Add README with initial goals and development usage
This commit is contained in:
parent
ab1b3fdcb2
commit
ef537e8d1f
GPG Key ID:
8E47A1EC35A1551D
|
|
@ -0,0 +1,72 @@
|
|||
# AppOS #
|
||||
|
||||
<https://github.com/distrust-foundation/appos>
|
||||
|
||||
## About ##
|
||||
|
||||
A minimal, immutable, and deterministic Linux unikernel build system targeting
|
||||
various Trusted Execution Environments for use cases that require high security
|
||||
and accountability.
|
||||
|
||||
This is intended as a reference repository which could serve as a boilerplate
|
||||
to build your own hardened and immutable operating system images for high
|
||||
security applications.
|
||||
|
||||
## Platforms ##
|
||||
|
||||
| Platform | Target | Status | Verified boot Method |
|
||||
|----------------------------|:-------:|:--------:|:--------------------:|
|
||||
| Generic/Qemu | generic | working | Safeboot or Heads |
|
||||
| AWS Nitro Enclaves | aws | building | HOTP via Nitrokey |
|
||||
| GCP Confidential Compute | gcp | research | vTPM 2.0 attestation |
|
||||
| Azure Confidential VMs | azure | research | vTPM 2.0 attestation |
|
||||
|
||||
## Features ##
|
||||
|
||||
* Immutability
|
||||
* Root filesystem is a CPIO filesystem extracted to a RamFS at boot
|
||||
* Minimalism
|
||||
* < 5MB footprint
|
||||
* Nothing is included but a kernel and your target binary by default
|
||||
* Sample "hello world" included as a default reference
|
||||
* Debug builds include busybox init shim and drop to a shell
|
||||
* Determinism
|
||||
* Multiple people can build artifacts and get identical hashes
|
||||
* Allows one to prove distributed artifacts correspond to published sources
|
||||
* Hardening
|
||||
* No TCP/IP network support
|
||||
* Favor using a virtual socket or physical interface to a gateway system
|
||||
* Most unessesary kernel features are disabled at compile time
|
||||
* Follow [Kernel Self Protection Project](kspp) recommendations
|
||||
|
||||
[ kspp]: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
|
||||
|
||||
## Development ##
|
||||
|
||||
### Requirements ###
|
||||
|
||||
* 10GB+ free RAM
|
||||
* Docker 20+
|
||||
* GNU Make
|
||||
|
||||
### Examples ###
|
||||
|
||||
### Build given target
|
||||
```
|
||||
make TARGET=generic
|
||||
```
|
||||
|
||||
### Boot generic image in Qemu
|
||||
```
|
||||
make run
|
||||
```
|
||||
|
||||
### Enter shell in toolchain environment
|
||||
```
|
||||
make toolchain-shell
|
||||
```
|
||||
|
||||
### Update toolchain depedendency pins
|
||||
```
|
||||
make toolchain-update
|
||||
```
|
||||
Loading…
Reference in New Issue