Asterinas 内核
概述
Asterinas 是一个安全、快速、通用的操作系统内核,提供兼容 Linux 的 ABI。它能够无缝替代 Linux,同时增强内存安全性与开发者友好性。
-
Asterinas 通过采用 Rust 作为唯一编程语言,并将 unsafe Rust 的使用限制在明确界定且最小化的可信计算基(TCB)中,优先保障内存安全。这一被称为Framekernel 架构的创新方法,使 Asterinas 成为更安全可靠的内核选择。
-
Asterinas 在开发者友好性方面超越了 Linux。它使内核开发者能够:(1) 使用更高生产力的 Rust 编程语言,(2) 借助名为 OSDK 的专用工具包优化工作流程,以及 (3) 得益于 MPL 提供的灵活性,自由选择将内核模块开源发布或保持专有。
While the journey towards a production-grade OS kernel can be challenging, we are steadfastly progressing towards our goal.
Supported CPU Architectures
Asterinas targets modern, 64-bit platforms only.
A development platform is where you build and test Asterinas (i.e., the host machine running the Docker-based development environment).
| Development Platform |
|---|
| x86-64 |
| ARM64 |
A deployment platform is a CPU architecture that Asterinas can run on as an OS kernel.
| Deployment Platform | Tier |
|---|---|
| x86-64 | Tier 1 |
| x86-64 (Intel TDX) | Tier 2 |
| RISC-V 64 | Tier 2 |
| LoongArch 64 | Tier 3 |
Tier definitions:
- Tier 1: Fully supported and tested. CI runs the full test suite on every PR.
- Tier 2: Actively developed with basic functionality working. CI runs build checks and basic tests on a regular basis (per PR for RISC-V and nightly for Intel TDX), but the full test suite is not yet covered.
- Tier 3: Early-stage or experimental. The kernel can boot and perform basic operations, but CI coverage is limited and may not include automated runtime tests for every pull request.
开始使用
Get yourself an x86-64 (or ARM64) Linux machine with Docker installed. Follow the three simple steps below to get Asterinas up and running.
-
下载最新源代码。
git clone https://github.com/asterinas/asterinas -
运行一个 Docker 容器作为开发环境。
docker run -it --privileged \ --network=host \ -v /dev:/dev \ -v $(pwd)/asterinas:/root/asterinas \ asterinas/asterinas:0.17.1-20260319Alternatively, if you use VS Code with the Dev Containers extension, open the cloned folder and select “Reopen in Container”.
-
在容器内,进入项目文件夹构建并运行 Asterinas。
make kernel make run_kernel
如果一切顺利,Asterinas 现在应该已经在虚拟机中启动并运行了。