Mtsst: elbrus real-time operating system srv elbrus. Elbrus operating system and Elbrus microprocessors in onboard real-time systems Evgeniy Kravtsunov, Konstantin Trushkin

24.05.2019 OS

The need for the accelerated development of the domestic software market, ensuring maximum independence from foreign developments in the field of high technologies and maintaining information sovereignty was first discussed at the highest level in 2014, when US and EU sanctions sharply increased the risks associated with the use of foreign software in business and government organizations ... It was then that the Ministry of Communications and Mass Media of the Russian Federation was seriously puzzled by the solution of this strategically significant, according to officials, issue along with stimulating demand for national products and working out appropriate measures to support domestic developers. As a result, restrictions on the admission of foreign software in the implementation of state and municipal purchases, as well as the rules for the formation and maintenance of a unified register of Russian programs, were approved at the legislative level as soon as possible. All this had a positive effect on the software market in Russia, which has recently been replenished with many interesting projects and developments. Including in the field of operating systems.

Alt Linux SPT is a unified Linux-based distribution kit for servers, workstations and thin clients with built-in information security software, which can be used to build automated systems for class 1B inclusive and personal data information systems (ISPDN) for class 1K inclusive. The OS allows you to simultaneously store and process confidential data on one personal computer or server, provide multi-user work with differentiated access to information, work with virtual machines, and use centralized authorization tools. The certificate issued by FSTEC of Russia confirms the compliance of the product with the requirements of the following guidelines: “Computer facilities. Protection against unauthorized access to information. Indicators of security against unauthorized access to information "- for the 4th security class; "Protection against unauthorized access to information. Part 1. Software for information security. Classification by the level of lack of undeclared capabilities "- by the 3rd level of control and technical conditions. Technical support for Alt Linux SPT users is provided by Free Software and Technologies through its developer partner Basalt SPO.

⇡

Developer: "Basalt SPO" company

The Alt platform is a set of enterprise-level Linux distributions that allow you to deploy corporate IT infrastructure of any scale. The platform includes three distributions. This is a universal "Alt Workstation", which includes an operating system and a set of applications for full-fledged work. The second is the Alt Server server distribution kit, which can act as an Active Directory domain controller and contains the most complete set of services and environments for creating a corporate infrastructure (DBMS, mail and web server, authentication tools, team work, virtual machine management and monitoring, etc. tools). The third - "Alt Education 8", focused on everyday use in planning, organizing and conducting the educational process in institutions of general, secondary and higher education. In addition, the above-mentioned certified Alt Linux SPT distribution kit and the Simply Linux operating system for home users are presented in the series of products of the company "Basalt SPO".

⇡

Developer: National Center for Informatization (part of the state corporation "Rostec")

Russian project to create an ecosystem of software products based on the Linux distribution, designed for the comprehensive automation of workplaces and IT infrastructure of organizations and enterprises, including in data centers, on servers and client workstations. The platform is presented in the versions "OS. Office" and "OS. Server". They differ in the sets of application software included in the distribution kit. The office edition of the product contains the operating system itself, information security tools, a software package for working with documents, an email client and a browser. The server version includes an operating system, information security tools, monitoring and system management tools, an e-mail server and a DBMS. Potential users of the platform include federal and regional authorities, local governments, state-owned companies and state corporations. It is assumed that the OSi-based ecosystem in the near future will become a full-fledged alternative to Western counterparts.

Development of the research and production association "RusBITech", presented in two versions: Astra Linux Common Edition (general purpose) and Astra Linux Special Edition (special purpose). Features of the latest OS version: advanced means of ensuring information security of processed data, a mechanism for mandatory access control and control of the closedness of the software environment, built-in tools for marking documents, registering events, monitoring data integrity, as well as other components providing information protection. According to the assurances of the developers, Astra Linux Special Edition is the only software platform that is simultaneously certified in the certification systems of information security tools of the FSTEC of Russia, the FSB, the Ministry of Defense of the Russian Federation and allows processing in automated tools of all ministries, departments and other institutions of the Russian Federation restricted information containing components of the state secret information with a stamp not higher than "top secret".

⇡ ROSALinux

Developer: STC IT ROSA LLC

The ROSA Linux family of operating systems includes an impressive set of solutions designed for home use (ROSA Fresh version) and use in a corporate environment (ROSA Enterprise Desktop), deployment of infrastructure IT services of an organization (ROSA Enterprise Linux Server), processing of confidential information and personal data ( ROSA "Cobalt"), as well as information constituting a state secret (ROSA "Chrome" and "Nickel"). The listed products are based on the developments of Red Hat Enterprise Linux, Mandriva and CentOS with the inclusion of a large number of additional components, including the original ones, created by the programmers of the ROSA Scientific and Technical Center for Information Technologies. In particular, OS distributions for the corporate market segment include virtualization tools, backup software, tools for building private clouds, as well as centralized management of network resources and storage systems.

⇡

Developer: Calculate company

Calculate Linux is available in Desktop, Directory Server, Scratch, Scratch Server editions and is designed for home users and small and medium-sized businesses who prefer to use open source software instead of proprietary solutions. Platform features: full work in heterogeneous networks, roaming user profiles mechanism, centralized software deployment toolkit, ease of administration, the ability to install on portable USB drives and support for binary repositories of Gentoo updates. It is important that the development team is available and open to any comments, suggestions and wishes of the user audience, as evidenced by the huge number of ways to get involved in the Calculate Linux community and platform development.

⇡ "Ulyanovsk.BSD »

Developer: Sergey Volkov

The operating system, which is built on the basis of the free platform FreeBSD and contains the necessary set of applications for home users and office tasks. According to the sole OS developer Sergei Volkov, Ulyanovsk.BSD is fully adapted to the needs of Russian-speaking users. “Our assembly is as light as possible and is ideal for use both on home computers and on workstations of employees of various organizations, as well as for use in educational institutions,” the author of the project claims, without going into details of what exactly the product compiled by him is different from the original. The solidity of the project is added not only by the presence of a distribution kit distributed on a commercial basis and paid technical support, but also by an entry in the register of Russian software. This means that the Ulyanovsk.BSD software platform can legally be used by state organizations in the framework of projects for the introduction of import-substituting technologies.

A certified and secure operating system that allows you to process information in accordance with Federal Law No. 152 "On Personal Data" and implement systems for processing information of limited access, not related to state secrets. ICLinux includes remote administration tools, has a built-in firewall certified for compliance with the RD ME for the 3rd security class, supports RDP, X-Windows System, SSH, Telnet, VNC, VPN, NX, ICA and other protocols. The platform also includes compatibility with the authentication means of the company "Aladdin R.D." and a modular architecture that allows you to flexibly customize the operating system according to customer requirements.

⇡ Alfa OS

Developer: ALFA Vision company

Another Linux clone, equipped with a user interface a la macOS with a set of familiar office applications and filled with deep philosophical meaning. No kidding, on the developer's website in the "About the company" section, it says: " The operating system is a special phenomenon, the point at which technological, aesthetic and humanitarian concepts converge. A top that is visible from all sides. For it to shine, to become what it should be, a wide variety of meaningful experience is needed. And we have it". How much expression there is in these words, what a presentation of information! Agree, not everyone can present their product to a wide audience so expressively. At the moment, "Alpha OS" is presented as a desktop version for x86-compatible systems. In the future, ALFA Vision intends to roll out to the market a mobile and server edition of the OS, as well as an assembly of the distribution kit for devices based on ARM processors.

A software platform designed specifically for computing systems with SPARC and Elbrus architecture. A feature of the system is a radically redesigned Linux kernel, in which special mechanisms for managing processes, virtual memory, interrupts, signals, synchronization, and support for tagged computations were implemented. " We have done fundamental work on transforming the Linux operating system into an operating system that supports real-time operation, for which we implemented relevant optimizations in the kernel. In the course of work in real time, you can set various modes for processing external interrupts, scheduling calculations, exchanges with disk drives and some others", - explain in the company" MCST ". In addition, a complex of information protection means from unauthorized access is built into the core of the Elbrus software platform, which allows the operating system to be used to build automated systems that meet the highest information security requirements. The system also includes tools for archiving, task scheduling, software development and other tools.

⇡ "EdOS "

An operating system based on the Linux kernel, created with an eye to ensuring the security of processed data. "Red OS" complies with national requirements for information security, has pre-configured configurations for each hardware architecture, uses GOST 34.11-2012 algorithms in the ssh and NX protocols, and also supports access control lists. In addition, the OS supports network authentication using Pluggable Authentication Modules (PAM) and includes a specialized distributed audit subsystem that allows you to track critical security events in the corporate network and provides the IT administrator with the necessary tools to quickly respond to incidents. IB.

⇡ GosLinux ("GosLinux")

Developer: Red Soft company

OS GosLinux was created specifically for the needs of the Federal Bailiff Service of the Russian Federation (FSSP of Russia) and is suitable for use in all government bodies, state non-budgetary funds and local governments. The platform is built on the basis of the CentOS 6.4 distribution, which includes the developments of Red Hat Enterprise Linux. The system is presented in two editions - for servers and workstations, contains a simplified graphical interface and a set of pre-configured information security tools. The OS developer is the Red Soft company, which won the competition in March 2013 for the revision, implementation and maintenance of automated information systems of the FSSP of Russia. In 2014, the system received a certificate of conformity from the FSTEC of Russia, confirming that GosLinux has an estimated trust level OUD3 and meets the requirements of the guidance document of the State Technical Commission of the Russian Federation for the 4th level of control over the absence of undeclared capabilities. The GosLinux OS distribution kit for government bodies is located in the national fund of algorithms and programs at nfap.minsvyaz.ru. At the moment, the GosLinux platform is being actively deployed in all territorial bodies and divisions of the FSSP of Russia. Also, the OS was transferred for trial operation to representatives of the authorities of the Nizhny Novgorod, Volgograd and Yaroslavl regions.

⇡

Developer: LLC "Almi"

Product website:

Another Linux build on our list that definitely does not suffer from a lack of praise from the developers. " Unique, perfect, simple, combining the convenience of a Windows operating system, the stability of macOS and the security of Linux"- with such phrases raising AlterOS to heaven, the official website of the product is stitched up and down. What exactly is the uniqueness of the domestic platform, the site does not say, but provides information on three editions of the OS: AlterOS Volga for the public sector, AlterOS Amur for the corporate segment and AlterOS Don for servers. It is reported that the system is compatible with a variety of software solutions that are in demand in the business environment, including 1C and Consultant Plus, as well as domestic crypto protection tools (for example, CryptoPro). A separate emphasis is placed on the absence in the version of the platform for government organizations of software that interacts with foreign servers - everything is done according to the canons of maximum import substitution, the developers say.

⇡ Armed Forces Mobile System (MSVS)

Developer: All-Russian Research Institute of Control Automation in the Non-Industrial Sphere named after V.I. V. V. Solomatina (VNIINS)

A secure general-purpose operating system designed to build stationary and mobile secure automated systems in the Armed Forces of the Russian Federation. Accepted for supply to the RF Armed Forces in 2002. The MSWS is based on the Linux kernel and components, supplemented by discretionary, mandatory and role-based models of differentiating access to information. The system operates on hardware platforms Intel (x86 and x86_64), SPARC (Elbrus-90mikro), MIPS, PowerPC64, SPARC64 and is certified according to the information security requirements of the Ministry of Defense of the Russian Federation. The security tools implemented in the WSWS allow the creation of automated systems on the basis of the platform that process information constituting a state secret and having a "SS" (top secret) degree of secrecy.

⇡ "Zarya"

Developer: Federal State Unitary Enterprise "Central Research Institute of Economics, Informatics and Control Systems" ("TsNII EISU", part of the "United Instrument-Making Corporation")

A family of software platforms based on the Linux kernel, which represent an alternative to foreign operating systems currently used in law enforcement agencies, the public sector and at defense enterprises. The Zarya desktop operating system is compatible with most traditional office applications and programs. The Zarya-DPC server platform allows you to organize an application server or a database server. For building data centers, it offers a standard set of server software, virtualization tools, and the ability to work on the so-called "big hardware", including mainframes. For embedded systems that work without human intervention, which must process information in real time, a special OS "Zarya RV" has been developed. The system complies with the third class of protection against unauthorized access and the second level of control over the absence of undeclared capabilities. The platform was developed by order of the Russian Ministry of Defense and is expected to be in demand by law enforcement agencies, the defense complex, as well as commercial structures working with state secrets and personal data.

Operating system for terminal stations. It is based on Linux and contains only the necessary set of tools for organizing workplaces using thin clients. All functions outside this scope are excluded from the distribution. Kraftway Terminal Linux supports a variety of application-level network protocols (RDP, VNC, SSH, NX, XWindow, VMWare View PCoIP, etc.), allows you to configure permissions for forwarding USB media, provides the ability to use network and local printers, contains configuration recovery tools OS on reboot, as well as tools for remote group management of terminal stations and administration of workplaces. The peculiarity of the system is high security. Kraftway Terminal Linux also supports user authentication hardware: eToken PRO and eToken PRO Java USB keys from Aladdin R.D. CJSC, as well as RuToken S and RuToken EDS from Aktiv-soft CJSC. The OS update can be carried out by the administrator via a local network or from a USB drive. It is possible to configure auto-update both from the customer's local server and from the server of the Kraftway company.

⇡ WTware

Developer: Andrey Kovalev

Another software platform for deploying workplaces in the IT infrastructure of an enterprise using inexpensive terminal solutions. WTware distribution kit includes services for network booting, tools for working with printers, barcode scanners and other peripheral equipment. Supports COM and USB port forwarding and smart card authentication. The RDP protocol is used to connect to the terminal server, and detailed documentation is attached to the distribution kit to promptly resolve issues that arise when setting up the operating system. WTware is distributed on commercial terms and licensed by the number of workstations. For the Raspberry Pi mini-computer, the developer offers a free version of the OS.

⇡ KasperskyOS

Developer: "Kaspersky Lab"

A secure operating system designed for use on mission-critical infrastructures and devices. The Kaspersky Lab platform can be used in automated process control systems (APCS), telecommunications equipment, medical devices, cars and other gadgets from the world of the Internet of Things. The OS was created from scratch and, due to its architecture, guarantees a high level of information security. The basic principle of operation of KasperskyOS is reduced to the rule “everything that is not allowed is prohibited”. This eliminates the possibility of exploiting both known vulnerabilities and those that will be discovered in the future. At the same time, all security policies, including prohibitions on the execution of certain processes and actions, are configured in accordance with the needs of the organization. The platform will be supplied as pre-installed software on various types of equipment used in industrial and corporate networks. Currently, the secure operating system of Kaspersky Lab has been integrated into the L3 routing switch developed by Kraftway.

Real-time operating system (RTOS), written by AstroSoft programmers from scratch, without borrowing someone else's code, and intended primarily for the Internet of things and embedded devices. In addition, it is suitable for robotics, medical equipment, smart home and smart city systems, consumer electronics, etc. For the first time, the MAKS real-time OS (the abbreviation stands for “multi-agent coherent system”) was demonstrated to a wide audience in January 2017 year. The platform not only implements all the classic functionality of this type of product, but also has a number of unique possibilities for organizing the interaction of many devices, which make it possible to simplify the creation of mechanisms necessary in embedded systems: redundancy, hot swap of equipment, etc. One of the MAKS features is support for shared memory at the device level. This mechanism provides automatic synchronization of information between the nodes of a distributed system, resistant to failures of individual components. RTOS "MAKS" is included in the register of domestic software. In addition, the product is registered with the Federal Service for Intellectual Property (Rospatent) and is currently being certified by the Federal Service for Technical and Export Control (FSTEC of Russia) for the fourth level of control of undeclared capabilities (NDV).

⇡ As a conclusion

There are two approaches to creating Russian software. The first is to write the source code of products from scratch, entirely by domestic specialists. The second option involves the creation of national software based on the revision of the borrowed source codes. This is what the Russian software companies working in the field of import substitution of software adhere to. Our top 20 operating systems labeled "Made in Russia" are a clear confirmation of this. Good or bad is a big question, a subject for a separate discussion.

A series of supercomputers was published under the proud name "Elbrus", which was developed by the Soviet scientist Vsevolod Sergeevich Burtsev (70-80s).

These computers introduced a number of innovations in the theory of computers, such as superscalarity (processing more than one instruction per clock cycle), implementation of secure programming with hardware data types, parallel processing of several instructions. But the main feature of Soviet supercomputers was their focus on high-level languages. Soviet-American scientist Vladimir Mstislavovich Pentkovsky, who participated in the development of Elbrus, created a high-level programming language El-76.

In addition to improving the sphere of Soviet computers, the computer became the basis for the creation of 64-bit universal microprocessors "Elbrus 4-C" and the next generation "Elbrus 8-C". They diluted the market for American manufacturers Intel, AMD and IBM. Local development and production of processors was driven by the need to find their own solutions for the defense industry, where the use of domestic devices is more desirable.

The history of development

The development of the Elbrus computer architecture began in the 70s at the ITMiVT im. Lebedev. The developers were faced with the task of creating a computing system with a performance of 100 million op / s. Burtsev was engaged in the control system and computer design and became the chief designer of the project.

In 1980, "Elbrus-1" with a total capacity of 15 million op / s successfully passed state tests. It was the first computer in the Soviet Union built on the basis of TTL microcircuits. A feature of the machine was a scalable architecture that supported the simultaneous operation of up to 10 processors. The RAM reached 64 MB (220 machine words). The organization of the transfer of data streams between peripheral devices and RAM was carried out using special input-output processors. There could be about 4 such processors in the system, and they had their own memory, working in parallel with the central processor.

Elbrus-1 was used in many military systems - missile defense, Space Control Center, etc.

The next stage in the development of the Elbrus computer was the transfer of the architecture of the first model to a new element base. Thus, Elbrus-2 was born, which was based on the ELS of integrated circuits. Its productivity reached 125 million op / s. The amount of RAM has also increased - up to 144 MB. The clock frequency reached 20 MHz.

In 1985, "Elbrus-2" was put into serial production. It was applied in areas where large calculations were required. Also, the computer was actively used in the defense industry, in the Space Flight Control Center and in nuclear research centers (in Arzamas-16, in Chelyabinsk-70). Since 1991, the computer has worked in the A-135 missile defense system and at other military facilities.

Together with supercomputers, a general-purpose computer "Elbrus 1-KB" (1988) was also produced. These machines came to replace the BESM-6 with which they had full backward software compatibility. It was supplemented with a new mode of operation with increased digit capacity of numbers and addresses.

Comparative characteristics of BESM-6 and "Elbrus 1-KB"

The next was released "Elbrus-3", in which the developers for the first time implemented the "post-superscalar" approach. This computer was developed from 1986 to 1994. ITMiVT staff under the leadership of the Soviet scientist Boris Artashesovich Babayan.

Elbrus-3 was not put into mass production, but its architecture became the basis for the development of Elbrus 2000 and Elbrus-3M1 microprocessors.

The Elbrus series was highly appreciated by the Soviet leadership. Developers Babayan, Burtsev, Bardizh received awards and orders. The rest of the participants in the work were also awarded state prizes.

The era of MCST processors

The Russian company MCST was founded in 1992 on the basis of the Elbrus-3 development team. It became the legal successor of Moscow Center of SPARC Technologies LLP (hence the name MCST). The abbreviation SPARC came from the main partner of MCST, the American corporation Sun Microsystems, which promotes computers with the SPARC architecture.

MCST produced microprocessors with SPARC architecture (MCST-R100, MCST-R150, MCST-R500 and MCST-R500S) and on their basis were created computer systems. But in 2007 the processor of the same name "Elbrus" was released. The peak performance of the device in 64-bit mode reached 2.4 GFLOPS. The working clock speed was 300 MHz. The processor had 75.8 million transistors. Power dissipation 6 W.

On the basis of the processor, the Elbrus-3M1 computing complex was developed, which was used for the defense industry. This complex was provided with a secure operating system MSVS-E (Mobile System of the Armed Forces), based on Linux version 2.6.14. Elbrus-3M1 was backward compatible with the first and second Elbrus.

The computing complex had two design options - a server one, which could be used as a desktop one and in the CompactPCI version (system bus). The server version was based on the device of the UV 3M1 calculator. In the case of CompactPCI, Elbrus-3M1 occupied two modules of the Euromechanics 6U format. The execution hardware of both versions was equipped with network equipment for ultra-high-speed exchanges with similar computing systems.

In 2010, at the ChipEXPO-2010 and Softool exhibitions, the Elbrus-S crystal system was presented to the public. The number of transistors in this processor has increased - up to 218 million. Also, the clock frequency has increased up to 500 MHz and the peak performance has increased: up to 4 GFLOPS in 64-bit and up to 8 GFLOPS in 32-bit modes.

Together with Elbrus-S, a peripheral interface controller (KPI) was presented.

In 2011, MCST presented the next generation dual-core processor "Elbrus-2C +". In addition to the 2 main cores (Elbrus architecture) operating at a clock frequency of 500 MHz, there were additional 4 cores of the built-in digital signal processor (Multicore architecture) in the model. An input / output channel has been added to the processor, with the help of which it is possible to connect another KPI. Elbrus-2C + also added support for DDR2 memory with an effective frequency of 800 MHz. The processor performance has increased - up to 28 GFLOPS in 32-bit mode. The number of transistors has reached 368 million.

The developers implemented a version of the C language compiler to reproduce the code for the DSP cores and to establish efficient interaction between the main program on the CPU cores and actions on the DSP.

According to the calculations of the creators, "Elbrus-2C +" was to be used in digital intelligent signal processing systems (radars, image analyzers, etc.). But the processors turned out to be better adapted for civilian tasks. For example, the Kraftway company launched a test series of monoblock computers based on the Elbrus-2C + crystals.

Elbrus-4S processor

In April 2014 the company presented the improved Elbrus-4C quad-core processors.

Technical characteristics of "Elbrus-4S"

First of all, it is worth paying attention to the transition of the processor production to the 65 nm technological process. The clock frequency and the bandwidth of the RAM channels have also increased. These and other improvements have had a significant impact on the performance growth of the new processors. Each core is capable of executing up to 23 operations in one clock cycle. In floating point operations, the theoretical peak performance of the four cores is about 50 single precision GFLOPS and 25 double precision GFLOPS. If we compare it with the previous model "Elbrus-2C +", then in 64-bit mode it is more than three times higher. In the new processor, a more complex crystal, which contains 986 million transistors, has a useful area of 380 mm2.

MCST specialists have created their own operating system "Elbrus" specially for the released processor. The OS is based on the Linux kernel version 2.6.33. It contains over 3000 software packages (from the Debian 5.0 distribution) and a package manager. A full set of developer tools is included, including optimization compilers for high-level programming languages C, C ++, Fortran-77 and Fortran-9.

OS "Elbrus" was certified according to the second class of protection against unauthorized access and the second level of control over undeclared capabilities. But computers based on Elbrus-4C processors work with Windows versions as well.

Tandem processor and desktop

One of the company's projects was the development of the first Russian desktop computer based on the Elbrus-4C processor. It was named "AWP Elbrus-401" (where AWP stands for automated workstation). The model is designed for an office in a MiniTower standard case. But it can be used in various areas with increased requirements for information security.

The computer has a 65 nm process with a clock speed of 800 Hz, SATA-2 and USB 2.0 ports, a pre-installed 120 GB SSD with mSATA interface and support for DDR3-1600 with ECC. The base configuration offers 24GB of RAM (expandable up to 96GB). Among the architectural features of "ARM Elbrus-401" are the following: the presence of 6 parallel operating channels of arithmetic-logic devices; register file of 256 84-bit registers; hardware support for loops; support for speculative calculations and one-bit predicates; a command that can set in one cycle up to 23 operations at maximum filling. Also, the computer has an AMD Radeon 6000 series graphics card.

New generation processor - "Elbrus-8S"

The Elbrus-8S processor is being developed by MCST with the participation of the Institute of Electronic Control Machines (INEUM) named after I.S. Brooke. The architecture, circuitry and topology of the microprocessor were created by Russian specialists. The processor has eight cores with improved 64-bit Elbrus architecture. The clock speed reaches 1.3 GHz, the cache memory of the second and third levels - 4 and 16 MB. Estimated performance reaches 250 GFLOPS.

Technical characteristics of "Elbrus-8S"

The computer has its own Elbrus architecture, which was developed by ZAO MCST. Instruction vector accelerators help make encryption and signal processing faster.

The interaction of the hardware with the OS occurs through the proprietary BIOS microcode. The processor is compatible with Linux, FreeBSD, QNX, Windows XP distributions, but the recommended Elbrus operating system based on Linux 2.6.33 kernel. The use of specialized development tools (optimizing compilers from C and C ++, Fortran, Java, etc.) makes it possible to optimize the program code taking into account the Elbrus architecture.

The company is already developing utilities and ancillary components that are optimized to run on processors. These are all tools for working with the network and peripheral devices (utilities, general-purpose libraries, services, database support, graphics subsystem).

Elbrus-8S should work in tandem with KPI 2, a Russian-made peripheral interface controller.

BOOT started. BOOT E2S VERSION: release-2.13.3.0-E2S ::::::: (/tags/release-2.13.3.0-E2S at revision 3816) BUILT BY neo TARGET: mono ON Nov 2 2015 AT 18:05:37 COMPILER : lcc: 1.17.12: Nov-27-2012: e2k-linux.cross: i386-linux Thread model: posix gcc version 3.4.6 compatible. FLAGS: -DDEBUG_TEST_BOOTBLOCK ........ -DRELEASE ........
Pressing the "Space" key when the appropriate prompt appears (45 seconds after power-up), you can interrupt the automatic boot of the system kernel and get to the main commands menu, where the basic parameters of the bootloader are displayed or changed. By pressing the "Tilda" key, you can go from this menu to the command line interface, where fine tuning of the hardware is available - from setting the date and time of day to setting the operating modes of peripheral controllers and the system bus. Although the menu has an option for forced saving of parameters, changes from the command line are saved automatically; as a last resort, the settings can be reset using the jumper on the motherboard.

Log of work in the system menu(completely on Pastebin)

BOOT SETUP Press command letter, or press "h" to get help: h HELP "p" or "s" - load and Start file "c" - Change boot parameters "u" - show cUrrent parameters "d" - show Disks and partitions "m" - save params to NVRAM "b" - start Boot.conf menu "" "," ~ "- enter enhanced cmd mode:` ENHANCED CMD MODE Enter command, "help" to get help, or Esc to exit # set vga primary 1 core: 0x0, link: 0x0, bus: 0x3, slot: 0x0, func: 0x0, ven: 0x1002, dev: 0x6779, rev: 0x0, classcode: 0x30000 is selected! # boot boot # auto CPU # 00: Label "auto" found, loading parameters Trying to load and start image with following parameters: drive_number: "4" partition_number: "0" command_string: "console = tty0 root = / dev / sda3. ....... "filename:" /boot/image-033.6.57 "initrdfilename:" "CPU # 00: Reading: File -" /boot/image-033.6.57 ", Drive - 4, Partition - 0 ........
Among other things, attention is drawn to the possibility of activating and deactivating the hardware and software module of trusted loading "Echelon-E", although no board resembling traditional APMDZ is installed in the computer. It was not possible to find any intelligible information about such a device, with the exception of one note, which stated that this is a specialized version of the MDZ-Echelon product, which is entirely software development and uses standard computer hardware.

Directly from the command line, without loading the operating system, you can run tests of the correct functioning of the hardware (System of test and diagnostic programs) - either those that are stored on the disk and available for launch from the operating system, or some others: it was not possible to figure it out , since you need to specify the exact name of the executable file, and there is no documentation.

For the same reason - due to the lack of proper documentation - it was not possible to delve into the intricacies of managing the operating system bootloader, more precisely, how to load something other than the standard system. After all, the same bootloader (SILO) is used here as on computers of the SPARC architecture - and there it is not supposed to work with a foreign instruction set. The boot parameters themselves are intuitive: you need to specify the section number and the name of the file with the system kernel, as well as the arguments for starting the kernel, the name of the file with the archive of auxiliary programs ( initrd if needed), timeout waiting for user cancellation. These parameters are read from the file /boot/boot.conf in the first partition of the disk specified from the command line; several sets of parameters can be defined in the file - by default, the one specified in the directive is used default, or which has been given the name " auto". But what should be done to run operating systems for x86 or x86-64 architecture, transparent support for which is declared as one of the key features of Elbrus? Missing file boot.conf on a Windows installation disk or a popular Linux distribution can be compensated for by manual entry through the menu. How do you transfer control to a new non-Linux bootloader? How to run at least a Linux kernel if it is for x86? It was not possible to figure this out without documentation: the case invariably ended in a freeze at the moment of the transfer of control from the bootloader to the kernel.

Standard bootloader configuration (boot.conf)

Default = auto timeout = 3 label = auto partition = 0 image = / boot / image-033.6.57 cmdline = console = tty0 console = ttyS0,115200 consoleblank = 0 hardreset REBOOT root = / dev / sda3 video = DVI-D-1 : [email protected] video = VGA-1: [email protected] fbcon = map: 10
As for the standard kernels of the Elbrus operating system, the bootloader configuration file contains only one set of parameters, and they point to the default kernel. In addition to it, there are two kernels - with the suffixes " nn" and " rt": Judging by the assembly configuration of these kernels, the first means" no NUMA "(a simplified version for uniprocessor systems; why not use it on a personal computer?), And the second means" real time "(Linux kernel extensions for dispatching tasks with by execution time). Without even a superficial knowledge in these areas, the author finds it difficult to give any comments about the advantages or disadvantages of this or that alternative kernel.

Regarding PPS and PTP support

The only familiar configuration option is to enable PPS API (pulse per second) support in the kernel " rt", Which allows you to correct the course of the computer's system clock according to an external sync pulse, for example, from a GPS / GLONASS receiver or from a cesium clock, if you suddenly have one lying around. It's just not clear how exactly to set up this synchronization: unlike FreeBSD, for example, where everything starts to work as if by itself after rebuilding the kernel with the required parameter and reconfiguring NTPd to use the system discipline, in Linux, dancing with a tambourine around the utility is usually required ldattach creating a virtual PPS device based on a COM or LPT port - this requires the corresponding drivers in the kernel or in separate modules, but they are not visible here.

The built-in network card also showed no signs of hardware support for time synchronization: utility output ethtool regarding the PTP protocol indicated the absence of such functions. In any case, - when using the default kernel, which is real time, the only source of system time is the device " lt"(" Elbrus timer "?) With a resolution of 1 μs. Not that this is too crude, but modern computers are quite capable of providing quantization at the level of 25-50 ns, and regardless of the current processor frequency.

By default, the operating system starts up along with the graphical environment: it takes 12 seconds to load the kernel into memory and about 23 more before the login prompt appears, - just 80 seconds from the moment it is turned on. As already mentioned, we did not succeed in picking up the kernel arguments to run in single-user mode: when specifying “ S" or " 1 »The system still reached the 5th level, and attempts to lower the level after that using the command init crashed the system.

Since the computer has two video adapters, virtual terminals are distributed between them in turn: the first terminal opens on a discrete card, the second on the built-in controller, the third on a discrete card again, and so on. The graphical desktop, being on the seventh terminal, thus gets on a discrete video card, the performance of which does not raise any questions. I really wanted to check how responsive the desktop would be if it was brought out through the built-in controller, because it can be difficult for domestic platforms: for example, a simple redrawing of the screen using the Graphics Adapters Module (MCST's own development) can take several seconds, not just slowly , but almost like the line-by-line appearance of the splash screen in games for the ZX Spectrum, loaded from a cassette tape. Alas, no edit Xorg.conf in the image and likeness, neither the selection of kernel arguments, nor the change of the primary video adapter in the hardware settings gave the desired effect.

Curious nuance

Whereas the primary screen on the discrete graphics card is initialized in text mode, the same screen on the onboard controller is initialized in graphics mode and shows 4 processor emblems (as some Linux kernels do right after they start), but still only uses the top 25 lines of text.

By default, the kernel is started with the argument “ hardreset"Which instructs the system to perform a hard reset when the computer restarts. In the x86 world, everyone is used to this option, but alternative platforms, where cold initialization after power-on takes several minutes, may offer a quick restart of the operating system - and this really works, unlike the "lottery" with kexec from Intel / AMD. We were unable to find an argument that would be supported by the core of the Elbrus system and at the same time give the desired result.

Software

The Elbrus operating system (OS El, OSL) is standard for all MCST computers, although the MSVS 3.0 system port can also function on the SPARC platform. The official identification system for software products goes back to their decimal numbers: for example, "OS 316-10" stands for "operating system TVGI.00316-10 with the core TVGI.00315-03, which is part of the general software TVGI.00311-05". On the one hand, it looks more like alphanumeric titles than the ordinal numbers versions... On the other hand, a particular software product is usually closely related to a specific hardware product, and does not undergo significant changes during its life. However, in the file / etc / mcst_version you can see the tag "release 2.2.1", and in the pseudo file / proc / bootdata- "release 2.13.3.0". However, none of these designations appear in the user interface.

$ cat / etc / mcst_version release 2.2.1 $ cat / proc / bootdata boot_ver = "release-2.13.3.0-E2S ::::::: (/tags/release-2.13.3.0-E2S at revision 3816) built on Nov 2 2015 at 18:05:58 "mb_type =" MONOCUB "chipset_type =" IOHUB "cpu_type =" E2S "cache_lines_damaged = 0 $ cat / proc / version Linux version 2.6.33-elbrus.033.6.57 ( [email protected]) (gcc version 4.4.0 compatible) # 1 SMP Sun Oct 11 00:10:58 MSK 2015 $ uname -a Linux MONOCUB-10-XX 2.6.33-elbrus.033.6.57 # 1 SMP Sun Oct 11 00:10 : 58 MSK 2015 e2k E2S MONOCUB GNU / Linux
The kernel of the system is Linux 2.6.33, ported to the Elbrus-2000 (E2K) architecture, and in general the system is based on the Debian distribution with a selective approach to the choice of packages: for the most part there is a correspondence with the 7.0 "Wheezy" release or newer, however versions of some packages are closer to 5.0 "Lenny". According to the recent report (PDF, 172 KB), research is also being carried out on direct porting of the original distribution kit with all its variety of packages, but the same “Grandfather Lenin” is chosen as the basis. And all because it is necessary to provide backward compatibility with application and system software developed for even older versions of libraries and compilers. But why not release multiple versions of the system, on an older and newer package base, so that the consumer can choose? Probably because there is not enough demand from the target audience, and certification problems certainly play an important role.

Once installed, the system is not subject to regular updates from the official repository of MCST and immediately contains all available packages. Here are the versions of some of the more significant ones (with the exception of the development tools discussed in the next part of the article):

office tools: abiword 2.8.6, evince 2.32.0, geeqie 1.1, gimp 2.6.12, gnumeric 1.10.0, graphviz 2.32.0, mtpaint 3.40, xsane 0.998;
Internet media: dillo 3.0.3, firefox 3.6.28, links 2.2, linphone 3.5.2, lynx 3.81, thunderbird 3.1.20, sylpheed 2.7.0;
cryptography: gnutls 3.1.22, openssl 0.9.8zc, openvpn 2.2.2;
multimedia: ffmpeg 1.0, mplayer 1.1.1;
text editors: ed 1.7, leafpad 0.8.17, vim 7.3 + gvim 7.3;
file managers: mc 4.7.0.8, thunar 1.4.0;
command interpreters: bash 4.2.53, pdksh 5.2.14, tcsh 6.18.01, zsh 5.0.2;
services: openssh 6.1p1, httpd 2.4.3, postgresql 9.2.3 + slony1 2.2.0, zeromq 2.1.11;
package managers: apt 0.9.7.9, aptitude 0.6.8.2, dpkg 1.16.10, pkgtools 13.1.

In total, the package manager contains 679 entries, which is ten times less than the original Debian pool, but it should be borne in mind that not all actually installed software is packaged: for example, the system actually has a virtual machine and a Java development kit, but the package manager does not this is not in the know.

The only graphical desktop environment is Xfce 4.10. Surprisingly, in the domestic operating system, the newly created user profiles are set to English by default, and in the program menu there are no shortcuts for setting switching keyboard layouts, and the indicator of the current layout is also nowhere to be seen. However, experienced users know that domestic Linux-based operating systems usually try to copy the "best" traditions of Windows: working as root and switching layouts using Alt + Shift.

Xfce desktop (sample view)

Update as of 02/09/2016. The comments suggest that the function of taking screenshots is available in the graphics editor GIMP - a fair remark, but for this you need to be an experienced user of this program; the author, although he performed the processing of all illustrations for this article in GIMP, does not belong to such connoisseurs. As for taking screenshots using command line utilities, either available or assembled on their own, this method was not considered due to its low friendliness to an ordinary user.

As already mentioned, we were unable to run at least some third-party operating system compiled for the x86 or x86-64 architecture due to lack of documentation. Attempts to launch a custom application compiled for Linux x86-64 directly from the Elbrus command line were also unsuccessful. There is no WinAPI emulation layer and PE binaries in the system, and in order to build WinE yourself from the source code, you need to port architecture-dependent code sections. The Qemu emulator is also not included in the standard delivery, but it is more or less successfully assembled (with the parameters ‑‑Enable-tcg-interpreter ‑‑disable-werror) and it seems it even works in variants i386-softmmu, x86_64-softmmu, sparc-softmmu, sparc64-softmmu; porting is however required for "applied" options * -linux-user... Obviously, the creators of the Elbrus binary broadcast technology did not mean this at all when they talked about x86 hardware emulation, so we did not see any point in testing Qemu's performance - and it is so clear that it would be slow and sad.

Returning to the topic of standard software, we would venture to suggest that a typical user of this system is unlikely to feel left out, since he will either have to solve problems in specialized third-party programs, or create simple documents in office suites, scan and print - and for this, few people need the latest versions. The only exception here, perhaps, is the web browser: the simplest Dillo and text Lynx / Links do not claim anything, but Firefox 3.6 is, although not 1.5 from the WSWS 3.0, it is still hopelessly old for modern sites. This version is not supported, for example, by Yandex and Google maps (unlike OSM and Bing), Google Docs; you will see only the header of the Intel sites, Mail.ru and Sberbank. And, of course, in the absence of built-in support for HTML Video and the Flash plug-in, you will not be able to watch videos on any site, be it a foreign YouTube with a report on the launch of Doom 3 on Elbrus 401-PC or the ideologically correct Kremlin.ru with speeches by the Supreme commander-in-chief. Apparently, this is also not considered a disadvantage, since a typical scenario for using such computers is access to internal, specially designed sites in a closed network of an enterprise or department.

Internet access attempts(The word "Namoroka" in the screenshots is not another rebranding of Firefox for Debian, but just the codename for version 3.6)

But after all, a software update serves not only to expand functionality, but also removes serious bugs and vulnerabilities - what about that? Apparently, the ideologues of information security believe that since there is no external access to the private network, and internal users who have physical access to their computers will not deliberately take malicious actions or connect dubious data carriers through negligence, then there is nothing to worry about. As a last resort, if a bug bothers you very much, and you want to talk about it, MCST has its own bugzilla with a login and tickets, in the sense that without a login you will not get there, and you will only see tickets their own, even if the problem has already been discussed a thousand times with other clients and a solution has been found long ago.

Hello everyone. For a long time I already did, and so I decided to return to this topic again.

Over the years, a lot of things have changed - assemblies for schools are slowly developing, and new versions even appear there, ROSA and ASTRA came out (if they turn out to be of interest to me, I will write a reviewer), which live their own lives on x86, and there is even a video download Elbrus computer with MCST-shny processor with this very Elbrus OS.
However, this most gloomy computer is produced exclusively for the internal needs of the state, it is not compatible with the x86 / x64 architecture (the declared emulation mode is x86, but it has not been particularly tested), the documentation for it is also very sparse, with large distro builders such as Debian / red-khat / There is no special cooperation between netbzd, all the more it is not on the open sale, and due to the small volumes of batches, the price tag for it is extremely inhumane.

And so that the insidious Western intelligence services were completely withering out of boredom, the developers decided to port the software there entirely on their own, slowly recompiling it for the Elbrus architecture and heroically fighting bugs, at the same time certifying this wonderful software in the FSB and other involved structures, which significantly delays the process adopting such a system.

Well, for the test even a couple of years ago we were able to launch a third Duma member there, which is a very decent achievement for such a long-term drny like Elbrus.

However, all this refers to his native architecture, which few people had to see "in hardware". It was all the more interesting for me to pick one extremely amusing installation image containing this very "Elbrus-OS", but for x86-64. It works quite well in a virtual machine, and I was extremely curious to see it.

So, the image weighing a little less than 2.5 GB, with this very magical "OS Elbrus" inside. I did not find it on the developer's website, perhaps this is due to its state of a long beta version and incompleteness. I stumbled upon it by accident, raking an archive of old files from one familiar alien =)

Let's try to deliver.
Immediately an important note - the system is installed entirely and completely, it takes up under 8 GB unpacked, so we immediately make the size of the VM disk at least 10 GB.
First greetings from the installer:

Everything is trivial and familiar here, let's see the boot options:

Nothing unusual either, the kernel and the initrd image are launched, and after just a couple of seconds we see the first installer window:

The installer itself is in ASCII graphics, and that's good, debian and fryakha use the same type of interface. Who tried to install Fedora with her native Python installer on a system with a small amount of memory, they will understand me. Installing over the network does not suit us, I do not have a repository from it, so we install it by default. In case of an error, the installer falls out into the shell, so we read carefully what it writes to us. Partitioning the disk:

The interface for manual partitioning is terrible (a bunch of dialogs like enter a value - next, one mistake - start over), so on a virtual machine, the simplest thing is to give the entire disk to the system to be torn apart.
The / boot directory must be in a separate section, but swap is optional.

The first time I allocated too little space (I did not know that the OS was installed ALL and all at once):

And after a short unpacking:

The installer dropped out:

Notifying about the lack of free space. Perhaps in future versions this will be corrected by adding a check for the size of the partition at an earlier stage. However, this is not critical at all.

I made a new 12 GB disk instead of 8 and after repeating the same steps, proceeded to configure the network:

As in any Linux, here the network rises too easily and without problems.

This is the first step in the installation. After that, we reboot, remove the boot disk, and Elbrus-os, already loaded from the hard disk, will begin the second stage of installing the software and generating the initial configs.
After creaking the disk for a few minutes, the system will immediately offer to log in. By default, no users are created, password login with root via SSH is allowed. Although by 2017 it seemed like they decided that by default in sshd_config it is better to either turn off root entry or allow only by keys =).

What turned out to be inside? In order not to produce unnecessary screenshots, I made access via ssh (authorization on keys is supported) and just give some outputs of the standard commands.

Elbrus ~ # uname -a
Linux Elbrus 2.6.33-elbrus.033.6.61 # 1 SMP Thu Nov 19 12:07:06 MSK 2015 x86_64 Intel (R) Core (TM) 2 Duo CPU E6850 @ 3.00GHz GenuineIntel GNU / Linux

Kernel 2.6.33 (older versions were on 2.6.14, or even on the 2.4th branch in general), but this kernel fulfills its tasks, and certification of such heavy software as OS kernels is a long and sad business.

Elbrus ~ # ls / etc | grep release
Elbrus ~ # ls / etc | grep version
mcst_version
Elbrus ~ # cat / etc / mcst_version
release 2.3-rc5

The os-release file is missing.

Elbrus ~ # openssl version
LibreSSL 2.1.7
The system cryptographic is already LibreSSL, but of the old version (2.4.5 is currently relevant, but certification does not allow changing versions so easily). Perhaps there are fresher versions in new builds, but I have not seen these builds yet.

Elbrus ~ # openssl ciphers | grep —color GOST
GOST2001-GOST89-GOST89
GOST2012256-GOST89-GOST89
Domestic cryptography is in place.

Elbrus ~ # which gpg
which: no gpg in (/ opt / mcst / bin: / bin: / sbin: / usr / sbin: / usr / bin: / usr / local / bin)
But the second most important component is missing. As far as I suppose, the Russian military has its own crypto-solutions for direct use, and the procedure for updating the system itself is not provided - the installed system is transferred to "remount / ro", filled with cast iron, and is used on a nuclear missile, so they do not check the signatures of the packages. what =)
Or perhaps the OS is just in the process of transfer / certification, and this important utility will be added.

Elbrus ~ # df -h | grep sd
/ dev / sda3 9.9G 8.2G 1.2G 88% /
/ dev / sda1 1008M 61M 897M 7% / boot
/ dev / sda4 12G 159M 12G 2% / export

8.2 GB of space is taken up at the root. For a freshly installed system, this is VERY much, but if you remember that all the software that they managed to transfer at the time of release goes there at once, the figure becomes clear.

Elbrus ~ # env | grep LC
LC_PAPER = C
LC_ADDRESS = C
LC_MONETARY = ru_RU.KOI8-R
LC_NUMERIC = ru_RU.KOI8-R
LC_TELEPHONE = C
LC_MESSAGES = ru_RU.KOI8-R
LC_IDENTIFICATION = C
LC_COLLATE = ru_RU.KOI8-R
LC_MEASUREMENT = C
LC_CTYPE = ru_RU.KOI8-R
LC_TIME = ru_RU.KOI8-R
LC_NAME = ru_RU.KOI8-R

For Russian text, it is proposed to use the shamelessly outdated single-byte KOI-8 encoding. It's fucked up, comrades =) Yes, we remember about the old software, compatibility, pearl scripts and documents from Word 3.0, but KOI-8 is in any case beyond good and evil.
Although if you write LANG = ru_RU.UTF8 and run the same midnight or any command with localized output (df -h) - everything is ok, UTF-8 is present here.

Fucked up by such a user-friendly, we edit the config:
Elbrus / etc / X11 / xinit # mcedit xinitrc

Log of work in the system menu(completely on Pastebin)

Standard bootloader configuration (boot.conf)

Regarding PPS and PTP support

Curious nuance

Software

office tools: abiword 2.8.6, evince 2.32.0, geeqie 1.1, gimp 2.6.12, gnumeric 1.10.0, graphviz 2.32.0, mtpaint 3.40, xsane 0.998;
Internet media: dillo 3.0.3, firefox 3.6.28, links 2.2, linphone 3.5.2, lynx 3.81, thunderbird 3.1.20, sylpheed 2.7.0;
cryptography: gnutls 3.1.22, openssl 0.9.8zc, openvpn 2.2.2;
multimedia: ffmpeg 1.0, mplayer 1.1.1;
text editors: ed 1.7, leafpad 0.8.17, vim 7.3 + gvim 7.3;
file managers: mc 4.7.0.8, thunar 1.4.0;
command interpreters: bash 4.2.53, pdksh 5.2.14, tcsh 6.18.01, zsh 5.0.2;
services: openssh 6.1p1, httpd 2.4.3, postgresql 9.2.3 + slony1 2.2.0, zeromq 2.1.11;
package managers: apt 0.9.7.9, aptitude 0.6.8.2, dpkg 1.16.10, pkgtools 13.1.

Xfce desktop (sample view)

Internet access attempts(The word "Namoroka" in the screenshots is not another rebranding of Firefox for Debian, but just the codename for version 3.6)

Mtsst: elbrus real-time operating system srv elbrus. Elbrus operating system and Elbrus microprocessors in onboard real-time systems Evgeniy Kravtsunov, Konstantin Trushkin

⇡

⇡

⇡ ROSALinux

⇡

⇡ "Ulyanovsk.BSD »

⇡ Alfa OS

⇡ "EdOS "

⇡ GosLinux ("GosLinux")

⇡

⇡ Armed Forces Mobile System (MSVS)

⇡ "Zarya"

⇡ WTware

⇡ KasperskyOS

⇡ As a conclusion

The history of development

The era of MCST processors

Elbrus-4S processor

Tandem processor and desktop

New generation processor - "Elbrus-8S"

Software

Software

Top related articles