Features

The vision for the Ghaf platform is to create a virtualized, scalable reference platform that enables the building of secure products leveraging trusted, reusable, and portable software for edge devices. For more information on reference implementation for several devices, see Reference Implementations.

Ghaf demo desktop and applications are illustrated in the screen capture below: Ghaf demo desktop and application

Status

  • ✅—integrated and tested in the main branch. No known regression.
  • 🚧—prototyped or work in progress in the development branch.
  • ❌—the feature has known regression or bugs.

Reference Devices

  • Orin—NVIDIA Jetson AGX Orin as the main reference device.
  • x86—generic x86_64; tested on Intel NUC (Next Unit of Computing) or laptop.
  • Lenovo X1—Lenovo X1 Carbon Gen 11 laptop.
  • aarch64—generic AArch64; tested on an ARM server, laptop (e.g. Apple MacBook's), or NVIDIA Jetson AGX Orin.
  • All variants—supported devices from Architectural Variants.

The following tables show the status of the Ghaf Platform features:

Release Builds and Hardware Architecture Support

FeatureStatusReference DeviceDetails
Ghaf in virtual machinex86nix run .#packages.x86_64-linux.vm-debug
aarch64 reference imageOrinBased on Jetson Linux, OE4T and jetpack-nixos.
aarch64 reference imageimx8mpBased on NXP BSP, implemented as nixos-hardware module
x86 generic imagex86Generic x86 computer, based on generic NixOS. NOTE: requires device specific configuration.
Lenovo X1 reference imageLenovo X1x86_64 laptop computer, supports basic compartmentalized environment
Native buildaarch64, x86Remote aarc64 nixos builders recommended
Cross-compilation🚧aarch64, riscv64Depends on NixOS nixpkgs 23.05 support for cross-compilation
CI buildsAllOnly main-branch, not for all PRs.
Emulated buildaarch64binfmt, may freeze the build machine. Not recommended. See instructions.

Development

FeatureStatusReference DeviceDetails
Quick target updateallnixos-rebuild --flake .#nvidia-jetson-orin-debug --target-host root@ghaf-host --fast switch
aarch64 device flashingOrinFull device software flashing using x86 machine
root filesystem flashingx86, imx8mpdd image to bootable media - see
Debug: SSHOrin, x86Host access only in -debug-target, see authentication.nix
Debug: SerialallHost access only in -debug-target - e.g. screen /dev/ttyACM0 115200
Compartmentalized environment🚧Lenovo X1Net VM, GUI VM (with GPU passthrough) plus some App VMs

Target Architecture

FeatureStatusReference DeviceDetails
Minimal host🚧allSee Minimal Host and PR #140.
Net VMOrinSee Net VM. Passthrough with Wi-Fi works but requires SSID/password configuration.
IDS VMOrin, Lenovo X1Defensive networking mechanism.
GUI VM🚧All, Lenovo X1Implemented for Lenovo X1 reference device, other devices have Wayland compositor running on the host.
App VM🚧All, Lenovo X1Implemented for Lenovo X1 reference device: Chromium, GALA and Zathura VMs. Requires GUI VM in place.
Admin VMAllNot started
Inter VM comms - IP-based🚧All-debug-targets have network bridges to access VMs from host.
Inter VM comms - shared memory🚧All
Inter VM Wayland🚧AllCurrently it is waypipe over SSH, for test and demo purpose only.
SW update🚧AllA/B update tooling being evaluated.
USB passthrough🚧OrinNo reference implementation integrated yet.
PCI passthroughAllUsed for reference in Net VM on Orin.
UART passthrough🚧OrinSee NVIDIA Jetson AGX Orin: UART Passthrough. Not integrated to any VM.
ARM platform bus devices passthrough🚧OrinNVIDIA BPMP virtualization being developed

Applications and VM Control

FeatureStatusReference DeviceDetails
Wayland-compositor🚧Orin, x86Implemented for Lenovo X1
Chromium🚧Orin, x86Implemented for Lenovo X1
Element🚧Orin, x86On host
Cloud Android (CVD) client application (GALA)🚧Orin, x86Implemented for Lenovo X1
Virtualization control🚧AllSee vmd design.

Next Steps

See discussion for the outline of next steps

Outline of next phases