#hypervisor



TrenchBoot Anti Evil Maid for Qubes OS

Published at January 31, 2023 · Michał Żygowski ·  14 min read

Qubes OS Anti Evil Maid (AEM) software heavily depends on the availability of the DRTM technologies to prevent the Evil Maid attacks. However, the project has not evolved much since the beginning of 2018 and froze on the support of TPM 1.2 with Intel TXT in legacy boot mode (BIOS). In the post we show how existing solution can be replaced with TrenchBoot and how one can install it on the Qubes OS. Also the post will also briefly explain how TrenchBoot opens the door for future TPM 2.0 and UEFI support for AEM....

Categories: bootloader firmware hypervisor os-dev security


Trying to fix ESXi 6.7.0 boot issue, part one

Published at March 4, 2020 · Krystian Hebel ·  14 min read

First mentions that updated versions of VMware's ESXi 6.7.0 installer doesn't start on PC Engines platforms come from the beginning of 2019. Older versions of ESXi worked fine. 'Shutting down firmware services...' is the last line printed before hang or reboot....

Categories: firmware os-dev


VMX exit reasons and handlers

Published at January 23, 2020 · Krystian Hebel ·  14 min read

After long break, this is the third post in the hypervisor series. We will see how VMX helps with virtualization of restricted instructions and how Bareflank allows for implementation of handlers for them. At the end we will show how to write and add our own handler....

Categories: firmware




Building and running Bareflank

Published at May 15, 2019 · Krystian Hebel ·  13 min read

In this second post of a series, we will build and start our first hypervisor. It won't do much just yet, but it is good to get known with its build system....

Categories: firmware


5 terms every hypervisor developer should know

Published at April 30, 2019 · Krystian Hebel ·  11 min read

This is the first post of a series about developing bare-metal hypervisors. It introduces to Intel's VMX technology, describes interactions between a virtual machine and a hypervisor as well as gives some insight on the control structures required. This post should give some theoretical knowledge base required for the next ones, in which we will implement a basic hypervisor....

Categories: firmware