Surrounded by legacy requirements and motivated attackers, can you use mainline kernels for new security protections, without risking application compatibility? Yocto Project’s meta-virtualization layer maintains hypervisors that can isolate bare-metal kernels from workload-tailored, virtual-hardware kernels.

Virtualization enables strong isolation via robust, narrow interfaces, to run efficient, multi-layered systems on hardware and software platforms from diverse sources.

We show how to assemble fully integrated systems with YP, with multiple hypervisors -- Xen, KVM and ACRN -- as interchangeable components under build configuration control, with a selection of from-source and binary-distro guests, to run on hardware from Intel, AMD and Arm.