explaingit

gonefunctorz/ariel

13CAudience · researcherComplexity · 5/5Setup · hard

TLDR

Ariel is an ARM 64-bit hypervisor built for QEMU that runs and isolates a Linux guest at the EL2 privilege level, intercepting privileged operations and emulating devices like the serial port and interrupt controller.

Mindmap

mindmap
  root((repo))
    What It Does
      ARM64 hypervisor
      QEMU target
      Linux guest support
    Core Concepts
      EL2 privilege level
      Exception vectors
      HVC guest calls
    Device Emulation
      Serial port
      Interrupt controller
      Policy-based access
    Guest Operations
      Memory region setup
      Register save restore
      Privileged op intercept
    Tech Stack
      C language
      ARM architecture
      QEMU and Make
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run a Linux guest inside an ARM hypervisor on your own machine using QEMU to study how guest isolation and privilege separation work.

USE CASE 2

Experiment with intercepting and emulating ARM hardware access from a guest operating system at the EL2 level.

USE CASE 3

Use as a learning reference or starting point for building your own ARM EL2 hypervisor from scratch.

Tech stack

CARMQEMUPythonMake

Getting it running

Difficulty · hard Time to first run · 1h+

Requires an ARM 64-bit cross-compiler toolchain and QEMU with ARM support, no pre-built binaries are provided.

In plain English

Ariel is a hypervisor built for ARM 64-bit processors, specifically for use inside QEMU, which is a program that emulates computer hardware on your own machine. A hypervisor is a layer of software that sits underneath an operating system and controls what that guest operating system is allowed to do. This project targets the ARM privilege level called EL2, which is the level reserved for hypervisor code in ARM's security model, sitting above where normal operating systems run. The hypervisor can do two things: run its own small built-in test program, or load and manage a real Linux system image. When it loads Linux, it sets up a private memory region for the guest, maps that region carefully so Linux believes it owns the addresses it expects, and intercepts any attempts by Linux to touch hardware directly. Devices like the serial port and interrupt controller are not passed straight through to the guest by default, instead the hypervisor handles those accesses through its own policy tables and emulation code. When the guest operating system performs a privileged operation or tries to call into the hypervisor directly, the CPU transfers control to the EL2 exception vector. Ariel saves all the relevant registers and state into a structure, decides what to do, and either emulates the operation or denies it. Guest code can also make explicit requests to the hypervisor using a special instruction called HVC, which supports a small set of operations: querying the hypervisor identity, writing to a console, pausing execution, and reporting status. Building and running the project requires a compatible ARM cross-compiler and QEMU. The Makefile handles compilation and can launch QEMU directly. There is also a smoke test target that downloads test artifacts and runs a quick check on the Linux boot path. A Python script can parse the serial port log output into a readable summary.

Copy-paste prompts

Prompt 1
I want to run Ariel and boot a Linux guest inside it using QEMU. Walk me through setting up an ARM cross-compiler, building the hypervisor with make, and launching QEMU so Linux boots as a managed guest.
Prompt 2
I want to understand how Ariel handles a privileged instruction from the Linux guest. Walk me through what happens from the moment the CPU triggers an EL2 exception to when Ariel either emulates the operation or denies it.
Prompt 3
I want to add a new HVC call to Ariel that lets the guest query total available memory. Show me where the existing HVC dispatch table is, how to add a new operation ID, and how to implement the handler.
Open on GitHub → Explain another repo

← gonefunctorz on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.