This repository contains the source files (code and documentation) of Ghaf Framework — an open-source project for enhancing security through compartmentalization on edge devices.
- Installation — how to create and use the Ghaf installer
- Build and run — how to build Ghaf images and run them
- Reference implementations — supported hardware and configuration reference
The Ghaf Framework documentation site is located under https://ghaf.tii.ae. It is under cooperative development.
To build Ghaf documentation, use:
nix build .#doc
See the documentation overview under README-docs.md.
Other repositories that are a part of the Ghaf project:
- sbomnix: a utility that generates SBOMs given Nix derivations or out paths
- ghaf-infra, ci-test-automation, ghafscan: CI/CD related files
- ghafpkgs: a repository for Ghaf-specific Nix packages
- ghaf-givc: a gRPC-based control channel for the Ghaf Framework
- vhotplug: a service for dynamically managing USB, PCI, and input device passthrough to virtual machines based on configurable rules
Ghaf images are built and tested by our continuous integration system. For more information on a general process, see Continuous Integration and Distribution.
We welcome your contributions to code and documentation.
If you would like to contribute, please read CONTRIBUTING.md and consider opening a pull request. One or more maintainers will use GitHub's review feature to review your pull request.
In case of any bugs or errors in the content, feel free to create an issue. You can also create an issue from code.
The Ghaf team uses multiple licenses to distribute software and documentation:
| License Full Name | SPDX Short Identifier | Description |
|---|---|---|
| Apache License 2.0 | Apache-2.0 | Ghaf source code. |
| Creative Commons Attribution Share Alike 4.0 International | CC-BY-SA-4.0 | Ghaf documentation. |
See LICENSE.Apache-2.0 and LICENSE.CC-BY-SA-4.0 for the full license text.