Insane Rambles About Technology

Itanium Emulator Documentation

About

Itanium Emulator Documentation

This document contains the original notes I took while working on my Itanium Shellcode project. I strongly suggest you read that article first if you haven’t already, unless you already know why you’re here.

After following these instructions you should be set up with the Ski Itanium emulator running a Gentoo image with any packages you choose. As examples I include gdb, strace and vim.

Note that they assume the presence of systemd for easily spawning the chroot, but other than that it should be fairly distro-agnostic.

# Making an Itanium development environment

This document describes how to create a fully functional emulated development environment for an ia64 CPU, complete with GCC, GDB, Vim and basically anything else you'd need.

A vast majority of the credit for this system goes to Sergei Trofimovich. Most of the following is copied directly from his website (https://slyfox.uni.cx/~slyfox/ia64/NOTES.ia64) in order to make sure its contents are preserved.

xxc3nsoredxx (https://github.com/xxc3nsoredxx/) provided the instructions for cross-compiling programs on Gentoo.

- bootstrap ia64 chroot on gentoo:
  - Pick stage3 from https://www.gentoo.org/downloads/:
    $ wget https://bouncer.gentoo.org/fetch/root/all/releases/amd64/autobuilds/20220501T170547Z/stage3-amd64-systemd-20220501T170547Z.tar.xz
  - unpack it into gentoo/:
    $ mkdir gentoo
    $ cd gentoo
    $ sudo tar -xpf ../stage3-amd64-systemd-20220501T170547Z.tar.xz
    $ cd ..
  - set default root password in a chroot:
    $ sudo chroot gentoo /bin/bash
    $ /bin/nano /etc/security/passwdqc.conf
    # set 'enforce=none' to set simple insecure password like '1'
    $ /bin/passwd
    $ exit
  - enter chroot with network available and init started:
    $ sudo systemd-nspawn --property=DeviceAllow='block-loop rmw' --boot --directory=gentoo --capability=CAP_NET_ADMIN /bin/bash
    # user: root; password: set above (i use '1')
  - pull gentoo packages:
    # emerge --sync
  - enable unstable packages:
    # echo 'ACCEPT_KEYWORDS="$ARCH ~$ARCH"' >> /etc/portage/make.conf
  - install ski:
    # emerge ski
  - create overlay and install cross-toolchains to build kernel:
    # emerge crossdev
    # mkdir /etc/portage/repos.conf
    # mkdir /var/db/repos/crossdev
    # crossdev -t ia64-unknown-linux-gnu --ov-output /var/db/repos/crossdev
  - get and build hpsim kernel:
    # emerge bc
    # wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.241.tar.xz
    # tar -xf linux-4.19.241.tar.xz
    # cd linux-4.19.241
    # ARCH=ia64 CROSS_COMPILE=ia64-unknown-linux-gnu- make defconfig sim_defconfig
    # ARCH=ia64 CROSS_COMPILE=ia64-unknown-linux-gnu- make -j$(nproc)
    # cd ..
  - prepare root filesystem based on ia64's stage3 suitable for ski:

NOTE: Be sure to pull the latest version! This one, for instance, is outdated.

    # wget https://bouncer.gentoo.org/fetch/root/all/releases/ia64/autobuilds/20220420T025349Z/stage3-ia64-systemd-20220420T025349Z.tar.xz
    # dd of=sdc if=/dev/zero bs=512 count=10485760 #5G
    # /sbin/mke2fs sdc
    # mkdir mnt

NOTE: You may have to exit the chroot and do this on the host.

    # mknod /dev/loop0 b 7 0
    # mount -t ext2 -oloop sdc ./mnt
    # cd mnt
    # tar -xpf ../stage3-ia64-systemd-20220420T025349Z.tar.xz

Compiling GDB:
# mkdir /usr/ia64-unknown-linux-gnu/etc/portage/package.use
# echo "sys-devel/gdb -python" > /usr/ia64-unknown-linux-gnu/etc/portage/package.use/gdb
# ARCH=ia64 emerge-ia64-unknown-linux-gnu sys-devel/gdb

Compiling strace, vim, and most other tools in a similar manner:
Note: contrary to trofi's article on the subject, strace DOES in fact work at the time of writing
# ARCH=ia64 emerge-ia64-unknown-linux-gnu dev-util/strace
# ARCH=ia64 emerge-ia64-unknown-linux-gnu app-editors/vim


NOTE: If you want the other packages you build to show up inside the VM (see below), do this now: 
# cp -r ../../usr/ia64-unknown-linux-gnu/ usr/

    # # ignore dev creation failures
    # cd ..
    # umount mnt
  - run ia64 machine:
    # bski -noconsole linux-4.19.241/arch/ia64/hp/sim/boot/bootloader linux-4.19.241/vmlinux root=/dev/sda simscsi=./sd simeth=eth0 init=/bin/bash PATH=/bin rw
    loading linux-4.19.241/vmlinux...
    starting kernel...
    Linux version 4.19.241 (root@gentoo) (gcc version 11.3.0 (Gentoo 11.3.0 p4)) #1 SMP PREEMPT Tue May 3 23:52:46 BST 2022
    ...

- update /etc/profile
- vim and ski seem to interact in such a way that it spews garbage when first opening a file.
- escape codes (arrow keys etc.) can be input by first pressing escape
- to undo the garbage, press escape twice and press 'u'.
# /usr/ia64-unknown-linux-gnu/usr/bin/vim /etc/profile
- append these lines:
export PATH=/usr/ia64-unknown-linux-gnu/usr/bin:$PATH
mount -t proc proc /proc

- Run this every time you boot the system
# source /etc/profile

    root@(none) / # uname -a
    Linux (none) 4.19.241 #1 SMP PREEMPT Tue May 3 23:52:46 BST 2022 ia64 McKinley HP Ski Simulator GNU/Linux
    root@(none) / # cat /proc/cpuinfo
    processor  : 0
    vendor     : HP Ski Simulator
    arch       : IA-64
    family     : 31
    model      : 0
    model name : McKinley
    revision   : 0
    archrev    : 0
    features   : branchlong, 16-byte atomic ops
    cpu number : 0
    cpu regs   : 4
    cpu MHz    : 2.000
    itc MHz    : 2.000000
    BogoMIPS   : 1.23
    siblings   : 1