MicroVMs From The Bottom Up

A book in progress

MicroVMs From The Bottom Up.

A reader-grade tour of KVM, virtio, and the Firecracker microVM — built from the CPU's virtualization extensions up, not from the cloud console down.

Start with Chapter 1 Download PDF

Seven parts, twenty-three chapters

What's inside

  1. I

    Orientation

    The virtualization stack map, what a virtual machine actually is, and why microVMs exist. Drafted.

  2. II

    Hardware And Kernel Primitives

    VT-x / AMD-V / EL2, the KVM API, guest memory and two-dimensional paging, virtual interrupts, and VM exits.

  3. III

    The Virtual Machine Monitor

    The anatomy of a VMM, the Linux boot protocol, virtio, and the minimal machine model.

  4. IV

    Firecracker End To End

    Architecture, the device model, boot and configuration, snapshot and restore, and MMDS.

  5. V

    Security And Isolation

    The jailer, seccomp, and the threat model that lets untrusted code run on shared hardware.

  6. VI

    Integration And Ecosystem

    Host networking, microVMs as containers (firecracker-containerd, Kata), and the wider VMM landscape.

  7. VII

    Experiments

    Boot a guest by hand through the KVM API, direct-boot a kernel, snapshot and restore, and trace VM exits — on a host with /dev/kvm.

Who it is for

Engineers who want the full mental model.

If you have run a Firecracker microVM or a Lambda function but never traced what happens between the InstanceStart API call and the guest's first instruction, this book is for you. Every chapter names the ioctl, the VMCS field, the register, and the file on disk — no hand-waving, no "it's basically a lightweight VM." It is the companion to Containerd From The Bottom Up, one layer to the side.