• Stars
    star
    302
  • Rank 138,030 (Top 3 %)
  • Language
    C
  • License
    Other
  • Created over 3 years ago
  • Updated 10 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Gunyah is a Type-1 hypervisor designed for strong security, performance and modularity.

Qualcomm Innovation Center

Gunyah Hypervisor

Gunyah is a high performance, scalable and flexible hypervisor built for demanding battery powered, real-time, safety and security use cases.

The Gunyah Hypervisor open source project provides a reference Type-1 hypervisor configuration suitable for general purpose hosting of multiple trusted and dependent VMs.

Gunyah Origins

Gunyah is an Australian Aboriginal word. See: https://en.wiktionary.org/wiki/gunyah

The Gunyah Hypervisor was developed by Qualcomm in Sydney Australia.

Type-1 Hypervisor Concept

Gunyah is a Type-1 hypervisor, meaning that it runs independently of any high-level OS kernel - such as Linux, and runs in a higher CPU privilege level than VMs. It does not depend on any lower-privileged OS kernel/code for its core functionality. This increases its security and can support a much smaller trusted computing base than a Type-2 like hosted-hypervisors.

Gunyah's design principle is not dissimilar to a traditional microkernel in that it provides only a minimal set of critical services to its clients, and delegates the provision of non-critical services to non-privileged (or less-privileged) processes, wherever this is possible without an adverse impact on performance or security.

The hypervisor uses the CPU's virtualization mode and features to isolate itself from OS kernels in VMs and isolate VMs from each other. On ArM, this includes trapping and emulating registers as required, virtualizing core platform devices, Arm's GIC virtualization support, and the CPU's Stage-2 MMU to provide isolated VMs in EL1/0.

Why Gunyah

  • Strong security: Mobile payments, secure user-interface, and many more security sensitive use-cases all require strong security. Gunyah's design is suited to providing strong isolation guarantees and its small size is conducive to audit.
  • Performance: Mobile devices are particularly demanding. Battery powered devices demand low software overheads to get the most performance per-watt. Gunyah is designed to have high performance with minimal impact to high-level operating systems.
  • Modularity: The hypervisor is designed to be modular, allowing customization and enhancement by swapping out module implementations and adding new feature via new modules.

Features

  • Threads and Scheduling: The scheduler schedules virtual CPUs (VCPUs) on physical CPUs and enables time-sharing of the CPUs.
  • Memory Management: Gunyah tracks memory ownership and use of all memory under its control. Memory partitioning between VMs is a fundamental security feature.
  • Interrupt Virtualization: All interrupts are handled in the hypervisor and routed to the assigned VM.
  • Inter-VM Communication: There are several different mechanisms provided for communicating between VMs.
  • Device Virtualization: Para-virtualization of devices is supported using inter-VM communication. Low level system features and devices such as interrupt controllers are supported with emulation where required.

Platform Support

Gunyah is architected to support multiple CPU architectures, so its core design ensures architecture independence and portability in non-architecture specific areas.

Gunyah currently supports the ARM64 (ARMv8+) architecure, it uses AArch64 EL2 in VHE mode by default.

We have developed an initial port of Gunyah to the QEMU Arm System emulator. Note QEMU v7+ is recommended. Additional platforms are expected to be supported in future contributions.

Getting Started

Resources

Contributions

Thank you for your interest in contributing to Gunyah!

Please read our Contributions Page for more information on contributing features or bug fixes.

Team

Gunyah was developed by Qualcomm and aims to be an open and community supported project.

Check out the AUTHORS for major contributors.

License

Gunyah is licensed on the BSD 3-clause "New" or "Revised" License. Check out the LICENSE for more details.

More Repositories

1

aimet

AIMET is a library that provides advanced quantization and compression techniques for trained neural network models.
Python
2,115
star
2

sense

Enhance your application with the ability to see and interact with humans using any RGB camera.
Python
733
star
3

ai-hub-models

The Qualcomm® AI Hub Models are a collection of state-of-the-art machine learning models optimized for performance (latency, memory etc.) and ready to deploy on Qualcomm® devices.
Python
448
star
4

aimet-model-zoo

Python
296
star
5

sample-apps-for-robotics-platforms

C
120
star
6

AFLTriage

Rust
111
star
7

qidk

C
95
star
8

snapdragon-gsr

GLSL
94
star
9

adreno-gpu-opengl-es-code-sample-framework

This repository contains an OpenGL ES Framework designed to enable developers to get up and running quickly for creating sample content and rapid prototyping. It is designed to be easy to build and have the basic building blocks needed for creating an Android APK with OpenGL ES functionality, input system, as well as other helper utilities for loading resources, etc. This Framework has been extracted and is a subset of the Adreno GPU SDK.
C++
58
star
10

cloud-ai-sdk

Qualcomm Cloud AI SDK (Platform and Apps) enable high performance deep learning inference on Qualcomm Cloud AI platforms delivering high throughput and low latency across Computer Vision, Object Detection, Natural Language Processing and Generative AI models.
Jupyter Notebook
52
star
11

adreno-gpu-vulkan-code-sample-framework

This repository contains a Vulkan Framework designed to enable developers to get up and running quickly for creating sample content and rapid prototyping. It is designed to be easy to build and have the basic building blocks needed for creating an Android APK with Vulkan functionality, input system, as well as other helper utilities for loading resources, etc.
C++
43
star
12

upstream-wifi-fw

42
star
13

efficient-transformers

This library empowers users to seamlessly port pretrained models and checkpoints on the HuggingFace (HF) hub (developed using HF transformers library) into inference-ready formats that run efficiently on Qualcomm Cloud AI 100 accelerators.
Python
39
star
14

qbox

Qbox
C++
35
star
15

ai-hub-apps

The Qualcomm® AI Hub apps are a collection of state-of-the-art machine learning applications ready to deploy on Qualcomm® devices.
Java
31
star
16

qca-sdk-nss-fw

27
star
17

fastrpc

C
21
star
18

sense-iOS

Enhance your iOS app with the ability to see and interact with humans using the RGB camera.
Swift
20
star
19

vasp

VASP is a framework to simulate attacks on V2X networks. It works on top of the VEINS simulator.
C++
19
star
20

toolchain_for_hexagon

Shell
18
star
21

software-kit-for-qualcomm-cloud-ai-100

Software kit for Qualcomm Cloud AI 100
C++
16
star
22

gunyah-resource-manager

A Root VM supporting virtualization with the Gunyah Hypervisor.
C
15
star
23

ai-engine-direct-helper

C++
15
star
24

lid

License Identifier
Python
14
star
25

vdds

Highly-optimized intra-process PubSub library with DDS-like interface
C++
13
star
26

android-on-snapdragon

Sample code for 3rd party developers working on Android On Snapdragon
Java
11
star
27

gunyah-c-runtime

A small C runtime for bare-metal VMs on the Gunyah Hypervisor.
C
11
star
28

comment-filter

A Python library and command-line utility that filters comments from a source file
Python
10
star
29

software-kit-for-qualcomm-cloud-ai-100-cc

Software kit for Qualcomm Cloud AI 100 cc
C++
10
star
30

gunyah-support-scripts

Shell
9
star
31

wos-ai-plugins

C++
9
star
32

iodme

IODME (IO Data Mover Engine) is a library, and some tools, for optimizing typical IO operations that involve copying / moving data between memory and file descriptors.
C++
8
star
33

startupkits

Platform Documentation - a collection of documentations (user guides) for startup-kits published on QDN (https://developer.qualcomm.com/hardware/startup-kits)
7
star
34

autopen

Autopen is an open-source toolkit designed to assist security analysts, manufacturers, and various professionals to detect potential vulnerabilities in vehicles.
Python
7
star
35

qccsdk-qcc711

C
7
star
36

license-text-normalizer

License Text Normalizer
Python
6
star
37

aimet-pages

AIMET GitHub pages documentation
HTML
6
star
38

bstruct-mininet

Python
5
star
39

wifi-commonsys

Java
5
star
40

license-text-normalizer-js

License Text Normalizer (JavaScript)
TypeScript
5
star
41

quic.github.io

Landing page for QuIC GitHub
SCSS
4
star
42

musl

musl libc fork for Hexagon support
C
4
star
43

snapdragon-game-plugins-for-unreal-engine

4
star
44

lockers

The lockers package contains various locking mechanism and building blocks.
Shell
4
star
45

sshash

Library and tools for hashing sensitive strings in ELF libraries and executables
C++
4
star
46

hexagonMVM

Assembly
4
star
47

game-assets-for-adreno-gpu-code-samples

Game assets for Adreno GPU code samples
3
star
48

lsbug

lsbug - A collection of Linux kernel tests for arm64 servers
Python
3
star
49

.github

QuIC GitHub organization action templates and config
C
3
star
50

mink-idl-compiler

Rust
3
star
51

ghe-policy-check

Python
2
star
52

quic-usb-drivers

C
2
star
53

sample-apps-for-qualcomm-linux

C++
2
star
54

vsf-service

Python
2
star
55

tps-location-sdk-android

1
star
56

tps-location-sdk-native

HTML
1
star
57

tps-location-quick-start-android

Java
1
star
58

tps-location-quick-start-native

C++
1
star
59

cloud-ai-sdk-pages

1
star
60

sbom-check

Python library and CLI application that check a provided SPDX SBOM for adherence to the official specification SPDX 2.3 specification and for the presence of a configurable set of required field values.
Python
1
star
61

aic-operator

Go
1
star
62

v4l-video-test-app

C++
1
star