Support for hypervisor extensions in the Cartesi Machine

The Machine Reference Unit has been working on adding Hypervisor support for the Cartesi Machine.
A hypervisor is a hardware-assisted mechanism that can be used to safely run separate programs, or even operating systems, concurrently, on the same computer.

The motivation for the addition of hypervisor support to Cartesi Machines was the desire for a chain of “privileged components” that could run before, or after the components under the control of untrusted developers, in such a way that these untrusted components could not interfere with the operation of the privileged ones. This would reduce the amount of trust a third-party must have on untrusted DApp developers in certain interactions. For example, if there is a known and audited privileged wallet component in charge of all monetary transfers into and out of a DApp, liquidity providers would feel more comfortable fronting money even before finalization, safe in the knowledge that they would be reimbursed by the trusted wallet component despite the presence of untrusted components.

Since then, other potential applications for hypervisor support appeared. For example, it could be used to protect the DApp from code submitted by untrusted users that it wants to run. Think a game, in which the users submit their strategies in the form of programs. Or perhaps a bug-bounty program in which an exploit for a certain piece of code is submitted by users and tested in isolation, so it cannot affect other parts of the DApp.

The RISC-V hypervisor extensions were proposed in 2017 and ratified in 2021. Although there are already emulators supporting the extension, it is only expected to appear in hardware implementations in 2024. The extension is complex enough that it could only be added to the Cartesi Machine after the addition of the microarchitecture in late 2022. (The microarchitecture allows us to add extensions to the Cartesi Machine without having to implement these extensions in the matching Solidity implementation.)

We have an operational prototype implementation currently under review before merge into the main branch. This review process is evaluating the implementation for deviations from the standard, for its “simplicity”, for performance when hypervisor extensions are in use, and for its potential impact on the performance of applications that do not use the extensions.

3 Likes

Hi @Diego, just moved this to the Technical Vision Forum.