MicroVMs From The Bottom Up

A complete first draft

MicroVMs From The Bottom Up.

A reader-grade tour of KVM, virtio, and the Firecracker microVM — built from the CPU's virtualization extensions up, not from the cloud console down.

Start with Chapter 1 Download PDF

Six parts, twenty-three chapters, four appendices

What's inside

  1. I

    Orientation

    The virtualization stack map, what a virtual machine actually is, and why microVMs exist.

  2. II

    Hardware And Kernel Primitives

    VT-x / AMD-V / EL2, the KVM API, guest memory and two-dimensional paging, virtual interrupts, and VM exits.

  3. III

    The Virtual Machine Monitor

    The anatomy of a VMM, the Linux boot protocol, virtio, and the minimal machine model.

  4. IV

    Firecracker End To End

    Architecture, the device model, boot and configuration, snapshot and restore, and MMDS.

  5. V

    Security And Isolation

    The jailer, seccomp, and the threat model that lets untrusted code run on shared hardware.

  6. VI

    Integration And Ecosystem

    Host networking, microVMs as containers (firecracker-containerd, Kata), and the wider VMM landscape.

  7. +

    Appendices

    Command-line and inspection tools, building guest kernels and root filesystems, a KVM ioctl reference, and a glossary.

Who it is for

Engineers who want the full mental model.

If you have run a Firecracker microVM or a Lambda function but never traced what happens between the InstanceStart API call and the guest's first instruction, this book is for you. Every chapter names the ioctl, the VMCS field, the register, and the file on disk — no hand-waving, no "it's basically a lightweight VM." It is the companion to Containerd From The Bottom Up, one layer to the side.