quic / gunyah-hypervisor

Gunyah is a Type-1 hypervisor designed for strong security, performance and modularity.
Other
313 stars 58 forks source link

Qualcomm Innovation Center

Gunyah Hypervisor

Gunyah is a high performance, scalable and flexible hypervisor built for demanding battery powered, real-time, safety and security use cases.

The Gunyah Hypervisor open source project provides a reference Type-1 hypervisor configuration suitable for general purpose hosting of multiple trusted and dependent VMs.

Gunyah Origins

Gunyah is an Australian Aboriginal word. See: https://en.wiktionary.org/wiki/gunyah

The Gunyah Hypervisor was developed by Qualcomm in Sydney Australia.

Type-1 Hypervisor Concept

Gunyah is a Type-1 hypervisor, meaning that it runs independently of any high-level OS kernel such as Linux and runs in a higher CPU privilege level than VMs. It does not depend on any lower-privileged OS kernel/code for its core functionality. This increases its security and can support a much smaller trusted computing base than a Type-2 like hosted-hypervisors.

Gunyah's design principle is not dissimilar to a traditional microkernel in that it provides only a minimal set of critical services to its clients, and delegates the provision of non-critical services to non-privileged (or less-privileged) processes, wherever this is possible without an adverse impact on performance or security.

The hypervisor uses the CPU's virtualization mode and features to isolate itself from OS kernels in VMs and isolate VMs from each other. On ArM, this includes trapping and emulating registers as required, virtualizing core platform devices, Arm's GIC virtualization support, and the CPU's Stage-2 MMU to provide isolated VMs in EL1/0.

Why Gunyah

Features

Platform Support

Gunyah is architected to support multiple CPU architectures, so its core design ensures architecture independence and portability in non-architecture specific areas.

Gunyah currently supports the ARM64 (ARMv8+) architecure, it uses AArch64 EL2 in VHE mode by default.

We have developed an initial port of Gunyah to the QEMU Arm System emulator. Note QEMU v7+ is recommended. Additional platforms are expected to be supported in future contributions.

Getting Started

Resources

Contributions

Thank you for your interest in contributing to Gunyah!

Please read our Contributions Page for more information on contributing features or bug fixes.

Team

Gunyah was developed by Qualcomm and aims to be an open and community supported project.

Check out the AUTHORS for major contributors.

License

Gunyah is licensed on the BSD 3-clause "New" or "Revised" License. Check out the LICENSE for more details.