{"id":18694269,"url":"https://github.com/9elements/vmboot","last_synced_at":"2026-02-02T22:42:11.433Z","repository":{"id":218515833,"uuid":"687926951","full_name":"9elements/VMBoot","owner":"9elements","description":"This repository serves as the main source of information about the VMBoot-Concept.","archived":false,"fork":false,"pushed_at":"2024-01-22T09:50:52.000Z","size":26,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-30T09:54:22.957Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/9elements.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-09-06T09:42:59.000Z","updated_at":"2024-12-20T22:17:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"e43455b0-cb8e-473c-a985-eba1a20ddbed","html_url":"https://github.com/9elements/VMBoot","commit_stats":null,"previous_names":["9elements/vmboot"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/9elements/VMBoot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9elements%2FVMBoot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9elements%2FVMBoot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9elements%2FVMBoot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9elements%2FVMBoot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/9elements","download_url":"https://codeload.github.com/9elements/VMBoot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9elements%2FVMBoot/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263322786,"owners_count":23448712,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T11:09:12.667Z","updated_at":"2026-02-02T22:42:06.397Z","avatar_url":"https://github.com/9elements.png","language":null,"readme":"# VMBoot concept\n\nVMBoot presents a PoC of booting into [TianoCore/EDK2](https://github.com/tianocore/edk2) firmware with only Open Source Firmware, namely [coreboot](https://www.coreboot.org/) and Linuxboot/[u-root](https://u-root.org/), on the flash chip .\nIt utilizes [gokvm](https://github.com/bobuhiro11/gokvm), a small Linux-KVM hypervisor written in pure Go, which is integrated into u-root as VMBoot and it's able to execute an EDK2 firmware image.\nFor loading the firmware and basic setup of the virtual machine, the [PVH Boot Protocol](https://github.com/mirage/xen/blob/master/docs/misc/pvh.markdown) and [HMV direct boot ABI](https://github.com/mirage/xen/blob/master/docs/misc/hvmlite.markdown) are used.\n\n### Demo\n[![asciicast](https://asciinema.org/a/785rLfVhSdpnGsfY13fIJi5ke.svg)](https://asciinema.org/a/785rLfVhSdpnGsfY13fIJi5ke)\n\n## Status gokvm\n - [gokvm](https://github.com/bobuhiro11/gokvm)\n - gokvm is able to boot into [EDK2/CloudHV](https://github.com/cloud-hypervisor/edk2/tree/ch) for [Cloud-Hypervisor](https://github.com/cloud-hypervisor/cloud-hypervisor) until the EFI-Shell.\n - device passthrough via VirtIO is limited to block devices and network\n\n## Status vmboot in u-root\n - [vmboot](https://github.com/u-root/u-root/tree/main/cmds/exp/vmboot)\n - iterates over block devices and mounts partition with EDK2 image\n - loads EDK2 image from mounted block device (only XFS file system)\n - runs EDK2 in gokvm until EFI-Shell\n - experimental state to show that it is possible to start a vm from u-root and execute EDK2 in the VM.\n\n## Prerequisites\n### Platform\n- Platform CPUs must support AMD-V or Intel VT-x\n- Platform is supported by coreboot\n- coreboot+Linuxboot/u-root requires at least 10MiB free space to use on the flashchip\n\n### Linux kernel\n- build with AMD-V or Intel-VT support\n- must be build with KVM support\n- reduce size by remove unused drivers and features\n\n## Platform support\n\nVendor | Product name | coreboot support | Status |\n|------|--------------|-----------|---------------|\n| Supermicro | X11SCH-F | [wip](https://review.coreboot.org/c/coreboot/+/37441) | WIP  |\n\n## Example linux kernel configs\n|Platform|\n|--------|\n| [Supermicro X11SCH-F](./platforms/supermicro/x11sch-f/linux_intel.config)|\n\n## Procedure\n- build linux kernel with example config\n- build u-root initrd with vmboot\n- build coreboot for desired platform and use linux kernel and u-root initrd as payload\n- flash coreboot image on device\n- place EDK2/CloudHv image on block device attached to machine (XFS filesystem on block device required)\n- boot machine and execute vmboot\n\n## Further work\n - More platforms need to be testes.\n - Extension and improvments of gokvm and vmboot is required\n\n## Blog posts\n- [VMBoot Proof of Concept](https://9esec.io/blog/vmboot-poc/)\n\n## _References_:\n\n- [Interview with Ron Minich](https://archive.fosdem.org/2007/interview/ronald+g+minnich.html)\n- [UEFI Spec 2.10](https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf)\n- [ACPI Spec 6.5](https://uefi.org/sites/default/files/resources/ACPI_Spec_6_5_Aug29.pdf)\n- [gokvm](https://github.com/bobuhiro11/gokvm)\n- [u-root](https://github.com/u-root/u-root)\n- [u-root/vmboot](https://github.com/u-root/u-root/tree/main/cmds/exp/vmboot)\n- [coreboot](https://www.coreboot.org/)\n- [HMV direct boot ABI](https://github.com/mirage/xen/blob/master/docs/misc/hvmlite.markdown)\n- [HMV Structures](https://github.com/torvalds/linux/blob/master/include/xen/interface/hvm/start_info.h)\n- [PVH Boot Protocol](https://github.com/mirage/xen/blob/master/docs/misc/pvh.markdown)\n- [Cloud Hypervisor](https://github.com/cloud-hypervisor/cloud-hypervisor)\n- [EDK2/CloudHV](https://github.com/cloud-hypervisor/edk2/tree/ch)\n\n\n## Funding\n\nThis project is funded through the [NGI Assure Fund](https://nlnet.nl/assure), a fund established by [NLnet](https://nlnet.nl) with financial support from the European Commission's [Next Generation Internet](https://ngi.eu) program. Learn more at the [NLnet project page](https://nlnet.nl/project/UEFI-isolation).\n\n[\u003cimg src=\"https://nlnet.nl/logo/banner.png\" alt=\"NLnet foundation logo\" width=\"20%\" /\u003e](https://nlnet.nl)\n[\u003cimg src=\"https://nlnet.nl/image/logos/NGIAssure_tag.svg\" alt=\"NGI Assure Logo\" width=\"20%\" /\u003e](https://nlnet.nl/assure)","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F9elements%2Fvmboot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F9elements%2Fvmboot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F9elements%2Fvmboot/lists"}