The Bareflank Hypervisor is an open source, lightweight hypervisor, led by Assured Information Security, Inc., that provides the scaffolding needed to rapidly prototype new hypervisors. To ease development, Bareflank is written in C++, and includes support for exceptions and the C++ Standard Template Library (STL) via libc++. With the C++ STL, users can leverage shared pointers, complex data structures (e.g. hash tables, maps, lists, etc…), and several other modern C++ features. Existing open source hypervisors that are written in C are difficult to modify, and require a considerable amount of time re-writing similar functionality instead of focusing on what matters most: hypervisor technologies. Furthermore, users can leverage inheritance to extend every part of the hypervisor to provide additional functionality above and beyond what is already provided.
To this end, Bareflank's primary goal is to remain simple and minimalistic, providing only the scaffolding needed to construct more complete/complicated hypervisors including:
- Bare Metal Hypervisors (also known as type 1, like Xen)
- Late Launch Hypervisors (also known as type 2, like VirtualBox)
- Host-Only Hypervisors (no guests, like MoRE, SimpleVisor and HyperPlatform)
The core business logic will remain in the hypervisors that extend Bareflank, and not in Bareflank itself.
To support Bareflank's design approach, the entire project is licensed under the GNU Lesser General Public License v2.1 (LGPL), specifically enabling users of the project to both contribute back to the project, but also create proprietary extensions if so desired.
In addition to Bareflank’s lightweight, modular design, the entire hypervisor has been written using test driven development. As such, all of Bareflank’s code comes complete with a set of unit tests to validate that the provided code works as expected. These tests are validated using Coveralls, and Travis CI has been setup to test styling via Astyle, and static / dynamic analysis via Clang Tidy, Codacy, and Google's Sanitizers. In addition, we adhere to the CII Best Practices, and the C++ Core Guidelines including support for the Guideline Support Library.
Currently we have support for the following 64bit host operating systems on Intel Sandy Bridge and above hardware:
- Arch Linux
- Ubuntu 17.10+
- Windows 10
- Windows 7
In the future, we would also like to support:
- macOS
- BSD
- UEFI (currently under development)
- ARM64 (currently under development)
Most people think that hypervisors are meant to virtualize servers and provide a means to run Windows on a Mac, but there is a whole field of research where hypervisors are used without guest virtual machines. Since a hypervisor is capable of controlling the host OS running underneath it (so called "ring -1"), hypervisors have been used for introspection, reverse engineering, anti-virus, containerization, diversity, and even architectural research like the MoRE hypervisor. All of these use cases start the same way, by spending months standing up the hypervisor itself before you can start working on your actual project. Existing open source hypervisors are so focused on supporting virtual machines and burdened with legacy support that they are painful to work with when conducting less traditional hypervisor research.
Bareflank's goal is to provide the scaffolding needed to create any type of hypervisor. To support this, Bareflank leverages C++ not only to provide a clear method for extending the hypervisor via inheritance, but also to provide access to the C++ STL to reduce the time it takes to prototype and implement new technologies. For example, suppose you’re writing an introspection hypervisor that needs to store the different system calls that are being made in a data structure for fast lookups. Doing this in an existing C based hypervisor might require you to create your own data structure. This same implementation is trivial with the STL's existing data structures. With Bareflank's design, you can focus on the goal of your project, and less on implementing the foundation needed to support your project.
Bareflank will always maintain the "bare minimum" needed to stand up a hypervisor. Additional repositories like the Extended APIs repo and the Hyperkernel repo have been created that extend the hypervisor to add additional API support for common research tasks (e.g. VT-x / VT-d APIs and guest support APIs). Long term, it is our hope that others will leverage Bareflank to create hypervisors capable of competing with existing type 1 and type 2 open source hypervisors, but Bareflank itself will remain focused on the bare minimum scaffolding.
Bareflank Hypervisor Website
Bareflank Hypervisor API Documentation
Checkout the latest demo for how to compile, use and extend the Bareflank Hypervisor
Although Bareflank can be made to run on most systems, the following are the supported platforms and their dependencies:
sudo pacman -S linux-headers nasm cmake base-devel clang
sudo apt-get install git build-essential linux-headers-$(uname -r) nasm clang cmake
- Visual Studio 2017 / WDK 10
- Check "Desktop development with C++"
- Check "C++ CLI / Support"
- Cygwin
To install Cygwin, simply install using all default settings, and then copy setup-x86_64.exe to C:\cygwin64\bin. From there, open a Cygwin terminal and run the following:
setup-x86_64.exe -q -P make,gcc-core,gcc-g++,nasm,clang,clang++,cmake,python,gettext
After installing the the above packages you must enable test signing mode. This can be done from a command prompt with admin privileges:
bcdedit.exe /set testsigning ON
<reboot>
To compile with default settings for your host environment, run the following commands:
git clone https://github.com/bareflank/hypervisor.git
mkdir build; cd build
cmake ../hypervisor
make -j<# cores + 1>
For more detailed build instuctions and configurations, see the detailed build instructions. For instructions on building and creating Bareflank extensions, see the extension build instructions
To use the hypervisor, run the following commands:
make driver_quick
make quick
to get status information, use the following:
make status
make dump
to reverse this:
make unload
make driver_unload
to clean up:
make distclean
On Windows, serial output might not work. If this is the case, disbale the default Serial device using the following:
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Serial" /f /v "start" /t REG_DWORD /d "4"
You might find it useful to setup SSH if you are using Cygwin. The instructions for setting up SSH on Cygwin are as follows:
setup-x86_64.exe -q -P getent,cygrunsrv,openssl,openssh
ssh-host-config -y
<password>
<password>
net start sshd
netsh advfirewall firewall add rule name='SSH Port' dir=in action=allow protocol=TCP localport=22
*** WARNING ***
The master branch is our development branch and should be considered unstable.
It is possible these additional projects might not compile with master. If you
need a stable branch that works with these repos, please use a tagged release.
Since Bareflank only provides the bare minimum implementation, we have created two other repositories that extend Bareflank to provide additional capabilities that you might find useful. The Extended APIs repo provides additional APIs around Intel's VT-x / VT-d. Likely most users of Bareflank will find these APIs useful. The Hyperkernel leverages the Extended APIs and Bareflank to provide guest support. If your project requires guest support, you might also find this repo useful as well.
Extended APIs:
https://github.com/Bareflank/extended_apis
Hyperkernel:
https://github.com/Bareflank/hyperkernel
*** WARNING ***
The master branch is our development branch and should be considered unstable.
It is possible these additional projects might not compile with master. If you
need a stable branch that works with these repos, please use a tagged release.
To provide examples of how you might extend Bareflank to provide your own custom functionality, we have provided a couple of examples:
Enable VPID:
https://github.com/Bareflank/hypervisor_example_vpid
CPUID Count:
https://github.com/Bareflank/hypervisor_example_cpuidcount
MSR Bitmap:
https://github.com/Bareflank/hypervisor_example_msr_bitmap
Extended APIs EPT Hook:
https://github.com/Bareflank/extended_apis_example_hook
The Bareflank Hypervisor is licensed under the GNU Lesser General Public License v2.1 (LGPL).
If you’re interested in Bareflank, you might also be interested in the following hypervisor projects:
MoRE:
https://github.com/ainfosec/MoRE
SimpleVisor:
https://github.com/ionescu007/SimpleVisor
HyperPlatform:
https://github.com/tandasat/HyperPlatform