Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Introducing OpenHCL: Microsoft’s new, open source ‘paravisor’ for confidential VMs

There is a new open-source VM on the horizon.

3 min. read

Published onOctober 18, 2024

published onOctober 18, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft has announced a new open-source paravisor called OpenHCL. It is designed to provide a rich set of virtualization services to confidential and non-confidential virtual machines (VMs) running on confidential computing hardware.

Microsoft’s James Myers explains in a blog post that OpenHCL is a host-independent solution that can run on top of various hypervisors to provide confidential and non-confidential services to VMs. OpenHCL is designed to work with Microsoft’s other OpenVMM-based confidential computing projects or other providers’ projects that are compatible with the OpenVMM API.

The OpenHCL paravisor contains several key components, including a VMM that runs in guest VMs to provide services like device emulation, device translation and diagnostics support. OpenHCL’s VMM is itself powered by a small, customized Linux kernel that’s designed to be lean and mean, with minimal Kconfig to reduce binary size and runtime RAM usage.

The OpenHCL VMM is what provides the rich set of services to a guest. The VMM runs as a collection of processes in VM user mode (VMPL0 or VMPL1) and is higher privileged than the guest OS. The VMM also provides a set of standard interfaces to the guest, allowing the guest to interact with hardware and devices as if it were running natively on the platform in question. This allows VMs to run on top of a paravisor without any guest OS changes.

Since September, OpenHCL has been generally available in Microsoft’s Azure cloud computing service, with the para visor running on over 1.5 million VMs in the past month alone. Microsoft has also started rolling out a new class of confidential VMs in Azure called Azure Boost that use OpenHCL, and the company plans to use OpenHCL in future confidential VM offerings.

To start, OpenHCL is supported on x86-64 and ARM64 platforms, and the paravisor is compatible with Intel TDX and AMD SEV-SNP confidential computing hardware. OpenHCL has a few “core” services that it provides to both confidential and non-confidential VMs. These services include:

OpenHCL allows VMs running older OS versions to run on confidential computing hardware without requiring the OS to be updated to understand confidential VM features.

Theofficial announcementprovides more information, and if you’d like to try it for yourself,OpenHCL is now available on GitHub.

More about the topics:microsoft,open source

Flavius Floare

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.

He’s always curious and ready to take on everything new in the tech world, covering Microsoft’s products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that’s always ready to bring you the bleeding edge!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Flavius Floare

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.