d803bfe2b1
git-subtree-dir: vendor/ruvector git-subtree-split: b64c21726f2bb37286d9ee36a7869fef60cc6900
58 lines
1.6 KiB
Markdown
58 lines
1.6 KiB
Markdown
# rvf-kernel
|
|
|
|
Real Linux microkernel builder for RVF cognitive containers.
|
|
|
|
## What It Does
|
|
|
|
`rvf-kernel` builds production-grade Linux kernel images and initramfs archives for embedding into `.rvf` files. A single `.rvf` file with `KERNEL_SEG` boots as a standalone Linux microservice on QEMU, Firecracker, or bare metal.
|
|
|
|
## Features
|
|
|
|
| Feature | Description |
|
|
|---------|-------------|
|
|
| **KernelBuilder** | Builds bzImage from source via Docker, or loads prebuilt images |
|
|
| **Initramfs builder** | Real cpio/newc format archives with gzip compression |
|
|
| **Docker pipeline** | Reproducible kernel compilation with Linux 6.8.x config |
|
|
| **SHA3-256 verification** | Cryptographic hash verification of kernel artifacts |
|
|
| **KernelVerifier** | Extract and verify kernels from KERNEL_SEG |
|
|
|
|
## Usage
|
|
|
|
```rust
|
|
use rvf_kernel::KernelBuilder;
|
|
use rvf_types::kernel::KernelArch;
|
|
|
|
// Option 1: Load a prebuilt kernel
|
|
let kernel = KernelBuilder::from_prebuilt("bzImage")?;
|
|
|
|
// Option 2: Build in Docker (reproducible)
|
|
let builder = KernelBuilder::new(KernelArch::X86_64)
|
|
.kernel_version("6.8.12")
|
|
.with_initramfs(&["sshd", "rvf-server"]);
|
|
let kernel = builder.build_docker(&context_dir)?;
|
|
|
|
// Option 3: Build just the initramfs
|
|
let initramfs = builder.build_initramfs(
|
|
&["sshd", "rvf-server"],
|
|
&[("rvf-server", &binary_bytes)],
|
|
)?;
|
|
```
|
|
|
|
## Kernel Config Highlights
|
|
|
|
- VirtIO PCI/BLK/NET for VM I/O
|
|
- BPF + JIT for eBPF programs
|
|
- KASLR + stack protector for security
|
|
- No modules, USB, DRM, or wireless (minimal attack surface)
|
|
- ~1.5 MB bzImage, ~512 KB initramfs
|
|
|
|
## Tests
|
|
|
|
```bash
|
|
cargo test -p rvf-kernel # 37 tests
|
|
```
|
|
|
|
## License
|
|
|
|
MIT OR Apache-2.0
|