microsoft/openvmm
Publicmirrored fromhttps://github.com/microsoft/openvmmAvailable
Guide/src/user_guide/openhcl.md
48lines · modecode
| 1 | # OpenHCL |
| 2 | |
| 3 | OpenHCL is an execution environment which runs OpenVMM as a **paravisor**. |
| 4 | |
| 5 | Unlike in traditional virtualization, where a VMM runs in a privileged host/root |
| 6 | partition and provides virtualization services to a unprivileged guest |
| 7 | partition, the "paravisor" model enables a VMM to provide virtualization |
| 8 | services from _within_ the guest partition itself. |
| 9 | |
| 10 | It can be considered a form of "virtual firmware", running at a higher privilege |
| 11 | level than the primary guest OS. |
| 12 | |
| 13 | Paravisors are quite exciting, as they enable a wide variety of useful and novel |
| 14 | virtualization scenarios! For example: at Microsoft, OpenHCL plays a key role in |
| 15 | enabling several important Azure scenarios: |
| 16 | |
| 17 | - Enabling existing workloads to seamlessly leverage [Azure Boost] (Azure's |
| 18 | next-generation hardware accelerator), without requiring any modifications to |
| 19 | the guest VM image. |
| 20 | |
| 21 | - Enabling existing guest operating systems to run inside [Confidential VMs]. |
| 22 | |
| 23 | - Powering [Trusted Launch VMs] - VMs that support Secure Boot, and include a |
| 24 | vTPM. |
| 25 | |
| 26 | * * * |
| 27 | |
| 28 | To learn more about OpenHCL's architecture, please refer to |
| 29 | [OpenHCL Architecture](../reference/architecture/openhcl.md). |
| 30 | |
| 31 | ```admonish note |
| 32 | _Note:_ As you explore the OpenVMM repo, you may find references to the term |
| 33 | **Underhill**. |
| 34 | |
| 35 | Underhill was the former codename for OpenHCL, so whenever you see the term |
| 36 | "Underhill", you can treat it as synonymous to "OpenHCL". |
| 37 | |
| 38 | We are actively migrating existing code and docs away from using the term |
| 39 | "Underhill". |
| 40 | ``` |
| 41 | |
| 42 | [VSM]: https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/vsm |
| 43 | [Virtual Trust Levels]: https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/vsm |
| 44 | [Azure Boost]: https://learn.microsoft.com/en-us/azure/azure-boost/overview |
| 45 | [Confidential VMs]: https://azure.microsoft.com/en-us/solutions/confidential-compute |
| 46 | [Trusted Launch VMs]: https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch |
| 47 | [TDX]: https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html |
| 48 | [SEV-SNP]: https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf |
| 49 | |