{"id":13831465,"url":"https://github.com/cyberus-technology/hedron","last_synced_at":"2026-04-04T10:52:57.204Z","repository":{"id":37716921,"uuid":"285554580","full_name":"cyberus-technology/hedron","owner":"cyberus-technology","description":"The Hedron Microhypervisor","archived":false,"fork":false,"pushed_at":"2023-10-08T08:44:30.000Z","size":7396,"stargazers_count":73,"open_issues_count":0,"forks_count":6,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-08-05T10:17:19.671Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberus-technology.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-06T11:35:45.000Z","updated_at":"2024-08-01T21:31:53.000Z","dependencies_parsed_at":"2023-02-14T16:31:10.643Z","dependency_job_id":null,"html_url":"https://github.com/cyberus-technology/hedron","commit_stats":null,"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberus-technology%2Fhedron","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberus-technology%2Fhedron/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberus-technology%2Fhedron/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberus-technology%2Fhedron/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberus-technology","download_url":"https://codeload.github.com/cyberus-technology/hedron/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225565793,"owners_count":17489268,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T10:01:28.728Z","updated_at":"2026-04-04T10:52:57.191Z","avatar_url":"https://github.com/cyberus-technology.png","language":"C++","funding_links":[],"categories":["Research Projects","C++"],"sub_categories":["AMD"],"readme":"# Hedron Hypervisor\n\nThe Hedron hypervisor combines microkernel and hypervisor functionality\nand provides an extremely small trusted computing base for user applications\nand virtual machines running on top of it. The hypervisor implements a\ncapability-based authorization model and provides basic mechanisms for\nvirtualization, spatial and temporal separation, scheduling, communication,\nand management of platform resources.\n\nHedron has to be used with a multi-server environment that implements\noperating-system services in user mode, such as device drivers,\nprotocol stacks, and policies. On machines with hardware\nvirtualization features, multiple unmodified guest operating systems\ncan run concurrently on top of the hypervisor facilitated by a\nvirtual machine monitor running in user space.\n\nHedron is currently used as the core of the [Secure Virtual\nPlatform](https://www.cyberus-technology.de/products/svp.html) by\n[Cyberus Technology GmbH](https://www.cyberus-technology.de/).\n\nHedron is open source under the [GPLv2](./LICENSE) license. Please\nconsider talking to us before using it in any production system as\nthere are important caveats that may not be very well documented.\n\n## Changelog\n\nA changelog is provided in [CHANGELOG.md](CHANGELOG.md).\n\n## Building\n\n### Nix (recommended)\n\nIf you are only interested in building Hedron without any hassle, you\ncan do so using [Nix](https://nixos.org/) on most Linux\ndistributions. This recreates exactly the same binaries we test.\n\nAfter [installing Nix](https://nixos.org/download.html), build Hedron\nusing:\n\n```bash\n$ nix-build nix/release.nix -A hedron.builds.default-release # For a release build\n$ nix-build nix/release.nix -A hedron.builds.default-debug   # For a debug build\n```\n\nThere is a shorthand for building a release build:\n\n```bash\n$ nix-build\n```\n\nThe hypervisor is then found in `result/`. With Nix available, other\nbuild options for developers become available. See the documentation\nin `nix/release.nix` for details.\n\n### Manual Build (for developers)\n\nYou need the following tools to compile the hypervisor:\n\n- cmake 3.13 or higher,\n- binutils 2.30 or higher,\n- gcc 10.0.0 or higher,\n- or alternatively, clang 12.0 or higher.\n\nTo build and run the unit tests (optional), you need:\n\n- pkg-config,\n- Catch2.\n\nYou can build a hypervisor binary as follows:\n\n```sh\n# Only needs to be done once\n% mkdir -p build\n% cd build ; cmake ..\n\n# Build the hypervisor and execute unit tests\nbuild % make\nbuild % make test\n```\n\nBuilding unit tests can be avoided by passing `-DBUILD_TESTING=OFF` to\n`cmake`. Additional configuration flags can be configured using\n`ccmake` or other CMake frontends:\n\n```sh\nbuild % ccmake .\n```\n\n## Documentation\n\nUser and developer documentation is provided via [mkdocs](https://www.mkdocs.org/).\nThe documentation of the `master` branch is published\n[here](http://supernova-core.doc.vpn.cyberus-technology.de/hedron/). Locally,\nyou can serve the documentation as follows:\n\n```sh\n% nix-shell --run \"mkdocs serve\"\n```\n\n## Running\n\n### Supported platforms\n\nThe Hedron hypervisor runs on single- and multi-processor x86\nmachines that support ACPI, XSAVE and FSGSBASE.\n\nRecommended Intel CPUs are Intel Core processors starting with the Ivy\nBridge microarchitecture. The virtualization features are available on\nIntel CPUs with VMX and nested paging (EPT).\n\nIntel Atom CPUs (also labeled Pentium Silver or Celeron) should work\nstarting with the Goldmont Plus microarchitecture, but are not\nactively tested. Consider running Hedron on Atom systems experimental.\n\nAMD systems are currently not supported. Older versions of Hedron had AMD\nsupport that was removed due to lack of testing. Please contact the developers\nif you are interested in reviving AMD support.\n\n### Boot\n\nThe Hedron hypervisor can be started from a multiboot-compliant\nbootloader, such as GRUB or iPXE. Hedron supports Multiboot 1 and 2\n(for UEFI). Here are some examples that assume a Hedron-compatible\n`roottask` binary.\n\nBoot as a Multiboot2 payload in Grub2:\n\n```\nmultiboot2 hypervisor-x86_64 serial novga\nmodule2    roottask\n```\n\nBoot as a Multiboot1 payload with iPXE via TFTP:\n\n```\nkernel tftp://${next-server}/hypervisor.elf32 serial novga\ninitrd tftp://${next-server}/roottask\n```\n\n### Command-Line Parameters\n\nHedron supports the following command-line parameters. They must be\nseparated by spaces.\n\n- *serial*\t- Enables the hypervisor to drive the serial console.\n- *nopcid*\t- Disables TLB tags for address spaces.\n- *novga*  \t- Disables VGA console.\n- *novpid* \t- Disables TLB tags for virtual machines.\n\n## Developing\n\n### Hedron (Cyberus-internal)\n\nPlease check the internal developer wiki for up-to-date instructions.\n\n### Hedron (External)\n\nThe [Hedron Github\n repository](https://github.com/cyberus-technology/hedron/) is a\n mirror the Cyberus Technology internal Hedron repository. Please\n contact us (see below) if you want to contribute to Hedron. We are\n not actively monitoring PRs and issues on Github.\n\n### User Space Applications\n\nHedron's system calls are documented in the [Kernel Interface\ndocumentation](./docs/kernel-interface.md). This document is\nunfortunately not complete yet.\n\n## Credits\n\nHedron is derived from the NOVA hypervisor developed by Udo\nSteinberg. While NOVA and Hedron are still close in spirit, the last\ncommon commit dates from 2015. Since then Hedron has been steadily\nmodernized with a focus on simplicity, testability, and support for\nmodern virtualization features. Over the years, Hedron also adopted\npatches by Genode Labs developed as part of their NOVA fork.\n\n## Contact\n\nPlease send feedback and comments to hypervisor@cyberus-technology.de.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberus-technology%2Fhedron","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberus-technology%2Fhedron","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberus-technology%2Fhedron/lists"}