Bao (from Mandarin Chinese “bǎohù”, meaning “to protect”) is a lightweight, open-source embedded hypervisor which aims at providing strong isolation and real-time guarantees. Bao provides a minimal, from-scratch implementation of the partitioning hypervisor architecture.
Designed mainly for targeting mixed-criticality systems, Bao strongly focuses on isolation for fault-containment and real-time behavior. Its implementation comprises only a minimal, thin-layer of privileged software leveraging ISA virtualization support to implement the static partitioning hypervisor architecture: resources are statically partitioned and assigned at VM instantiation time; memory is statically assigned using 2-stage translation; IO is pass-through only; virtual interrupts are directly mapped to physical ones; and it implements a 1-1 mapping of virtual to physical CPUs, with no need for a scheduler.
Bao has no external dependencies, such as on privileged VMs running untrustable, large monolithic general-purpose operating systems (e.g., Linux), and, as such, encompasses a much smaller TCB.
NOTE: This is work in progress! Don't expect things to be complete. Use at your own risk.
The full list of supported (and work in progress) platforms is presented below:
Armv8-A
- Xilinx Zynq UltraScale+ MPSoC ZCU102
- Xilinx Zynq UltraScale+ MPSoC ZCU104
- Ultra96 Zynq UltraScale+ ZU3EG
- NXP MCIMX8QM-CPU
- NVIDIA Jetson TX2
- 96Boards HiKey 960
- Raspberry Pi 4
- QEMU virt
- NXP MCIMX8M-EVK
- Arm Fixed Virtual Platform
- 96Boards ROCK960
Armv8-R
- Arm Fixed Virtual Platform
RISC-V
- QEMU virt
- Rocket w/ H-extension
- CVA6 w/ H-extension
Project website:
Source code:
- https://github.com/bao-project/bao-hypervisor.git
- [email protected]:bao-project/bao-hypervisor.git
Contributing:
- Please get in touch ([email protected])
For a step-by-step guide on how to run different demo configurations of the Bao hypervisor featuring multiple guest operating systems and targeting several platforms please refer to: Bao Hypervisor Demo Guide
-
Bruno Sá, José Martins and Sandro Pinto. "A First Look at RISC-V Virtualization from an Embedded Systems Perspective". In IEEE Transactions on Computers, doi: 10.1109/TC.2021.3124320.
-
José Martins and Sandro Pinto. "Static Partitioning Virtualization on RISC-V". In RISC-V Summit, virtual, 2020. https://www.youtube.com/watch?v=yuxMn4ZApEM
-
José Martins and Sandro Pinto. "Bao: a modern lightweight embedded hypervisor". In Proceedings of the Embedded World Conference, Nuremberg, Germany, 2020.
-
José Martins, Adriano Tavares, Marco Solieri, Marko Bertogna, and Sandro Pinto. "Bao: A Lightweight Static Partitioning Hypervisor for Modern Multi-Core Embedded Systems". In Workshop on Next Generation Real-Time Embedded Systems (NG-RES 2020). Schloss Dagstuhl-Leibniz-Zentrum für Informatik. 2020. https://drops.dagstuhl.de/opus/volltexte/2020/11779/