Unikraft Blog

2 min read
Sairaj Kodilkar
This blog describes the ongoing work on the I/O APIC integration in unikraft. Currently Unikraft is using the traditional 8259 PIC interrupt controller. The ongoing work implement a function pointer based design.
5 min read
Xiangyi Meng
EPC Page management is the key point of the SGX driver. It includes the following features: Add an EPC page Block an EPC page Load an EPC page as blocked/unblocked Remove a page from EPC Write back/invalidate an EPC page These functions depend on suitable data structures.
16 min read
We’re very excited to announce the latest edition of Unikraft, v0.10.0 (Phoebe), and to show off many of the things the community has been working on over the last two months.
3 min read
Maria Sfiraiala
GSoC'22: Shadow Stack This third blog post presents the efforts that were made in the direction of testing and perfecting complex apps (such as SQLite, redis and nginx) on AArch64 using gcc, clang and gcc-12 as compilers.
3 min read
Maria Sfiraiala
GSoC'22: Shadow Stack While the previous blog post described the first steps took into the direction of familiarizing myself with Unikraft and an initial attempt to using clang's ShadowCallStack, in this post, we will take a look into some implementations that were tried in the meantime.
4 min read
Xiangyi Meng
The previous post briefly describes the concepts behind TEE, Intel SGX, and the ongoing work that implements Intel SGX support in Unikraft. In this post, we will take an in-depth investigation of how SGX supported is implemented in Linux, and what we need to implement in Unikraft to achieve the same object.
3 min read
Sairaj Kodilkar
The previous blog on the SMP support explained different synchronization primitives for the unikraft. As a part of the next step, I started exploring some of the lockless data structures. There has been an extensive amount of research to optimize this lockless data structure.
8 min read
Sairaj Kodilkar
The Unikraft v0.9.0 introduced the common SMP API, which created the need for synchronization primitives. This project aims to add the SMP safe synchronization premitives as well as remove the race conditions in the kernel.
3 min read
Maria Sfiraiala
GSoC'22: Shadow Stack Objectives While Unikraft provides great security advantages through strong cross-application isolation, traditional means of securing one’s application shouldn’t be overlooked. Following this idea, we introduce the Shadow Stack, a project which aims to adapt LLVM’s / clang’s Shadow Call Stack to Unikraft’s needs, focusing on the AArch64 architecture.
4 min read
Xiangyi Meng
Trusted execution environment (TEE), especially Intel SGX, is a popular and powerful tool to provide hardware-based isolation for highly sensitive code and data. Today’s commercial clouds (Microsoft Azure DCsv2, DCsv3/DCdsv3 series, IBM Cloud Bare Metal z15 series, and Alibaba Cloud Bare Metal Instance) more or less have provided their support to Intel SGX.
10 min read
We’re excited to announce Unikraft v0.9.0 (Hyperion) and to show off many of the things the community has been working on over the last two months. In this blog post, we highlight some of the new features available in Unikraft.
1 min read
Razvan Deaconescu
We’re excited to announce that three Unikraft projects will be part of Google Summer of Code, with three students funded during the summer of 2022: Adding SMP Synchronization student: Sairaj Kodilkar, from Carleton University, Ottawa, Canada mentors: Marc Rittinghaus, Cristian Vijelie Intel SGX-based Isolation for Unikraft
1 min read
Felipe Huici
We have finally gotten around to documenting all of the security features that make Unikraft and exciting platform for those interested in security work and secure deployments. We have split the document into 1).