Ramooflax is a free and open source (GPLv2) virtualization tool.
Ramooflax aims at analyzing/debugging/controlling modern operating systems and complex software pieces as well as real life BIOS running on a physical machine.
Ramooflax provides a small hypervisor and a remote client allowing high-level access to the features implemented into the hypervisor.
Ramooflax has been implemented for the PC world. That is Intel and AMD x86 32 and 64 bits.
Ramooflax relies on hardware virtualization extensions (AMD-V and Intel VT-x) that can be found in recent CPUs.
For Intel ones, Ramooflax needs EPT and Unrestricted guest features present since the Westmere microarchitecture. More details can be found on this wikipedia page.
For AMD ones, the only required feature is RVI and can be found into Phenom II CPUs. Some details are given on this wikipedia page.
Notice that you can also run Ramooflax under Bochs 2.4.6.
Ramooflax starts during the boot process of the machine. It can be seen as the first operating system started by the BIOS.
Once started, Ramooflax will automatically virtualize the running BIOS and all the to be run software pieces.
For instance, if you already have installed an operating system, it will be started as a virtual machine.
Ramooflax is an hypervisor dedicated to only one virtual machine, running in a virtualized environment which is as close as its native environment.
Ramooflax needs to be installed on a bootable storage (ie USB key with GRUB).
Check the Ramooflax wiki pages. Here is a brief description of the files:
- ramooflax_fr.pdf is a french article describing ramooflax
- ramooflax_slides_fr.pdf is a french presentation held at SSTIC 2011
- ramooflax_en.pdf and ramooflax_slides_en.pdf are the corresponding english versions
- info_data_t.mm is a freemind map which describes data structures of the hypervisor
Ramooflax has only been compiled/tested using gcc-4.4. The loader is a 32 bits ELF while the setup and vmm kernels are 64 bits ELF.
Under Debian-like systems, the following packages are needed whether you run a 32 or 64 bits OS:
$ sudo apt-get install gcc-4.4 gcc-4.4-multilib make dialog
Intel and AMD are both supported. Notice that multi-cores are not supported, so you will only have one core while running virtualized.
It is recommended to read the documentation.
$ git clone git@github.com:sduverger/ramooflax.git
First cleanup everything and call the specific configuration menu to choose your components
$ make distclean config
Under the build menu you will be able to choose from Intel or AMD manufacturer, which control device you want to use, debug device and so on.
For the time being, it is recommended to use EHCI as controlling device and UART as debugging one (this is the default).
Once configured you can run
$ make
This will build the loader, setup and vmm binaries.
We provide an install script
$ make install
It is only here for convenience. It only mounts the device associated to the directory specified at configuration time (install menu), copies the built binaries and then unmount the device.
You need to setup your system (ie /etc/fstab) before installing and most important prepare by yourself the bootable storage on which ramooflax is to be installed.
It is recommended to use GRUB 1 (legacy) with the following entry:
title Ramooflax root (hd0,0) kernel /loader.bin module /setup.bin module /vmm.bin
You will need python (tested with 2.6.x) to run the client.
If you use the EHCI Debug device configuration to control the hypervisor from the remote client, you will need a USB debug device on the client side.
You can either buy one or use the DBGP USB Gadget provided into the Linux kernel since the 2.6.36 version.
To be able to use such a Gadget, you need a device USB controller as found in embedded ARM development boards or smartphones.
Please read documentation to have usage examples of the client API.