Initial aarch64/KVM support

.github/workflows/ValidatePullRequest.yml

@@ -60,11 +60,13 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
+        arch: [X64, arm64]
         config: [debug, release]
     uses: ./.github/workflows/dep_build_guests.yml
     secrets: inherit
     with:
       docs_only: ${{ needs.docs-pr.outputs.docs-only }}
+      arch: ${{ matrix.arch }}
       config: ${{ matrix.config }}
 
   # Code checks (fmt, clippy, MSRV) - runs in parallel with build-guests
@@ -92,14 +94,27 @@ jobs:
       fail-fast: true
       matrix:
         hypervisor: ['hyperv-ws2025', mshv3, kvm]
-        cpu: [amd, intel]
+        cpu: [amd, intel, apple]
+        arch: [X64, arm64]
         config: [debug, release]
+        exclude:
+        - cpu: apple
+          hypervisor: hyperv-ws2025
+        - cpu: apple
+          hypervisor: mshv3
+        - cpu: amd
+          arch: arm64
+        - cpu: intel
+          arch: arm64
+        - cpu: apple
+          arch: X64
     uses: ./.github/workflows/dep_build_test.yml
     secrets: inherit
-    with: 
+    with:
       docs_only: ${{ needs.docs-pr.outputs.docs-only }}
       hypervisor: ${{ matrix.hypervisor }}
       cpu: ${{ matrix.cpu }}
+      arch: ${{ matrix.arch }}
       config: ${{ matrix.config }}
 
   # Run examples - needs guest artifacts, runs in parallel with build-test
@@ -115,14 +130,27 @@ jobs:
       fail-fast: true
       matrix:
         hypervisor: ['hyperv-ws2025', mshv3, kvm]
-        cpu: [amd, intel]
+        cpu: [amd, intel, apple]
+        arch: [X64, arm64]
         config: [debug, release]
+        exclude:
+        - cpu: apple
+          hypervisor: hyperv-ws2025
+        - cpu: apple
+          hypervisor: mshv3
+        - cpu: amd
+          arch: arm64
+        - cpu: intel
+          arch: arm64
+        - cpu: apple
+          arch: X64
     uses: ./.github/workflows/dep_run_examples.yml
     secrets: inherit
     with: 
       docs_only: ${{ needs.docs-pr.outputs.docs-only }}
       hypervisor: ${{ matrix.hypervisor }}
       cpu: ${{ matrix.cpu }}
+      arch: ${{ matrix.arch }}
       config: ${{ matrix.config }}
 
   fuzzing:
@@ -133,12 +161,22 @@ jobs:
     # and a skipped dependency transitively skips all downstream jobs.
     # See: https://github.com/actions/runner/issues/2205
     if: ${{ !cancelled() && !failure() }}
+    strategy:
+      matrix:
+        target: ['fuzz_host_print', 'fuzz_guest_call', 'fuzz_host_call', 'fuzz_guest_estimate_trace_event', 'fuzz_guest_trace']
+        arch: [X64, arm64]
+        exclude:
+        - arch: arm64
+          target: fuzz_guest_trace
+        - arch: arm64
+          target: fuzz_guest_estimate_trace_event
     uses: ./.github/workflows/dep_fuzzing.yml
+    secrets: inherit
     with:
-      targets: '["fuzz_host_print", "fuzz_guest_call", "fuzz_host_call", "fuzz_guest_estimate_trace_event", "fuzz_guest_trace"]' # Pass as a JSON array
-      max_total_time: 300 # 5 minutes in seconds
       docs_only: ${{ needs.docs-pr.outputs.docs-only }}
-    secrets: inherit
+      max_total_time: 300 # 5 minutes in seconds
+      arch: ${{ matrix.arch }}
+      target: ${{ matrix.target }}
 
   spelling:
     name: spell check with typos

.github/workflows/dep_benchmarks.yml

@@ -103,13 +103,13 @@ jobs:
       - name: Download Rust guests
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
         with:
-          name: rust-guests-release
+          name: rust-guests-X64-release
           path: src/tests/rust_guests/bin/release/
 
       - name: Download C guests
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
         with:
-          name: c-guests-release
+          name: c-guests-X64-release
           path: src/tests/c_guests/bin/release/
 
       - name: Build

.github/workflows/dep_build_guests.yml

@@ -10,6 +10,10 @@ on:
         required: false
         type: string
         default: "false"
+      arch:
+        description: CPU architecture for the build (passed from caller matrix)
+        required: true
+        type: string
       config:
         description: Build configuration (debug or release)
         required: true
@@ -29,7 +33,17 @@ jobs:
   build-guests:
     if: ${{ inputs.docs_only == 'false' }}
     timeout-minutes: 15
-    runs-on: [self-hosted, Linux, X64, "1ES.Pool=hld-kvm-amd", "JobId=build-guests-${{ inputs.config }}-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}"]
+    runs-on: ${{ fromJson(
+      format('["self-hosted", "Linux", "{0}", "{1}" {2}]',
+        inputs.arch,
+        inputs.arch == 'X64' && '1ES.Pool=hld-kvm-amd' || 'ubuntu-24.04',
+        inputs.arch == 'X64' && format(', "JobId=build-guests-{0}-{1}-{2}-{3}"',
+                                  inputs.config,
+                                  github.run_id,
+                                  github.run_number,
+                                  github.run_attempt)
+                             || ''
+      )) }}
     steps:
       - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
 
@@ -52,12 +66,12 @@ jobs:
         with:
           path: |
             src/tests/rust_guests/target/sysroot
-          key: sysroot-linux-${{ inputs.config }}-${{ hashFiles('rust-toolchain.toml') }}
+          key: sysroot-linux-${{ inputs.arch }}-${{ inputs.config }}-${{ hashFiles('rust-toolchain.toml') }}
 
       - name: Rust cache
         uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4  # v2.9.1
         with:
-          shared-key: "guests-${{ inputs.config }}"
+          shared-key: "guests-${{ inputs.arch }}-${{ inputs.config }}"
           cache-on-failure: "true"
           # Only save on main as caches are not shared across branches.
           # https://docs.github.com/en/actions/reference/workflows-and-actions/dependency-caching#restrictions-for-accessing-a-cache
@@ -82,7 +96,7 @@ jobs:
       - name: Upload Rust guests
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
         with:
-          name: rust-guests-${{ inputs.config }}
+          name: rust-guests-${{ inputs.arch }}-${{ inputs.config }}
           path: |
             src/tests/rust_guests/bin/${{ inputs.config }}/
           retention-days: 1
@@ -91,13 +105,13 @@ jobs:
       - name: Upload C guests
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
         with:
-          name: c-guests-${{ inputs.config }}
+          name: c-guests-${{ inputs.arch }}-${{ inputs.config }}
           path: src/tests/c_guests/bin/${{ inputs.config }}/
           retention-days: 1
           if-no-files-found: error
 
       - name: Upload interface.wasm
-        if: inputs.config == 'debug'
+        if: inputs.config == 'debug' && inputs.arch == 'X64'
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
         with:
           name: interface-wasm
@@ -106,7 +120,7 @@ jobs:
           if-no-files-found: error
 
       - name: Upload twoworlds.wasm
-        if: inputs.config == 'debug'
+        if: inputs.config == 'debug' && inputs.arch == 'X64'
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
         with:
           name: twoworlds-wasm

.github/workflows/dep_build_test.yml

@@ -19,6 +19,10 @@ on:
         required: true
         type: string
       cpu:
+        description: CPU vendor for the build (passed from caller matrix)
+        required: true
+        type: string
+      arch:
         description: CPU architecture for the build (passed from caller matrix)
         required: true
         type: string
@@ -39,14 +43,11 @@ jobs:
     if: ${{ inputs.docs_only == 'false' }}
     timeout-minutes: 45
     runs-on: ${{ fromJson(
-        format('["self-hosted", "{0}", "X64", "1ES.Pool=hld-{1}-{2}", "JobId=build-and-test-{3}-{4}-{5}-{6}"]', 
-          inputs.hypervisor == 'hyperv-ws2025' && 'Windows' || 'Linux', 
-          inputs.hypervisor == 'hyperv-ws2025' && 'win2025' || inputs.hypervisor == 'mshv3' && 'azlinux3-mshv' || inputs.hypervisor, 
-          inputs.cpu,
-          inputs.config,
-          github.run_id,
-          github.run_number,
-          github.run_attempt)) }} 
+        format('["self-hosted", "{0}", "{1}", {2} {3}]',
+          inputs.hypervisor == 'hyperv-ws2025' && 'Windows' || 'Linux',
+          inputs.arch,
+          inputs.arch == 'X64' && format('"1ES.Pool=hld-{0}-{1}"', inputs.hypervisor == 'hyperv-ws2025' && 'win2025' || inputs.hypervisor == 'mshv3' && 'azlinux3-mshv' || inputs.hypervisor, inputs.cpu) || inputs.hypervisor == 'kvm' && '"kvm", "ubuntu-24.04"' || '',
+          inputs.arch == 'X64' && format(', "JobId=build-and-test-{0}-{1}-{2}-{3}"', inputs.config, github.run_id, github.run_number, github.run_attempt) || '')) }}
     steps:
       - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
 
@@ -64,7 +65,7 @@ jobs:
       - name: Rust cache
         uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4  # v2.9.1
         with:
-          shared-key: "${{ runner.os }}-${{ inputs.hypervisor }}-${{ inputs.config }}"
+          shared-key: "${{ inputs.arch }}-${{ runner.os }}-${{ inputs.hypervisor }}-${{ inputs.config }}"
           cache-on-failure: "true"
           # Only save on main as caches are not shared across branches.
           # https://docs.github.com/en/actions/reference/workflows-and-actions/dependency-caching#restrictions-for-accessing-a-cache
@@ -73,13 +74,13 @@ jobs:
       - name: Download Rust guests
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
         with:
-          name: rust-guests-${{ inputs.config }}
+          name: rust-guests-${{ inputs.arch }}-${{ inputs.config }}
           path: src/tests/rust_guests/bin/${{ inputs.config }}/
 
       - name: Download C guests
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
         with:
-          name: c-guests-${{ inputs.config }}
+          name: c-guests-${{ inputs.arch }}-${{ inputs.config }}
           path: src/tests/c_guests/bin/${{ inputs.config }}/
 
       - name: Download interface.wasm
@@ -119,22 +120,25 @@ jobs:
           just test ${{ inputs.config }} ${{ inputs.hypervisor == 'mshv3' && 'mshv3' || 'kvm' }}
 
       - name: Run Rust tests with hw-interrupts
+        if: runner.arch == 'X64'
         run: |
           # with hw-interrupts feature enabled (+ explicit driver on Linux)
           just test ${{ inputs.config }} ${{ runner.os == 'Linux' && (inputs.hypervisor == 'mshv3' && 'mshv3,hw-interrupts' || 'kvm,hw-interrupts') || 'hw-interrupts' }}
 
       - name: Run Rust Gdb tests
+        if: runner.arch == 'X64'
         env:
           RUST_LOG: debug
         run: just test-rust-gdb-debugging ${{ inputs.config }}
 
       - name: Run Rust Crashdump tests
+        if: runner.arch == 'X64'
         env:
           RUST_LOG: debug
         run: just test-rust-crashdump ${{ inputs.config }}
 
       - name: Run Rust Tracing tests
-        if: runner.os == 'Linux'
+        if: runner.arch == 'X64' && runner.os == 'Linux'
         env:
           RUST_LOG: debug
         run: just test-rust-tracing ${{ inputs.config }}

.github/workflows/dep_fuzzing.yml

@@ -7,10 +7,14 @@ on:
         description: Maximum total time for the fuzz run in seconds
         required: true
         type: number
-      targets:
+      target:
         description: Fuzz targets to run
         required: true
         type: string
+      arch:
+        description: Architecture on which to fuzz
+        required: true
+        type: string
       docs_only:
         description: Skip fuzzing if docs only
         required: false
@@ -23,10 +27,17 @@ permissions:
 jobs:
   fuzz:
     if: ${{ inputs.docs_only == 'false' }}
-    runs-on: [ self-hosted, Linux, X64, "1ES.Pool=hld-kvm-amd", "JobId=fuzz-${{ matrix.target }}-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}" ]
-    strategy:
-      matrix:
-        target: ${{ fromJson(inputs.targets) }}
+    runs-on: ${{ fromJson(
+      format('["self-hosted", "Linux", "{0}", "{1}" {2}]',
+        inputs.arch,
+        inputs.arch == 'X64' && '1ES.Pool=hld-kvm-amd' || 'ubuntu-24.04',
+        inputs.arch == 'X64' && format(', "JobId=fuzz-{0}-{1}-{2}-{3}"',
+                                  inputs.target,
+                                  github.run_id,
+                                  github.run_number,
+                                  github.run_attempt)
+                             || ''
+      )) }}
     steps:
       - name: Checkout code
         uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
@@ -40,14 +51,14 @@ jobs:
       - name: Download Rust guests
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
         with:
-          name: rust-guests-release
+          name: rust-guests-${{ inputs.arch }}-release
           path: src/tests/rust_guests/bin/release/
 
       - name: Install cargo-fuzz
         run: command -v cargo-fuzz >/dev/null 2>&1 || cargo install cargo-fuzz
 
       - name: Run Fuzzing
-        run: just fuzz-timed ${{ matrix.target }} ${{ inputs.max_total_time }}
+        run: just fuzz-timed ${{ inputs.target }} ${{ inputs.max_total_time }}
         working-directory: src/hyperlight_host
 
       - name: Upload Crash Artifacts

.github/workflows/dep_run_examples.yml

@@ -19,6 +19,10 @@ on:
         required: true
         type: string
       cpu:
+        description: CPU vendor for the build (passed from caller matrix)
+        required: true
+        type: string
+      arch:
         description: CPU architecture for the build (passed from caller matrix)
         required: true
         type: string
@@ -39,14 +43,11 @@ jobs:
     if: ${{ inputs.docs_only == 'false' }}
     timeout-minutes: 15
     runs-on: ${{ fromJson(
-        format('["self-hosted", "{0}", "X64", "1ES.Pool=hld-{1}-{2}", "JobId=run-examples-{3}-{4}-{5}-{6}"]', 
-          inputs.hypervisor == 'hyperv-ws2025' && 'Windows' || 'Linux', 
-          inputs.hypervisor == 'hyperv-ws2025' && 'win2025' || inputs.hypervisor == 'mshv3' && 'azlinux3-mshv' || inputs.hypervisor, 
-          inputs.cpu,
-          inputs.config,
-          github.run_id,
-          github.run_number,
-          github.run_attempt)) }} 
+        format('["self-hosted", "{0}", "{1}", {2} {3}]',
+          inputs.hypervisor == 'hyperv-ws2025' && 'Windows' || 'Linux',
+          inputs.arch,
+          inputs.arch == 'X64' && format('"1ES.Pool=hld-{0}-{1}"', inputs.hypervisor == 'hyperv-ws2025' && 'win2025' || inputs.hypervisor == 'mshv3' && 'azlinux3-mshv' || inputs.hypervisor, inputs.cpu) || inputs.hypervisor == 'kvm' && '"kvm", "ubuntu-24.04"' || '',
+          inputs.arch == 'X64' && format(', "JobId=run-examples-{0}-{1}-{2}-{3}"', inputs.config, github.run_id, github.run_number, github.run_attempt) || '')) }}
     steps:
       - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
 
@@ -64,19 +65,19 @@ jobs:
       - name: Rust cache
         uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4  # v2.9.1
         with:
-          shared-key: "${{ runner.os }}-${{ inputs.hypervisor }}-${{ inputs.config }}"
+          shared-key: "${{ inputs.arch }}-${{ runner.os }}-${{ inputs.hypervisor }}-${{ inputs.config }}"
           save-if: "false"
 
       - name: Download Rust guests
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
         with:
-          name: rust-guests-${{ inputs.config }}
+          name: rust-guests-${{ inputs.arch }}-${{ inputs.config }}
           path: src/tests/rust_guests/bin/${{ inputs.config }}/
 
       - name: Download C guests
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8.0.1
         with:
-          name: c-guests-${{ inputs.config }}
+          name: c-guests-${{ inputs.arch }}-${{ inputs.config }}
           path: src/tests/c_guests/bin/${{ inputs.config }}/
 
       - name: Run Rust examples - windows