2. Overview
3. 1. About Ghaf
4. 2. Features
5. 3. Architecture
6. 1. 3.1. Architectural Variants
   2. 3.2. Architecture Decision Records
   3. 1. 3.2.1. Minimal Host
      2. 3.2.2. Networking VM
      3. 3.2.3. Intrusion Detection System VM
      4. 3.2.4. Platform Bus for Rust VMM
   4. 3.3. Hardening
   5. 3.4. Secure Boot
   6. 3.5. Stack
8. For Developers
9. 4. Contributing
10. 5. Reference Implementations
11. 1. 5.1. Development
    2. 1. 5.1.1. Build and Run
       2. 5.1.2. Running Remote Build on NixOS
       3. 5.1.3. Installer
       4. 5.1.4. Cross-Compilation
       5. 5.1.5. Creating Application VM
       6. 5.1.6. Hardware Configuration
       7. 5.1.7. Profiles Configuration
       8. 5.1.8. labwc Desktop Environment
       9. 5.1.9. IDS VM Further Development
       10. 5.1.10. systemd Service Hardening
    3. 5.2. Troubleshooting
    4. 1. 5.2.1. Analyzing System Logs
       2. 5.2.2. Debugging systemd Using systemctl
       3. 5.2.3. Inspecting Services with systemd-analyze
       4. 5.2.4. Using strace for Debugging Initialization Sequence
       5. 5.2.5. Early Shell Access
    5. 5.3. Ghaf as Library: Templates
    6. 1. 5.3.1. Example Project
       2. 5.3.2. Modules Options
12. 6. Technologies
13. 1. 6.1. Compartmentalization
    2. 6.2. Passthrough
    3. 1. 6.2.1. Binding Device to VFIO Driver
       2. 6.2.2. NVIDIA Jetson AGX Orin: UART Passthrough
       3. 6.2.3. NVIDIA Jetson AGX Orin: PCIe Passthrough
       4. 6.2.4. Generic x86: PCIe Passthrough on crosvm
       5. 6.2.5. NVIDIA Jetson: UARTI Passthrough to netvm
       6. 6.2.6. Device Tree Overlays for Passthrough
    4. 6.3. Platform Bus Virtualization: NVIDIA BPMP
    5. 6.4. Hypervisor Options
15. Build System and Supply Chain
16. 7. Continuous Integration and Distribution
17. 8. Supply Chain Security
18. 1. 8.1. SLSA Framework
    2. 8.2. Basic Security Measures
    3. 8.3. Software Bill of Materials
    4. 8.4. Public Key Infrastructure
    5. 8.5. Security Fix Automation
19. 9. Release Notes
20. 1. 9.1. Release ghaf-24.12
    2. 9.2. Release ghaf-24.09.4
    3. 9.3. Release ghaf-24.09.3
    4. 9.4. Release ghaf-24.09.2
    5. 9.5. Release ghaf-24.09.1
    6. 9.6. Release ghaf-24.09
    7. 9.7. Release ghaf-24.06
    8. 9.8. Release ghaf-24.03
    9. 9.9. Release ghaf-23.12
    10. 9.10. Release ghaf-23.09
    11. 9.11. Release ghaf-23.06
    12. 9.12. Release ghaf-23.05
22. Ghaf Usage Scenarios
23. 10. Showcases
24. 1. 10.1. Running Windows VM on Ghaf
    2. 10.2. Running Cuttlefish on Ghaf
28. Appendices
29. 11. Glossary
30. 12. Research Notes
31. 1. 12.1. i.MX 8QM Ethernet Passthrough
    2. 12.2. System Installation