ACRN is a flexible, lightweight reference hypervisor, built with real-time and safety-criticality in mind.

This article was produced by The Linux Foundation with contributions from Eddie Dong, Principle Engineer of Intel Open Source Center.

As the Internet of Things has grown in scale, IoT developers are increasingly expected to support a range of hardware resources, operating systems, and software tools/applications. This is a challenge given many connected devices are size-constrained. Virtualization can help meet these broad needs, but existing options don’t offer the right mix of size, flexibility, and functionality for IoT development.

ACRN is different by design. Launched at Embedded Linux Conference 2018, ACRN is a flexible, lightweight reference hypervisor, built with real-time and safety-criticality in mind and optimized to streamline embedded development through an open source platform.

One of ACRN’s biggest advantages is its small size — roughly only 25K lines of code at launch.

“The idea for ACRN came from our work enabling virtualization technology for customers,” said Imad Sousou, Corporate Vice President and General Manager of the Open Source Technology Center at Intel, which seeded the source code to launch the project. “There’s strong workload consolidation in embedded IoT development. Using hypervisor technology, workloads with mixed-criticality can be consolidated on a single platform, lowering development and deployment costs and allowing for a more streamlined system architecture.”

And about the name: ACRN is not an acronym. Pronounced “acorn,” the name symbolizes something that starts small and grows into something big, similar to how the project hopes to grow through community participation.

There’re two key components of ACRN: the hypervisor itself and the ACRN device model. The ACRN Hypervisor is a Type 1 reference hypervisor stack, running directly on bare-metal. The ACRN Device Model is a reference framework implementation for virtual device emulation that provides rich I/O virtualization support currently planned for audio, video, graphics, and USB. More mediator features are expected as the community grows.

How it works

ACRN features a Linux-based Service operating system (OS) running on the hypervisor and can simultaneously run multiple guest operating systems for workload consolidation. The ACRN hypervisor creates the first virtual environment for the Service OS and then launches Guest OSes. The Service OS runs the native device drivers to manage the hardware and provides I/O mediation to the Guest OS.ACRN

The Service OS runs with the system’s highest virtual machine priority to meet time-sensitive requirements and system quality of service (QoS). The Service OS runs Clear Linux* today, but ACRN can support other Linux* distros or proprietary RTOS as either the Service OS or Guest OS. The community is invited to help enable other Service OS options, and use the reference stack to enable Guest OSes such as other Linux* distributions, Android*, Windows* or proprietary RTOSes.

To keep the ACRN hypervisor code base as small and efficient as possible, the bulk of device model implementation resides in the Service OS to provide sharing and other capabilities. The result is a small footprint, low-latency code base optimized for resource constrained devices, built with virtualization functions specific to IoT development, such as graphics, media, audio, imaging, and other I/O mediators that require sharing of resources. In this way ACRN fills the gap between large datacenter hypervisors and hard partitioning hypervisors, and is ideal for a wide variety of IoT development.

One example is the Software Defined Cockpit (SDC) in vehicles. Using ACRN as the reference implementation, vendors can build solutions including the instrument cluster, in-vehicle infotainment (IVI) system, and one or more rear-seat entertainment (RSE) systems. The IVI and RSE systems can run as an isolated Virtual Machine (VM) for overall system safety considerations.

Software Defined Industrial Systems (SDIS) are further examples, including cyber-physical systems, IoT, cloud computing and cognitive computing. ACRN can help SDIS consolidate industrial workloads and can be orchestrated flexibly across systems. This helps provide substantial benefits to customers including lower costs, simplified security, increased reliability, and easier system management, among others.

Early endorsement of ACRN includes Intel, ADLINK Technology, Aptiv, LG Electronics, and Neusoft. Community members are invited to download the code and participate at the ACRN GitHub site. More detailed use case information and participation information can be found on the ACRN website.

Join us at Open Source Summit + Embedded Linux Conference Europe in Edinburgh, UK on October 22-24, 2018, for 100+ sessions on Linux, Cloud, Containers, AI, Community, and more.

Also, check out the ACRN Hypervisor Meetup in Shanghai – Q2 2018 (Minhang, China):

2018年3月Linux Foundation 发布了 ACRN hypervisor项目。随后陆续收到了很多来自社区和行业伙伴的反馈。这次的Meetup希望给大家一次面对面交流的机会。英特尔公司作为ACRN项目的发起者之一 将会介绍一下项目的体系架构,ACRN 未来的roadmap (draft)讨论,也将演示一些应用场景。各行业伙伴也将会分享各自的关心的话题。ACRN作为一个Linux Foundation的开源项目热情欢迎大家的参与与反馈。

1. LinuxCon + ContainerCon + CloudOpen China
Developers, architects, sysadmins, DevOps experts, business leaders, and other professionals gathered in June to discuss open source technology and trends at the first-ever LinuxCon + ContainerCon + CloudOpen (LC3) event in China. At the event, Linus Torvalds spoke about how Linux still surprises and motivates him.

2. Toyota Camry Will Feature Automotive Grade Linux
At Automotive Linux Summit in Japan, Dan Cauchy, Executive Director of Automotive Grade Linux (AGL), announced that Toyota has adopted the AGL platform for their next-generation infotainment system.The 2018 Camry will be the first Toyota vehicle on the market with the AGL-based system in the United States.

3. Open Source Summit Debuts
As announced at last year’s LinuxCon in Toronto, this annual event hosted by The Linux Foundation is now called Open Source Summit. It combines LinuxCon, ContainerCon, and CloudOpen conferences along with two new conferences: Open Community Conference and Diversity Empowerment Summit.

4. Joseph Gordon-Levitt at OS Summit North America
Actor Joseph Gordon-Levitt, founder and director of the online production company HITRECORD, spoke at Open Source Summit in Los Angeles about his experiences with collaborative technologies. Gordon-Levitt shared lessons learned along with a video created through the company.

5. Diversity Empowerment Summit
Tameika Reed, founder of Women in Linux, spoke at the Diversity Empowerment Summit in Los Angeles about the need for diversity in all facets of tech, including education, training, conferences, and mentoring. The new event aims to help promote and facilitate an increase in diversity, inclusion, empowerment, and social innovation in the open source community.

6. Hyperledger Growth
Hyperledger — the largest open blockchain consortium — now includes 180 diverse organizations and has recently partnered with edX to launch an online MOOC. At Open Source Summit in Los Angeles, Executive Director Brian Behlendorf spoke with theCUBE about the project’s growth and potential to solve important problems.

7. Lyft and Uber on Stage at Open Source Summit
At Open Source Summit in Los Angeles, ride-sharing rivals Lyft and Uber appeared on stage to introduce two new projects donated to the Cloud Native Computing Foundation. Chris Lambert, CTO of Lyft (on left), and Yuri Shkuro, Staff Engineer at Uber, introduced the projects, which help CNCF fill some gaps in the landscape of technologies used to adopt a cloud-native computing model.

8. Attendee Reception at Paramount Studios
The Open Source Summit North America evening reception for all attendees was held at iconic Paramount Studios in Hollywood. Attendees enjoyed a behind-the-scenes studio tour featuring authentic Paramount movie props and costumes.

9. 2017 Linux Kernel Summit and Kernel Development Report
Open source technologists gathered in the city of Prague, Czech Republic in October for Open Source Summit and Embedded Linux Conference Europe. Co-located events included MesosCon Europe, KVM Forum, and Linux Kernel Summit, where The Linux Foundation released the latest Linux Kernel Development Report highlighting some of the dedicated kernel contributors.

10. The Next Generation of Open Source Technologists
The Linux Foundation 2017 events aimed to inspire the younger generation with an interest in open source technologies through activities like Kids Day and special keynotes, such as those from 13-year-old algorithmist and cognitive developer Tanmay Bakshi, 11-year-old hacker and cybersecurity ambassador Reuben Paul (pictured here), and 15-year-old programmer and technologist Keila Banks.

You can look forward to more exciting events in 2018. Check out the newly released 2018 Events calendar and make plans now to attend or to speak at an upcoming conference.

Speaking proposals are now being accepted for the following 2018 events:

Submit a Proposal

Latest version of annual report demonstrates the continued growth in interest and participation in the Linux kernel, as well as accelerating rate of change

PRAGUE (Open Source Summit Europe) – October 25, 2017 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the immediate release of its 2017 Linux Kernel Development Report. The report analyzes the work done by 15,600 developers over more than a decade, as well as more recent trends.

This is the eighth such report that is released on a roughly annual basis to help illustrate the Linux kernel development process and the work that defines the largest collaborative project in the history of computing. This year’s paper covers work completed through Linux kernel 4.13, with an emphasis on releases 4.8 to 4.13. The last report was released in August 2016 and focused on 3.19 to 4.7.

Key findings from this year’s paper include:

  • Roughly 15,600 developers from more than 1,400 companies have contributed to the Linux kernel since the adoption of Git made detailed tracking possible. Since the last report, over 4,300 developers from more than 500 companies have contributed to the kernel; 1,670 of these developers contributed for the first time, comprising about a third of contributors.
  • The Top 10 organizations sponsoring Linux kernel development since the last report include Intel, Red Hat, Linaro, IBM, Samsung, SUSE, Google, AMD, Renesas and Mellanox. The complete top 30 contributing organizations can be seen in the full report.
  • The rate of Linux development continues to increase, as does the number of developers and companies involved in the process. The average number of changes accepted into the kernel per hour is 8.5, a significant increase from the 7.8 changes in the last report, which translates to 204 changes every day and over 1,400 per week. The average days of development per release increased slightly to 67.66 days from 66 last year, with every release spaced either 63 or 70 days apart, providing significant predictability. The 4.9 and 4.12 development cycles featured the highest patch rates ever seen in the history of the kernel project.
  • The number of unpaid developers may be stabilizing, with these developers contributing 8.2% of contributions, a slight increase from 7.7% in last year’s report. This is still significantly down from the 11.8% reported in 2014. This is likely due to kernel developers being in short supply, leading those who demonstrate the ability to submit quality patches to not have trouble finding job offers.

The report is co-authored by Jonathan Corbet, Linux kernel developer and editor of, and Greg Kroah-Hartman, Linux kernel maintainer and Linux Foundation fellow. This year’s report also features interviews with 17 Linux kernel developers and maintainers.

“The incredible rates of contribution and participation in the Linux kernel demonstrate the continued strength and scalability of the kernel community,” said Jim Zemlin, executive director of The Linux Foundation. “This report provides important information that helps show how incredibly effective the collaborative development model can be for one of the most essential software projects in history.”

To download the full report, please visit

The paper is being released today at the invitation-only Linux Kernel Summit, taking place alongside Open Source Summit Europe, hosted by The Linux Foundation. Open Source Summit is a technical conference where 2,000+ developers, operators, and community leadership professionals convene to collaborate, share information and learn about the latest in open technologies, including Linux, containers, cloud computing and more. The event combines the existing LinuxCon, ContainerCon and CloudOpen conferences with the all new Open Community Conference and Diversity Empowerment Summit. For more information and keynote session livestream, visit

Additional Resources

Video: Greg Kroah-Hartman: Linux Kernel Development –

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: Linux is a registered trademark of Linus Torvalds.

At Open Source Summit in Prague, Giovanni Bechis will discuss tools that improve software security by blocking unwanted syscalls.

At the upcoming Open Source Summit Europe + ELC Europe 2017, to be held in Prague, Czech Republic, Giovanni Bechis will be delivering a talk focused on tools that help improve software security by blocking unwanted syscalls.  

Giovanni Bechis

Bechis is CEO and DevOps engineer at SNB s.r.l., a hosting provider and develops web applications based on Linux/BSD operating systems that is mainly focused on integrating web applications with legacy softwares. In this interview, Bechis explained more about his approach to software security. What’s the focus of your talk?

Giovanni Bechis: The talk will focus on two similar solutions implemented in Linux and OpenBSD kernels, designed to prevent a program from calling syscalls they should not call to improve security of software.

In both kernels (Linux and OpenBSD), unwanted syscalls can be blocked and the offending program terminated, but there are some differences between Linux and OpenBSD’s solution of the problem.

During my talk, I will analyze the differences between two similar techniques that are present in Linux and OpenBSD kernels that are used to mitigate security bugs (that could be used to attack  software and escalate privileges on a machine). Who should attend?

Bechis: The scope of the talk is to teach developers how they can develop better and more secure software by adding just few lines to their code. The target audience is mainly developers interested in securing applications. Can you please explain both solutions and what problems they actually solve?

Bechis: The main problem that these solutions are trying to solve is that bugs can be exploited to let software do something that it is not designed to do. For example, with some crafty parameters or some crafty TCP/IP packet, it could be possible to let a program read a password file; it should not read or delete some files that it should not delete.

This is more dangerous if the program is running as root instead of a dedicated user because it will have access to all files of the machine if proper security techniques have not been applied.

With these solutions, if a program tries to do something it is not designed for, it will be killed by the kernel and the execution of the program will terminate.

To do that, the source code of the program should be modified with some “more or less” simple lines of code that will “describe” which system calls the program is allowed to request.

A system call is the programmatic way in which a computer program requests a service from the kernel of the operating system it is executed on, by allowing only a subset of the system calls we can mitigate security bugs.

Last year, for example, memcached, a popular application designed to speed up dynamic web applications, has suffered by a remote code execution bug that could be exploited to remotely run arbitrary code on the targeted system, thereby compromising the many websites that expose Memcache servers accessible over the Internet.

With a solution like seccomp(2) or pledge(2), a similar bug could be mitigated, the remote code would never be executed, and the memcached process would be terminated. What’s the main difference between the two solutions?

Bechis: The main difference (at least the more visible one without viewing under the hood) between Linux and OpenBSD implementation is that, with Linux seccomp(2), you can instruct the program in a very granular way, and you can create very complex policies, while on OpenBSD pledge(2) permitted syscalls have been grouped so policies will be simpler.

On the other hand, using seccomp(2) in Linux could be difficult, while OpenBSD pledge(2) is far easier to use.

On both operating systems, every program should be studied in order to decide which system call the application could use, and there are some facilities that can help understand how a program is operating, what it is doing, and which operations it should be allowed to do.

Learn more at Open Source Summit, taking place in Prague, Czech Republic Oct. 23- 26. Register now!

This week was a busy one for open source enterprise wins! Read the latest installment of our weekly digest to stay on the cutting edge of OSS business beats.

1) The Linux Foundation’s Dronecode project receives accolades for the creator of its PX4 project; Lorenz Meier has been recognized by MIT Technology Review in its annual list of Innovators Under 35.

Dronecode’s Meier Named to MIT Technology Review’s Prestigious List– Unmanned Aerial Online

2) “New round places company’s raised cash at more than $250m as the container application market value soars to $2.7bn.”

From Startup To An Open Source Giant. Docker Valuation Hits $1.3B Amid Fresh Funding Round– Data Economy

3) “One of the keys to Ubuntu’s success has been heavy optimization of the standard Linux kernel for cloud computing environments.”

Cloud-Optimized Linux: Inside Ubuntu’s Edge in AWS Cloud Computing– Silicon Angle

4) Microsoft announced purchase of a startup called Cycle Computing for an “undisclosed sum”. While it doesn’t have the name recognition of some of its peers, the startup has played a pivotal role in cloud computing today.

Microsoft Just Made a Brilliant Acquisition in Cloud Wars Against Amazon, Google– Business Insider

5) Open source content management system was initially released without frills or fanfare. After 2,600 commits, the 1.0 version is ready to tackle the blogging giants.

Ghost, the Open Source Blogging System, is Ready For Prime Time– TechCrunch

This week in Linux and open source headlines, ONAP leads the way in the automation trend, Mozilla launches new, open source speech recognition project, and more! Get up to speed with the handy weekly digest!

1) With automation being one of the top virtualization trends of 2017, The Linux Foundation’s ONAP is credited with moving the industry forward

Top Five Virtualization Trends of 2017– RCRWireless

2) Mozilla has launched a new open source project speech recognition system that relies on online volunteers to submit voice samples and validate them.

Common Voice: Mozilla Is Creating An Open Source Speech Recognition System– Fossbytes

3)In addition to membership growth, EdgeX Foundry has launched a series of technical training sessions to help developers get up to speed on the project.

Linux’s EdgeX IoT Group Adds Members, Forms Governing Team– SDxCentral

4) Multicore Association announces availability of an enhanced implementation of its Multicore Task Management API (MTAPI.)

Open Source Tools Set to Help Parallel Programming of Multicores–

5) “OCI 1.0 will ensure consistency at the lowest levels of infrastructure, and push the container wars battlefront up the stack.”

OCI 1.0 Container Image Spec Finds Common Ground Among Open Source Foes– TechTarget

This week in open source, blockchain technology, like that of Hyperledger, is being adopted by the insurance market, Cloud Foundry continues its steady incline of adoption, and more!

1) Blockchain tech like Hyperledger “is making inroads into the insurance sector.”

Insurance Industry Making the Leap to Blockchain– Business Insurance

2) Half of the Fortune 500 now use Cloud Foundry.

Cloud Foundry Makes its Mark on the Enterprise– TechCrunch

3) “Proprietary will have to either get on board or be left in the dust.”

Why Open Source will Overtake Proprietary Software by 2020– Computer Business Review

4) Google’s new Tensor2Tensor library aims to remove hurdles around customizing an environment to enable deep-learning models.

‘One Machine Learning Model to Rule Them All’: Google Open-Sources Tools for Simpler AI– ZDNet

5) As 5G changes the carrier landscape, technologies like OPNFV will bolster the shift

China Is Driving To 5G And IoT Through Global Collaboration– Forbes

This week in Linux and open source news, The Linux Foundation welcomes Sheryl Chamberlain as new Chief of Staff as the organization’s collection of projects continues to grow, genomic analysis software opens up & more! Read on for the latest in OSS news. 


Sheryl Chamberlain

Sheryl Chamberlain joins The Linux Foundation this week as Chief of Staff to help oversee the organization’s continued growth.

1) The Linux Foundation welcomes Sheryl Chamberlain as new Chief of Staff to oversee projects.

Linux Foundation Grows So Much it Hires a Chief of Staff– SDxCentral

2) Broad’s new open source genomic analysis software features new tools and rebuilt architecture.

Broad Releases Open Source Version of Genomic Analysis Software– Health Data Management

3) The Linux Foundation’s General Manager of Networking & Orchestration, Arpit Joshipura, shares thoughts on how the network has come and where it needs to go.

Can the Open-Source Network Buzz Grow Up Into Enterprise-Ready Solutions?– SiliconANGLE

4) Tech industry heavyweights release open platform for creating network of deployed services

Google, IBM and Lyft Launch Istio, an Open-Source Platform for Managing and Securing Microservices– TechCrunch

5) “Post Unity, how will the transition to GNOME work?”

Distro Watch for Ubuntu Lovers: What’s Ahead in Linux Land– The Register

This week in Linux and OSS news, Edward Snowden explains why he thinks proprietary software is very risky, Project joins The Linux Foundation, & more! Read on to stay in the open source know!

1) The infamous United States NSA hacker, Edward Snowden, was interviewed via remote video at OpenStack Summit Boston. He spoke on his personal use of technology and why that doesn’t include proprietary software.

Why Edward Snowden Loves Open Source– NetworkWorld

2) A new Linux Foundation project provides network routing topologies for software-defined applications. Joins The Linux Foundation’s Open-Source Project– FierceTelecom

3) Google’s “mysterious” third OS is based on a Google-developed microkernel called “Magenta”– not Linux.

Google’s “Fuchsia” Smartphone OS Dumps Linux, Has a Wild New UI– Ars Technica

4) A new software project under Hyperledger is “aimed at creating a collaboration tool for building blockchain business networks — or smart contracts — and their deployment across a distributed ledger.”

Linux Foundation to Develop Tool for Building Blockchain Business Networks– ComputerWorld

5) Speakers at NFV World Congress explain that open source is crucial to their NFV plans.

Telcos Digging In on Open Source NFV– Light Reading

This week in open source and Linux news, open source industry leaders and executives have been vocally against President Trump’s immigration ban, the newly-announced KDE laptop could cost you more than 1.3k, and more! Keep reading to stay on top of this busy news week. 


Open source standpoint

Open source leaders such as Jim Zemlin and Abby Kearns voice objection to President Trump’s immigration ban in official organization statements.

1) Open source industry leaders- including Jim Zemlin, Jim Whitehurst, and Abby Kearns- are firing back at President Trump’s immigration ban with firm opposition.

Linux Leadership Stands Against Trump Immigration Ban– ZDNet

Trump’s Executive Order on Immigration: Open Source Leaders Respond– CIO

Linux, OpenStack, Citrix Add Their Voices in Opposition to Immigration Ban– SDxCentral

2) KDE announces new partnership with Slimbook to produce a laptop designed for running KDE Neon.

Would You Pay $800 For a Linux Laptop?-The Verge

3) The Linux Foundation has grown over the past 17 years to encompass much more than just Linux.

How The Linux Foundation Goes Beyond the Operating System to Create the Largest Shared Resource of Open-Source Technology–

4) American Express to contribute code and engineers to Hyperledger as newest backer.

AmEx Joins JPMorgan, IBM in Hyperledger Effort– Bloomberg