Robustyper is a next-generation Type-1 static partitioning hypervisor built atop the OSTD operating system framework.
Unlike general-purpose hypervisors (like KVM or Xen) that rely on complex schedulers to overcommit resources, Robustyper adopts a static partitioning architecture similar to Jailhouse or Bao. It partitions the underlying hardware (CPUs, memory regions, and devices) into isolated compartments called "Cells" at the system configuration level. This design eliminates the interference caused by resource sharing, making it ideal for mixed-criticality scenarios where real-time operating systems (RTOS) and general-purpose operating systems (GPOS like Linux) must coexist on the same SoC.
Current static partitioning hypervisors (e.g., Jailhouse, ACRN, Bao) are predominantly written in C. While they strive for architectural simplicity to minimize the Trusted Computing Base (TCB), they suffer from the memory safety vulnerabilities inherent in C.
The hypervisor runs at the highest privilege level (RISC-V HS-Mode / ARM EL2). A single buffer overflow, integer underflow, or Use-After-Free vulnerability in the hypervisor code compromises the isolation of all partitions.
While rewriting a hypervisor in Rust offers memory safety, the engineering cost of building one "from scratch" is prohibitively high.
A hypervisor is essentially a specialized operating system. To reach the point where one can write virtualization logic (Stage-2 page tables, VM-Exits), one must first implement a physical memory allocator, page table management, synchronization primitives (locks), UART drivers, and device tree parsers.
OSTD has matured sufficiently to provide these Kernel Abstractions as reusable components. Instead of reinventing the wheel, Robustyper treats OSTD as a high-assurance library. This allows us to focus 100% of our research and engineering effort on the virtualization logic (RISC-V H-Extension support, interrupt virtualization), significantly accelerating development while inheriting OSTD's safety guarantees.
We structure the development into four distinct phases, prioritizing the RISC-V architecture (specifically the H-Extension).