GitHub - bntmorgan/abyme: A tiny bare-metal recursive hypervisor library developped for security

bntmorgan / abyme Public

Notifications You must be signed in to change notification settings
Fork 2
Star 2

A tiny bare-metal recursive hypervisor library developped for security

Unknown, Unknown licenses found

Licenses found

2 stars 2 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 482 Commits
abyme-challenge @ cbf54fe		abyme-challenge @ cbf54fe
edk2 @ 567bc4b		edk2 @ 567bc4b
gnu-efi @ 3e4d5c7		gnu-efi @ 3e4d5c7
sources		sources
uefi-gdb @ fe4379d		uefi-gdb @ fe4379d
.gitignore		.gitignore
.gitmodules		.gitmodules
LICENSE		LICENSE
Makefile		Makefile
README		README
README.fr		README.fr
deploy.sh		deploy.sh
efi.py		efi.py
efi_ia32.ld		efi_ia32.ld
gdb.sh		gdb.sh
license.sh		license.sh
run_qemu.sh		run_qemu.sh
start-target.sh		start-target.sh

Repository files navigation

    ┏━┓┏┓ ╻ ╻┏┳┓┏━╸
    ┣━┫┣┻┓┗┳┛┃┃┃┣╸
    ╹ ╹┗━┛ ╹ ╹ ╹┗━╸
       ┏━┓┏━╸┏━╸╻ ╻┏━┓┏━┓╻╻ ╻┏━╸
       ┣┳┛┣╸ ┃  ┃ ┃┣┳┛┗━┓┃┃┏┛┣╸
       ╹┗╸┗━╸┗━╸┗━┛╹┗╸┗━┛╹┗┛ ┗━╸
          ╻ ╻╻ ╻┏━┓┏━╸┏━┓╻ ╻╻┏━┓┏━┓┏━┓
          ┣━┫┗┳┛┣━┛┣╸ ┣┳┛┃┏┛┃┗━┓┃ ┃┣┳┛
          ╹ ╹ ╹ ╹  ┗━╸╹┗╸┗┛ ╹┗━┛┗━┛╹┗╸         7_O_/
             ╻  ╻┏┓ ┏━┓┏━┓┏━┓╻ ╻                (/
             ┃  ┃┣┻┓┣┳┛┣━┫┣┳┛┗┳┛                /\/'
             ┗━╸╹┗━┛╹┗╸╹ ╹╹┗╸ ╹                 7


sources/
  Recursive hypervisor library code.
sources/drivers/vmm_rec/
  Static recursive hypervisor library.
sources/drivers/vmm_rec_env/
  Implementation of a remote attestation prover using Abyme library.
sources/drivers/82579LM/
  Bare metal UEFI Intel e1000e network controller driver.
sources/drivers/eric/
  ERIC PCIe peripheral UEFI driver.
  ERIC can be used as : a DMA attack platform as well as a remote attestation
      verifier.

Submodules

abyme-challenge/
  There is the implementation of challenges sent from ERIC prover to Abyme
  verifier in a remote attestation scheme.

edk2/
  Submodule for QEMU/OVMF firmware needed if using QEMU

  dependencies : acpica; nasm

  $ git submodule update --init
  $ make -C BaseTools
  $ . ./edksetup.sh BaseTools
  $ cat Conf/target.txt
  $ OvmfPkg/build.sh \
    -a IA32 -a X64 \
    -D SECURE_BOOT_ENABLE \
    -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \
    -D FD_SIZE_2MB -D EXCLUDE_SHELL_FROM_FD

  For SMM debugging go and see :
    https://casualhacking.io/blog/2019/12/3/using-optionrom-to-overwrite-smmsmi-handlers-in-qemu

gnu-efi/
  Submodule for GNU efi toolchain to build efi applications

  $ make

uefi-gdb/
  Submodule for efi applications and drivers debugging with gdb

Working directories to create if needed (rules associated in make targets)

img-arch/
  Archlinux cdrom and distro disk to be used with QEMU target

  $ wget https://<archrepo>/archlinux-yyyy.mm.dd-x86_64.iso -O arch.iso
  $ qemu-img create -f qcow2 vdisk.qcow2 10G

  And install eventually archlinux on vdisk.qcow2
  Note that you can work using the live disk only