OpenVMM – A New VMM for Windows and Linux, Written in Rust

(github.com)

171 points g0xA52A2A | 2 comments | 17 Oct 24 05:42 UTC | HN request time: 0s | source

Show context

robjwells ◴[17 Oct 24 10:23 UTC] No.41868166[source]▶

Note this “disclaimer” in the guide:

> In recent years, development efforts in the OpenVMM project have primarily focused on OpenHCL (AKA: OpenVMM as a paravisor).

> As a result, not a lot of "polish" has gone into making the experience of running OpenVMM in traditional host contexts particularly "pleasant".

> This lack of polish manifests in several ways, including but not limited to: […]

> • No API or feature-set stability guarantees whatsoever.

https://github.com/microsoft/openvmm/blob/main/Guide/src/use...

replies(1): >>41868961 #

1. solarkraft ◴[17 Oct 24 12:19 UTC] No.41868961[source]▶

>>41868166 #

Plus, for running as a paravisor:

> OpenHCL currently relies on Hyper-V's implementation of Virtual Trust Levels (VTLs) to implement the security boundaries necessary

replies(1): >>41870036 #

2. nolist_policy ◴[17 Oct 24 14:31 UTC] No.41870036[source]▶

>>41868961 (TP) #

OpenHCL is much more interesting than OpenVMM:

Tl;Dr: Run the VM with only modern paravirtualized devices, then run OpenHCL inside the VM in ring -1 to emulate legacy devices and the guest os in ring 0 as usual.

This is more secure, as the host only exposes paravirtualized devices with reduced attack surface to the guest. While still allowing to run legacy os.

↑