Skip to content

Latest commit

 

History

History
55 lines (45 loc) · 2.79 KB

01-quick-bits-is-crostini-a-micro-vm.md

File metadata and controls

55 lines (45 loc) · 2.79 KB

Quick bits: is Crostini a micro VM?

Disclaimer: I am not a Virtual Machine specialist, this post is mainly the conclusion I got after some searching.

Someone asked me in my previous post about my Chromebook if Crostini could be considered a micro VM. This was a interesting question, so I decided to do another post.

To start, it is really difficult to get a good definition of what a "micro VM" is. Firecracker defines itself as a micro VM, and describes itself in its website as:

Firecracker is a virtual machine monitor (VMM) that uses the Linux Kernel-based Virtual Machine (KVM) to create and manage microVMs. Firecracker has a minimalist design. It excludes unnecessary devices and guest functionality to reduce the memory footprint and attack surface area of each microVM. This improves security, decreases the startup time, and increases hardware utilization.

Now looking at Crostini, its heart is a VMM called crosvm. It is described in its README as:

crosvm is a virtual machine monitor (VMM) based on Linux’s KVM hypervisor, with a focus on simplicity, security, and speed. crosvm is intended to run Linux guests, originally as a security boundary for running native applications on the ChromeOS platform. Compared to QEMU, crosvm doesn’t emulate architectures or real hardware, instead concentrating on paravirtualized devices, such as the virtio standard.

Similar descriptions right? Actually Firecracker website says it "started from Chromium OS's Virtual Machine Monitor, crosvm, an open source VMM written in Rust". So I would say it is safe to say crosvm itself is a micro VM.

But Crostini itself is a combination of virtualization AND containerization. Basically inside the VM it runs a Linux kernel and LXC, that can start arbitrary containers inside it. From the Crostini documentation this choice seems to be to keep startup times down, and also to increase security (e.g.: in case of a security issue inside the container).

This is definitely an interesting choice, since containers allow the overhead of each distro that you run inside Crostini to be low, and the main VM itself (called Termina) should have low overhead too thanks to crosvm.

By the way, if you want to learn more how "devices" works inside a micro VM like crosvm, I recommend this blog post talking about paravirtualized devices in crosvm.