch64 (enabled): interpreter = /usr/bin/qemu-aarch64-staticInstallationSince Debian supports arm64, installation is as simple as as the following. Step 1The first task is to elevate to root: $ su - password: #Step 2The second step is to configure locales so your Qem...

Testing QEMU ARM TrustZoneA while back we wrote about the QEMU implementation of ARM TrustZone, also known as ARM Security extensions support, and now that this work is being accepted into mainline QEMU we want to highlight some aspects about the usage model and testing of the functionality.Ongoing Work and ProgressSince the last post, the bulk of the ARM CPU Security Extension support has made it to upstream QEMU. Although the functional support is now available upstream, it is currently disabled while the details of the usage are ironed out. Specifically, command line options are being added to allow users to enable or disable the ARM Security extensions from the command line. This is especially important for maintaining backwards compatibility of existing machine models incorporating TrustZone enabled processors.Achieving backwards compatibility and allowing easy future use of ARM TrustZone, we are introducing the following configuration changes:The Security Extensions will be avai...

ARM® TrustZone® in QEMUEver used an application on your smartphone or tablet that accesses security sensitive information such as banking, personal health information, or credit cards?  The demand for mobile devices to do more and more is rapidly growing and includes increased security sensitive tasks.  At the same time, malicious apps are also flooding mobile app stores in hopes of exploiting security holes to take advantage of unsuspecting users.Can we rely on certain apps to protect our personal data and prevent undesired and unauthorized access?  The current solution is to present users with warning dialogs when downloading applications and otherwise trust the rest of the system.  This does not work for a number of reasons.  First, existing protection and isolation principles may not work.  Second, applications may not be implemented according to secure programming guidelines.  Third, other users of devices (such as children or friends) m...

�����ڵ�����Ȩ�鿴����־

确认 PHP 能够正常工作后，编辑 /usr/local/Comsenz/etc/php.ini 进行设置提升 PHP 安全性。查找disable_functions =修改成disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen然后重启 web 服务：service httpd restart查找disable_functions然后用下面的替换 复制代码 代码如下: disable_functions =phpinfo,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source Save and close the file. Restart httpd: 复制代码 代码如下: # service httpd restart Note that the disable_functions directive can not be used outside of the php.ini file which means that you cannot disable functions on a per-virtualhost or per-directory basis in your httpd.conf file. If we add this to our php.ini file: iis中设置方法，在c:\windows\php.ini星外的设置： 代码如下: disable_functions =exec,system,p...

Windows 2003  Tomcat  虚拟主机配置ssl 443 证书访问 打开conf/server.xml会发现有下面一段配置被注释着：     <!--     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"                maxThreads="150" scheme="https" secure="true"                clientAuth="false" sslProtocol="TLS" />     -->这段配置可以让tomcat支持SSL连接。默认是注释的。取消他的注释，并按需修改。 secure必须设置为true，scheme必须设计为https 如果你更改了SSL端口8443为其他端口，你必须修改其他非SSL的redirectPort,因为非SSL连接会重定向那些需要SSL安全约束的用户请求到你所修改的那个端口。  去掉注释，并启动tomcat，输入 https://localhost:8443 就可以看到SSL加密效果。 8443是配置的ssl请求连接端口   配置Keystores 要使用ssl connector，必须先创建一个keystore。他包含了服务器中被客户端用于验证服...

加容易，所以之前也就没有再单独写这部分的文章。 最近遇到几个案例都是探讨虚机备份和低成本的异地灾备的，而且这几天在做 Windows Server 2012 R2 Preview 到 RTM 迁移时也涉及到了 Hyper-V 复制，所以打算写篇东西出来跟大家分享分享，也算给自己留个存档。Hyper-V 复制，即：Hyper-V Replica，也称之为 Hyper-V 副本，是一种异步虚拟机复制技术，基于 HTTP 协议进行传输，所以它也非常适合应用在广域网环境中。在设计上，Hyper-V 复制主要用于商业连续性和灾难恢复场景。因为不需要任何共享存储，所以该技术可用于任何服务器、网络或存储供应商的设备。 要为 Hyper-V 主机启用复制功能，首先确保当前主机已经加入到 AD，并参考无需共享存储的实时迁移对主机做 Kerberos 委派，添加“hyper-v replica service”，然后还要修改当前主机的 Hyper-V 设置，在“复制配置”下勾选“启用此计算机作为副本服务器”，并选择“使用 Kerberos (HTTP)”端口保持80默认，在“授权和存储”选项下，选择“允许从任何经过身份验证的服务器重进行服务”，并指定副本的默认存储位置。可参考下图设置： 在完成上述设置后向导会提示防火墙设置的相关警告，我们只需要进入防...

Redhat 7.1 Lilo引导报错误:request_module[ide-cd]:root fs not mounted,VFS: Cannot open root  很旧的redhat 7 桌面版系统，内核2.4 ,装有oltp 系统，现在通过p2v 功能，将物理机转换到虚拟机上面。但是在启动虚拟机时，报错误 ：request_module[ide-cd]:root fs not mountedhdc: driver not presentVFS: Cannot open root device "1608" or 16:08please append a correct "root=" boot option kernel panic: VFS: Unable to mount root fs on 16:08如下图：提示系统盘在第三块硬盘。hdc上面，其实，虚拟机，只配置了一个ide硬盘。但是将虚拟机挂载到cdlinux里面修改 fstab 与lilo.conf配置文件，都修改成hda 时，打开虚拟机，一样报错误，怎么修改都不行。最后，想到，增加两块虚拟机新硬盘。将系统盘，排在第三块顺序。再打开虚拟机，终于可以正常进系统了。就是一直不明白，为什么修改配置引导文件，却没有用。

�����ڵ�����Ȩ�鿴����־

下面以在 Linux 服务器上部署 Apache、MySQL、PHP 为例，演示搭建环境的具体过程。系统约定软件源代码包存放位置/usr/local/srcApache、MySQL、PHP 源码包编译安装位置(prefix)/usr/local/Comsenz/software_name脚本以及维护程序存放位置/usr/local/Comsenz/sbinMySQL 数据库位置/data/mysql（可按情况设置）Apache 网站根目录/data/wwwroot（可按情况设置）Apache 虚拟主机日志根目录/data/wwwroot/logs（可按情况设置）Apache 运行账户www:www系统环境初始化1、检查系统是否正常more /var/log/messages（检查有无系统级错误信息）dmesg （检查硬件设备是否有错误信息）cat /proc/cpuinfo (检查 CPU 频率是否正常)top (按 1 检测 CPU 核数是否正常，内存大小是否正常)ifconfig（检查网卡设置是否正确）ping www.qq.com（检查网络是否正常）2、关闭不需要的服务执行 ntsysv 命令：ntsysv在服务设置界面，设置各项服务的开关。以下仅列出需要启动的服务，未列出的服务一律推荐关闭：atdcrondirqbalancemicrocode_ctlnetworksendmailsshdsyslog关闭 SElinux ，关闭方法如下：修改 /etc/selinux/config 文件中的 SELINUX= 为 disabled。3、更换快速下载源mv /etc/yum.repos.d/Ce...