quic/gunyah-hypervisor quic/gunyah-hypervisor

  • Stars
    star
    267
  • Rank 152,766 (Top 4 %)
  • Language
    C
  • License
    Other
  • Created over 3 years ago
  • Updated 9 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
quic/gunyah-hypervisor
github

quic

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Gunyah is a Type-1 hypervisor designed for strong security, performance and modularity.

Qualcomm Innovation Center

Gunyah Hypervisor

Gunyah is a high performance, scalable and flexible hypervisor built for demanding battery powered, real-time, safety and security use cases.

The Gunyah Hypervisor open source project provides a reference Type-1 hypervisor configuration suitable for general purpose hosting of multiple trusted and dependent VMs.

Gunyah Origins

Gunyah is an Australian Aboriginal word. See: https://en.wiktionary.org/wiki/gunyah

The Gunyah Hypervisor was developed by Qualcomm in Sydney Australia.

Type-1 Hypervisor Concept

Gunyah is a Type-1 hypervisor, meaning that it runs independently of any high-level OS kernel - such as Linux, and runs in a higher CPU privilege level than VMs. It does not depend on any lower-privileged OS kernel/code for its core functionality. This increases its security and can support a much smaller trusted computing base than a Type-2 like hosted-hypervisors.

Gunyah's design principle is not dissimilar to a traditional microkernel in that it provides only a minimal set of critical services to its clients, and delegates the provision of non-critical services to non-privileged (or less-privileged) processes, wherever this is possible without an adverse impact on performance or security.

The hypervisor uses the CPU's virtualization mode and features to isolate itself from OS kernels in VMs and isolate VMs from each other. On ArM, this includes trapping and emulating registers as required, virtualizing core platform devices, Arm's GIC virtualization support, and the CPU's Stage-2 MMU to provide isolated VMs in EL1/0.

Why Gunyah

  • Strong security: Mobile payments, secure user-interface, and many more security sensitive use-cases all require strong security. Gunyah's design is suited to providing strong isolation guarantees and its small size is conducive to audit.
  • Performance: Mobile devices are particularly demanding. Battery powered devices demand low software overheads to get the most performance per-watt. Gunyah is designed to have high performance with minimal impact to high-level operating systems.
  • Modularity: The hypervisor is designed to be modular, allowing customization and enhancement by swapping out module implementations and adding new feature via new modules.

Features

  • Threads and Scheduling: The scheduler schedules virtual CPUs (VCPUs) on physical CPUs and enables time-sharing of the CPUs.
  • Memory Management: Gunyah tracks memory ownership and use of all memory under its control. Memory partitioning between VMs is a fundamental security feature.
  • Interrupt Virtualization: All interrupts are handled in the hypervisor and routed to the assigned VM.
  • Inter-VM Communication: There are several different mechanisms provided for communicating between VMs.
  • Device Virtualization: Para-virtualization of devices is supported using inter-VM communication. Low level system features and devices such as interrupt controllers are supported with emulation where required.

Platform Support

Gunyah is architected to support multiple CPU architectures, so its core design ensures architecture independence and portability in non-architecture specific areas.

Gunyah currently supports the ARM64 (ARMv8+) architecure, it uses AArch64 EL2 in VHE mode by default.

We have developed an initial port of Gunyah to the QEMU Arm System emulator. Note QEMU v7+ is recommended. Additional platforms are expected to be supported in future contributions.

Getting Started

Resources

Contributions

Thank you for your interest in contributing to Gunyah!

Please read our Contributions Page for more information on contributing features or bug fixes.

Team

Gunyah was developed by Qualcomm and aims to be an open and community supported project.

Check out the AUTHORS for major contributors.

License

Gunyah is licensed on the BSD 3-clause "New" or "Revised" License. Check out the LICENSE for more details.

More Repositories

1

aimet

AIMET is a library that provides advanced quantization and compression techniques for trained neural network models.
Python
2,016
star
2

sense

Enhance your application with the ability to see and interact with humans using any RGB camera.
Python
731
star
3

ai-hub-models

The Qualcomm® AI Hub Models are a collection of state-of-the-art machine learning models optimized for performance (latency, memory etc.) and ready to deploy on Qualcomm® devices.
Python
345
star
4

aimet-model-zoo

Python
284
star
5

sample-apps-for-robotics-platforms

C
113
star
6

AFLTriage

Rust
109
star
7

snapdragon-gsr

GLSL
94
star
8

qidk

C
74
star
9

adreno-gpu-opengl-es-code-sample-framework

This repository contains an OpenGL ES Framework designed to enable developers to get up and running quickly for creating sample content and rapid prototyping. It is designed to be easy to build and have the basic building blocks needed for creating an Android APK with OpenGL ES functionality, input system, as well as other helper utilities for loading resources, etc. This Framework has been extracted and is a subset of the Adreno GPU SDK.
C++
58
star
10

cloud-ai-sdk

Qualcomm Cloud AI SDK (Platform and Apps) enable high performance deep learning inference on Qualcomm Cloud AI platforms delivering high throughput and low latency across Computer Vision, Object Detection, Natural Language Processing and Generative AI models.
Jupyter Notebook
47
star
11

adreno-gpu-vulkan-code-sample-framework

This repository contains a Vulkan Framework designed to enable developers to get up and running quickly for creating sample content and rapid prototyping. It is designed to be easy to build and have the basic building blocks needed for creating an Android APK with Vulkan functionality, input system, as well as other helper utilities for loading resources, etc.
C++
43
star
12

upstream-wifi-fw

39
star
13

efficient-transformers

This library empowers users to seamlessly port pretrained models and checkpoints on the HuggingFace (HF) hub (developed using HF transformers library) into inference-ready formats that run efficiently on Qualcomm Cloud AI 100 accelerators.
Python
33
star
14

qca-sdk-nss-fw

28
star
15

qbox

Qbox
C++
26
star
16

sense-iOS

Enhance your iOS app with the ability to see and interact with humans using the RGB camera.
Swift
20
star
17

toolchain_for_hexagon

Shell
18
star
18

vasp

VASP is a framework to simulate attacks on V2X networks. It works on top of the VEINS simulator.
C++
18
star
19

lid

License Identifier
Python
14
star
20

software-kit-for-qualcomm-cloud-ai-100

Software kit for Qualcomm Cloud AI 100
C++
14
star
21

vdds

Highly-optimized intra-process PubSub library with DDS-like interface
C++
13
star
22

gunyah-resource-manager

A Root VM supporting virtualization with the Gunyah Hypervisor.
C
13
star
23

fastrpc

C
13
star
24

ai-engine-direct-helper

C++
12
star
25

comment-filter

A Python library and command-line utility that filters comments from a source file
Python
10
star
26

gunyah-c-runtime

A small C runtime for bare-metal VMs on the Gunyah Hypervisor.
C
10
star
27

software-kit-for-qualcomm-cloud-ai-100-cc

Software kit for Qualcomm Cloud AI 100 cc
C++
9
star
28

android-on-snapdragon

Sample code for 3rd party developers working on Android On Snapdragon
Java
8
star
29

iodme

IODME (IO Data Mover Engine) is a library, and some tools, for optimizing typical IO operations that involve copying / moving data between memory and file descriptors.
C++
7
star
30

autopen

Autopen is an open-source toolkit designed to assist security analysts, manufacturers, and various professionals to detect potential vulnerabilities in vehicles.
Python
7
star
31

qccsdk-qcc711

C
7
star
32

license-text-normalizer

License Text Normalizer
Python
6
star
33

startupkits

Platform Documentation - a collection of documentations (user guides) for startup-kits published on QDN (https://developer.qualcomm.com/hardware/startup-kits)
6
star
34

gunyah-support-scripts

Shell
6
star
35

license-text-normalizer-js

License Text Normalizer (JavaScript)
TypeScript
5
star
36

quic.github.io

Landing page for QuIC GitHub
SCSS
4
star
37

aimet-pages

AIMET GitHub pages documentation
HTML
4
star
38

musl

musl libc fork for Hexagon support
C
4
star
39

bstruct-mininet

Python
4
star
40

snapdragon-game-plugins-for-unreal-engine

4
star
41

lockers

The lockers package contains various locking mechanism and building blocks.
Shell
4
star
42

sshash

Library and tools for hashing sensitive strings in ELF libraries and executables
C++
4
star
43

game-assets-for-adreno-gpu-code-samples

Game assets for Adreno GPU code samples
3
star
44

lsbug

lsbug - A collection of Linux kernel tests for arm64 servers
Python
3
star
45

.github

QuIC GitHub organization action templates and config
C
3
star
46

wifi-commonsys

Java
3
star
47

mink-idl-compiler

Rust
3
star
48

ghe-policy-check

Python
2
star
49

wos-ai-plugins

C++
2
star
50

quic-usb-drivers

C
2
star
51

vsf-service

Python
2
star
52

hexagonMVM

Assembly
2
star
53

tps-location-sdk-android

1
star
54

tps-location-sdk-native

HTML
1
star
55

tps-location-quick-start-android

Java
1
star
56

sample-apps-for-qualcomm-linux

C++
1
star
57

tps-location-quick-start-native

C++
1
star
58

cloud-ai-sdk-pages

1
star