diff --git a/FAQ.md b/FAQ.md index b44851c..7fdc25b 100644 --- a/FAQ.md +++ b/FAQ.md @@ -2,7 +2,7 @@ ## How does krata currently work? -The krata hypervisor makes it possible to launch OCI containers on a Xen hypervisor without utilizing the Xen userspace tooling. krata contains just enough of the userspace of Xen (reimplemented in Rust) to start an x86_64 Xen Linux PV guest, and implements a Linux init process that can boot an OCI container. It does so by converting an OCI image into a squashfs/erofs file and packaging basic startup data in a bundle which the init container can read. +The krata isolation engine makes it possible to launch OCI containers on a Xen hypervisor without utilizing the Xen userspace tooling. krata contains just enough of the userspace of Xen (reimplemented in Rust) to start an x86_64 Xen Linux PV guest, and implements a Linux init process that can boot an OCI container. It does so by converting an OCI image into a squashfs/erofs file and packaging basic startup data in a bundle which the init container can read. In addition, due to the desire to reduce dependence on the dom0 network, krata contains a networking daemon called kratanet. kratanet listens for krata guests to startup and launches a userspace networking environment. krata guests can access the dom0 networking stack via the proxynat layer that makes it possible to communicate over UDP, TCP, and ICMP (echo only) to the outside world. In addition, each krata guest is provided a "gateway" IP (both in IPv4 and IPv6) which utilizes smoltcp to provide a virtual host. That virtual host in the future could dial connections into the container to access container networking resources. @@ -13,7 +13,3 @@ Xen is a very interesting technology, and Edera believes that type-1 hypervisors ## Why not utilize pvcalls to provide access to the host network? pvcalls is extremely interesting, and although it is certainly possible to utilize pvcalls to get the job done, we chose to utilize userspace networking technology in order to enhance security. Our goal is to drop the use of all xen networking backend drivers within the kernel and have the guest talk directly to a userspace daemon, bypassing the vif (xen-netback) driver. Currently, in order to develop the networking layer, we utilize xen-netback and then use raw sockets to provide the userspace networking layer on the host. - -## What are the future plans? - -Edera is building a company to compete in the hypervisor space with open-source technology. More information to come soon on official channels. diff --git a/README.md b/README.md index 560fc6c..2652187 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # krata -The Edera Hypervisor +An isolation engine for securing compute workloads. ![license](https://img.shields.io/github/license/edera-dev/krata) ![discord](https://img.shields.io/discord/1207447453083766814?label=discord) @@ -16,13 +16,13 @@ The Edera Hypervisor ## Introduction -krata is a single-host hypervisor service built for OCI-compliant containers. It isolates containers using a type-1 hypervisor, providing workload isolation that can exceed the security level of KVM-based OCI-compliant runtimes. +krata is a single-host workload isolation service. It isolates workloads using a type-1 hypervisor, providing a tight security boundary while preserving performance. -krata utilizes the core of the Xen hypervisor, with a fully memory-safe Rust control plane to bring Xen tooling into a new secure era. +krata utilizes the core of the Xen hypervisor with a fully memory-safe Rust control plane. ## Hardware Support -| Architecture | Completion Level | Virtualization Technology | -| ------------ | ---------------- | ------------------------- | -| x86_64 | 100% Completed | Intel VT-x, AMD-V | -| aarch64 | 30% Completed | AArch64 virtualization | +| Architecture | Completion Level | Hardware Virtualization | +| ------------ | ---------------- | ------------------------------- | +| x86_64 | 100% Completed | None, Intel VT-x, AMD-V | +| aarch64 | 10% Completed | AArch64 virtualization | diff --git a/crates/ctl/Cargo.toml b/crates/ctl/Cargo.toml index d4b87a8..ac50ebe 100644 --- a/crates/ctl/Cargo.toml +++ b/crates/ctl/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "krata-ctl" -description = "Command-line tool to control the krata hypervisor" +description = "Command-line tool to control the krata isolation engine" license.workspace = true version.workspace = true homepage.workspace = true diff --git a/crates/ctl/src/cli/list.rs b/crates/ctl/src/cli/list.rs index f146a05..142abb8 100644 --- a/crates/ctl/src/cli/list.rs +++ b/crates/ctl/src/cli/list.rs @@ -28,7 +28,7 @@ enum ListFormat { } #[derive(Parser)] -#[command(about = "List the guests on the hypervisor")] +#[command(about = "List the guests on the isolation engine")] pub struct ListCommand { #[arg(short, long, default_value = "table", help = "Output format")] format: ListFormat, diff --git a/crates/ctl/src/cli/list_devices.rs b/crates/ctl/src/cli/list_devices.rs index b00e5e0..c289f36 100644 --- a/crates/ctl/src/cli/list_devices.rs +++ b/crates/ctl/src/cli/list_devices.rs @@ -23,7 +23,7 @@ enum ListDevicesFormat { } #[derive(Parser)] -#[command(about = "List the devices on the hypervisor")] +#[command(about = "List the devices on the isolation engine")] pub struct ListDevicesCommand { #[arg(short, long, default_value = "table", help = "Output format")] format: ListDevicesFormat, diff --git a/crates/ctl/src/cli/mod.rs b/crates/ctl/src/cli/mod.rs index 257539c..371fca2 100644 --- a/crates/ctl/src/cli/mod.rs +++ b/crates/ctl/src/cli/mod.rs @@ -33,13 +33,13 @@ use self::{ #[derive(Parser)] #[command( version, - about = "Control the krata hypervisor, a secure platform for running containers" + about = "Control the krata isolation engine" )] pub struct ControlCommand { #[arg( short, long, - help = "The connection URL to the krata hypervisor", + help = "The connection URL to the krata isolation engine", default_value = "unix:///var/lib/krata/daemon.socket" )] connection: String, diff --git a/crates/ctl/src/cli/top.rs b/crates/ctl/src/cli/top.rs index e5d8783..477fefb 100644 --- a/crates/ctl/src/cli/top.rs +++ b/crates/ctl/src/cli/top.rs @@ -138,7 +138,7 @@ impl TopApp { impl Widget for &mut TopApp { fn render(self, area: Rect, buf: &mut Buffer) { - let title = Title::from(" krata hypervisor ".bold()); + let title = Title::from(" krata isolation engine ".bold()); let instructions = Title::from(vec![" Quit ".into(), " ".blue().bold()]); let block = Block::default() .title(title.alignment(Alignment::Center)) diff --git a/crates/daemon/Cargo.toml b/crates/daemon/Cargo.toml index 7a08dd2..70b166e 100644 --- a/crates/daemon/Cargo.toml +++ b/crates/daemon/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "krata-daemon" -description = "Daemon for the krata hypervisor." +description = "Daemon for the krata isolation engine" license.workspace = true version.workspace = true homepage.workspace = true diff --git a/crates/daemon/src/command.rs b/crates/daemon/src/command.rs index 052a8f6..82f179a 100644 --- a/crates/daemon/src/command.rs +++ b/crates/daemon/src/command.rs @@ -6,7 +6,7 @@ use std::str::FromStr; use crate::Daemon; #[derive(Parser)] -#[command(version, about = "Krata hypervisor daemon")] +#[command(version, about = "krata isolation engine daemon")] pub struct DaemonCommand { #[arg( short, diff --git a/crates/guest/Cargo.toml b/crates/guest/Cargo.toml index c8e2e76..cb74fe1 100644 --- a/crates/guest/Cargo.toml +++ b/crates/guest/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "krata-guest" -description = "Guest services for the krata hypervisor." +description = "Guest services for the krata isolation engine" license.workspace = true version.workspace = true homepage.workspace = true diff --git a/crates/krata/Cargo.toml b/crates/krata/Cargo.toml index 548d4fc..b5114e8 100644 --- a/crates/krata/Cargo.toml +++ b/crates/krata/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "krata" -description = "Client library and common services for the krata hypervisor." +description = "Client library and common services for the krata isolation engine" license.workspace = true version.workspace = true homepage.workspace = true diff --git a/crates/network/Cargo.toml b/crates/network/Cargo.toml index 3e2b693..b7b2f59 100644 --- a/crates/network/Cargo.toml +++ b/crates/network/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "krata-network" -description = "Networking services for the krata hypervisor." +description = "Networking services for the krata isolation engine" license.workspace = true version.workspace = true homepage.workspace = true diff --git a/crates/oci/Cargo.toml b/crates/oci/Cargo.toml index e5983fe..fd9ecb1 100644 --- a/crates/oci/Cargo.toml +++ b/crates/oci/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "krata-oci" -description = "OCI services for the krata hypervisor." +description = "OCI services for the krata isolation engine" license.workspace = true version.workspace = true homepage.workspace = true diff --git a/crates/runtime/Cargo.toml b/crates/runtime/Cargo.toml index e71d1fb..d406a96 100644 --- a/crates/runtime/Cargo.toml +++ b/crates/runtime/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "krata-runtime" -description = "Runtime for running guests on the krata hypervisor." +description = "Runtime for running guests on the krata isolation engine" license.workspace = true version.workspace = true homepage.workspace = true diff --git a/hack/dist/apk.sh b/hack/dist/apk.sh index ef7747d..fd3f37b 100755 --- a/hack/dist/apk.sh +++ b/hack/dist/apk.sh @@ -21,7 +21,7 @@ fpm -s tar -t apk \ --architecture "${TARGET_ARCH}" \ --depends "squashfs-tools" \ --depends "erofs-utils" \ - --description "Krata Hypervisor" \ + --description "Krata Isolation Engine" \ --url "https://krata.dev" \ --maintainer "Edera Team " \ "${OUTPUT_DIR}/system-openrc-${TARGET_ARCH}.tgz" diff --git a/hack/dist/deb.sh b/hack/dist/deb.sh index fbf97b4..cfa1065 100755 --- a/hack/dist/deb.sh +++ b/hack/dist/deb.sh @@ -22,7 +22,7 @@ fpm -s tar -t deb \ --depends "xen-system-${TARGET_ARCH_DEBIAN}" \ --depends "squashfs-tools" \ --depends "erofs-utils" \ - --description "Krata Hypervisor" \ + --description "Krata Isolation Engine" \ --url "https://krata.dev" \ --maintainer "Edera Team " \ -x "usr/lib/**" \