Skip to content

cappsule/cappsule-hypervisor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
common
common
 
 
guest
guest
 
 
host
host
 
 
include
include
 
 
scripts
scripts
 
 
trusted
trusted
 
 
.gitignore
.gitignore
 
 
AUTHORS
AUTHORS
 
 
COPYING
COPYING
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Cappsule's hypervisor

This repository is part of Cappsule, and contains the hypervisor. Please refer to the documentation for more information.

Overview

CPU and memory are virtualized thanks to hardware virtualization technology (Intel VT-x and EPT). During the launch of the hypervisor, the running OS is bluepilled and a snapshot of the memory is done.

The hypervisor supports 2 kinds of VM:

  • the trusted guest (1 instance): this is the bluepilled OS, which has no restrictions.
  • the cappsules (0 to n instances): no access to the hardware is allowed, and the memory is a copy-on-write version of the snapshot.

In order to operate, Cappsule needs to insert 2 kernel modules (cappsule.ko and cappsule_guest.ko). A userland daemon (in the userland repository) is responsible of the communication between userland and the kernel module.

Architecture

  • common/: code shared between trusted guest / host / cappsule.
  • guest/: cappsules. This code is considered unsafe and is not trusted by the hypervisor. This code is executed in VMX non-root mode.
  • host/: hypervisor. This code is executed in VMX root mode.
  • include/: everything under cuapi/ can be included both from the hypervisor and the userland repositories.
  • trusted/: trusted guest. This code is executed in VMX non-root mode, but is trusted by the hypervisor.

About

No description, website, or topics provided.

Resources

Readme

License

GPL-2.0 license
Activity

Stars

85 stars

Watchers

12 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages