針對上述問題,本研究提出 Bakery —— 一套部署於 KVM 虛擬化環境中、針對 ARM SoC 上整合式 GPU 所設計的代理式授權架構(A Proxy-Based Authorization Architecture for Integrated GPUs on ARM SoCs in KVM Virtualized Environments)。Bakery 結合 KVM 虛擬化與 ARM Trusted Firmware,並於最高特權層級(Exception Level 3, EL3)執行授權。我們於 Rock Pi 4B 平台上實作 Bakery 原型,並以 OpenCL 工作負載進行實驗驗證。實驗結果顯示,Bakery 可在不修改 GPU 任務排程與記憶體機制的前提下,使 KVM 虛擬化環境中順利使用 GPU,且不受特定型號限制,同時具備 GPU 命令授權能力。系統維持良好相容性,展現實際部署潛力。;With the growing demand for edge computing and high-performance embedded systems, ARM SoCs integrated with GPUs are widely used in fields such as mobile devices and smart cities. However, using such GPU resources in virtualized environments still faces challenges, including the difficulty of applying existing GPU virtualization technologies to SoC architectures, high hardware dependency, complex deployment architecture, and the lack of effective protection for GPU command authorization and execution processes.
To address the above challenges, this study proposes \textbf{Bakery} — a proxy-based authorization architecture for integrated GPUs on ARM SoCs in KVM virtualized environments. Bakery combines KVM virtualization with ARM Trusted Firmware and performs authorization at EL3. A prototype of Bakery was implemented on the Rock Pi 4B platform and evaluated using Open Computing Language (OpenCL) workloads. Experimental results show that Bakery enables GPU usage in KVM virtualized environments without modifying GPU task scheduling or memory mechanisms, is not limited to specific models, and provides GPU command authorization capabilities. The system maintains Compatibility and Integration Readiness, demonstrating its potential for practical deployment.
