We offer products and professional services around virtualization, low-level Linux engineering and operating system development. We can also help with test automation projects and embedded Linux with decades long support cycles.https://cyberus-technology.de/https://cyberus-technology.de/en/articles/long-lived-certifiable-robots-on-nixos-ctrloshttps://cyberus-technology.de/en/articles/long-lived-certifiable-robots-on-nixos-ctrlosNVIDIA Jetson is a popular platform for applications, such as robots and other edge applications making heavy use of AI features. The SOCs come with ARM-based processors and capable GPUs. For the past few weeks we've been working to lower the barrier to use the platform with NixOS and CTRL-OS. Read all about it in this post!Fri, 20 Feb 2026 00:00:00 GMThttps://cyberus-technology.de/en/articles/fosdem-2026https://cyberus-technology.de/en/articles/fosdem-2026Have you ever felt the need for a virtual machine in your NixOS server environment? Watch our FOSDEM talk to learn how to run VMs declaratively on CTRL-OS.Thu, 05 Feb 2026 00:00:00 GMThttps://cyberus-technology.de/en/articles/on-the-road-to-nixos-ltshttps://cyberus-technology.de/en/articles/on-the-road-to-nixos-ltsIn this post we will explain how long-term support for NixOS looks like in practise, how Cyberus makes CTRL-OS sustainable as a long-term partner for regulated industries, and how we address challenges in supply chain security, the Cyber Resilience Act and other industry regulations.Thu, 02 Oct 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/ctrlos-open-beta-announcementhttps://cyberus-technology.de/en/articles/ctrlos-open-beta-announcementWe're excited to announce the open beta of CTRL-OS, our NixOS LTS solution designed for enterprises requiring NixOS long-term support and Cyber Resilience Act compliance. CTRL-OS delivers 5 years of support, automated security patches, and enterprise-grade reliability.Fri, 29 Aug 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/windows-11-on-chvhttps://cyberus-technology.de/en/articles/windows-11-on-chvEver wondered why the Cloud Hypervisor only supports Windows Server? In a recent project targeting Windows 11 VMs, we decided to test out the statement and evaluate Windows 11 support on Cloud Hypervisor.Thu, 24 Jul 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/unlocking-cra-compliance-with-sustainable-open-source-foundationshttps://cyberus-technology.de/en/articles/unlocking-cra-compliance-with-sustainable-open-source-foundationsThe Cyber Resilience Act is reshaping software compliance in the EU — and putting open-source in the spotlight. Learn why product vendors now carry the burden of security for their dependencies, and how Cyberus Technology can help you turn this challenge into a strategic advantage.Wed, 28 May 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/cra-oss-with-virtualizationhttps://cyberus-technology.de/en/articles/cra-oss-with-virtualization Are you trying to wrap your head around the Cyber Resilience Act (CRA)? The CRA forces vendors to ensure their digital products have a high level of cybersecurity throughout their life cycle, including open source components. Read on to learn more about the details and how Cyberus can help to reduce your security maintenance burden. Fri, 02 May 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/nixos-for-exam-environmentshttps://cyberus-technology.de/en/articles/nixos-for-exam-environments What if your keyboard locked itself the second the exam ended? At the University of Würzburg, programming exams got a major tech upgrade thanks to NixOS—bringing reproducible setups, secure boot, and remote exam control into the classroom. Wed, 16 Apr 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/oceansprint2025https://cyberus-technology.de/en/articles/oceansprint2025Cyberus embraces open-source communities and contributions. We joined other Nix enthusiasts at OceanSprint in Lanzarote and worked on NixOS improvements for embedded systems.Thu, 03 Apr 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/simplifying-openstack-with-nixoshttps://cyberus-technology.de/en/articles/simplifying-openstack-with-nixosDeploying and testing OpenStack can be complex, but what if you could do it reliably with just one command? Enter openstack-nix, a NixOS-based solution that brings reproducibility, modularity and hardware-independent testing to OpenStack deployments. In this post, we’ll explore how Nix packages and NixOS modules simplify OpenStack setup, customization and CI testing—making life easier for developers and operators alike. Whether you're looking to streamline development or contribute to open-source innovation, openstack-nix is here to help.Thu, 20 Mar 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/embedded-world-arcade-machinehttps://cyberus-technology.de/en/articles/embedded-world-arcade-machine Cyberus Technology is bringing virtualization to life at Embedded World with a unique demo: an arcade machine running on modern hardware through CtrlOS, our long-term stable NixOS. See how we extend the lifespan of legacy embedded systems without modifying their software. Visit us at the S.I.E. booth (Hall 3 / Booth 3-238) from March 11–13 to experience it firsthand! Fri, 07 Mar 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/vmi-breakpoint-performancehttps://cyberus-technology.de/en/articles/vmi-breakpoint-performanceCan security keep up with performance? Explore how Virtual Machine Introspection tackles the challenge of securing legacy systems without sacrificing speed.Thu, 20 Feb 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/nixos-on-arm-rock-5bhttps://cyberus-technology.de/en/articles/nixos-on-arm-rock-5bWe currently have a couple of projects that use the Radxa Rock 5B SBC as base platform. It's a nice ARM board based on the Rockchip RK3588. Upstream support for the CPU has improved quite a bit during the course of 2024, making it a solid choice for ARM PoCs and other projects. Read on to discover how to run NixOS on the board.Thu, 06 Feb 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/nix-cmake-corrosionhttps://cyberus-technology.de/en/articles/nix-cmake-corrosionAt Cyberus, we use Nix and NixOS for reproducible, declarative builds and configurations. In a research project exploring VMI under Linux/KVM, we faced challenges packaging a key component. This post covers those difficulties and our solution.Thu, 23 Jan 2025 00:00:00 GMThttps://cyberus-technology.de/en/articles/case-study-medical-connecthttps://cyberus-technology.de/en/articles/case-study-medical-connectsecunet uses Cyberus Hypervisor for their new medical connect Edge-Gateway-Platform. By relying on Cyberus’ product, service, and expertise for the medical connect product and the internal Software Factory and Platform Strategy, the secunet product team was able to ship 20% faster. They also provided more value to their customers with a smaller platform footprint.Thu, 19 Dec 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/building-embedded-systems-that-last-decades-with-nixoshttps://cyberus-technology.de/en/articles/building-embedded-systems-that-last-decades-with-nixosAre your embedded systems built to last? In industries like medical devices and robotics, longevity is critical—but maintaining security, compliance, and functionality over decades is no small feat. Discover how NixOS tackles these challenges with reproducible builds, declarative configurations, and long-term system reliability. Whether you're building X-ray machines or factory-floor robots, this guide explores why NixOS is the key to future-proofing your embedded systems.Thu, 12 Dec 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/introducing-nixos-long-term-supporthttps://cyberus-technology.de/en/articles/introducing-nixos-long-term-supportExplore our latest initiative: Long-Term Support for NixOS. We're offering 5 years of stability, security updates, and guaranteed backports, making it easier to maintain critical systems without frequent upgrades. Perfect for industries like IoT, medical devices, and more. Learn how it works!Thu, 17 Oct 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/benchmarking-windows-nix-wfvmhttps://cyberus-technology.de/en/articles/benchmarking-windows-nix-wfvmIn this blog post, we dive into how our team leverages advanced benchmarking techniques to ensure optimal performance across diverse systems, from Linux to Windows, using a mix of micro-benchmarks and real-world performance tests. We explain how automation through tools like Nix and WFVM allows us to streamline benchmarking across various hardware setups and integrate these processes directly into our CI pipelines. Our detailed dashboards track performance over time, giving us the insight needed to maintain and improve product quality.Thu, 19 Sep 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/simplify-your-sr-iov-setup-a-guide-to-nixos-modules-and-specializationshttps://cyberus-technology.de/en/articles/simplify-your-sr-iov-setup-a-guide-to-nixos-modules-and-specializationsUnlock the power of SR-IOV graphics acceleration with NixOS! This blog post dives into how you can simplify complex configurations using NixOS modules and specialisations. Whether you're optimizing your KVM backend for VirtualBox or exploring other advanced features, this guide makes it easy to experiment safely and efficiently. Ready to take your system setup to the next level?Thu, 05 Sep 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/maximizing-uptime-the-power-of-live-migration-for-seamless-software-updateshttps://cyberus-technology.de/en/articles/maximizing-uptime-the-power-of-live-migration-for-seamless-software-updatesDiscover how live migration technology empowers cloud services to perform seamless updates, ensuring your software stays fresh without disrupting operations. At Cyberus, we're pioneering innovative solutions like post migration to push the boundaries of high availability. Ready to optimize your infrastructure?Thu, 22 Aug 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/microvm-nixhttps://cyberus-technology.de/en/articles/microvm-nixVirtualization is a powerful tool, but managing VMs across various hypervisors can be a nightmare, especially when aiming for consistency and reproducibility. Enter microvm.nix—the essential tool that brings the declarative simplicity of NixOS to the world of virtualization.Thu, 08 Aug 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/securing-the-past-with-vmihttps://cyberus-technology.de/en/articles/securing-the-past-with-vmiStruggling with outdated IT systems and cybersecurity concerns? Discover how Cyberus is pioneering the use of Virtual Machine Introspection to secure legacy infrastructure.Thu, 25 Jul 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/veridoshttps://cyberus-technology.de/en/articles/veridosIn today's fast-paced world, automated testing is crucial for maintaining efficiency and quality. This post is aimed at engineering teams and product managers looking to enhance their test automation processes. Discover how Cyberus enabled Veridos to implement Shift-Left Testing, automate their hardware-dependent tests, and run them seamlessly throughout the development cycle.Thu, 11 Jul 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/securing-legacy-applicationshttps://cyberus-technology.de/en/articles/securing-legacy-applicationsOutdated legacy systems lack maintenance, support for modern encryption algorithms, and compatibility with current security software. KronoCore is designed to address these issues, ensuring your legacy applications run reliably and securely. Instead of expensive and risky redesign, KronoCore extends the lifetime of useful software indefinitely.Thu, 27 Jun 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/case-study-legacy-traffic-light-control-with-kronocorehttps://cyberus-technology.de/en/articles/case-study-legacy-traffic-light-control-with-kronocoreKronoCore enables legacy software to run on modern hardware. In addition to hardware compatibility, it offers additional features that enhance security. Learn how KronoCore addresses these challenges with the help of a case study.Thu, 13 Jun 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/nix-and-nixos-at-cyberushttps://cyberus-technology.de/en/articles/nix-and-nixos-at-cyberusNix and NixOS are incredible technologies that make our every-day engineering much more productive. In this article, we will go through some of our use-cases and explain why and how Nix and NixOS help us.Thu, 30 May 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/nested-virtualization-bughttps://cyberus-technology.de/en/articles/nested-virtualization-bugIn this article, we describe our discovery of undocumented behavior in KVM's nesting feature. Learn how we solved the situation in our KVM backend for VirtualBox.Thu, 16 May 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/nested-virtualizationhttps://cyberus-technology.de/en/articles/nested-virtualizationWe're excited to share a new milestone for our KVM Backend for VirtualBox: nested virtualization is now supported. This means you can run virtual machines within other VMs, opening up new possibilities for testing and development environments. With nested virtualization, you can now run even more complex configurations, including HP Sure Click, enabling heightened security within virtualized environments.Thu, 02 May 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/testing-virtualization-stacks-utilizing-mini-kernelshttps://cyberus-technology.de/en/articles/testing-virtualization-stacks-utilizing-mini-kernelsTesting and debugging erroneous behaviour by a guest under a virtualization stack is hard and difficult. By leveraging multiple mini operating system kernels, we can investigate issues related to complicated topics, such as never delivered interrupts, with a precise focus on where to look at. For that, we created our internal Cyberus Guest Tests that we present in this blog post.Thu, 18 Apr 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/fully-automated-testinghttps://cyberus-technology.de/en/articles/fully-automated-testingShift-left testing is an approach to address the harms of late testing, such as contexts switch for developers. Cyberus follows the 'test early and often' strategy and fully automated tests are a crucial part of developer workflows. Testing low-level code on all supported hardware requires us to overcome the challenge of automating commodity hardware. Our flexible infrastructure empowers functional tests as well as long-term performance monitoring.Thu, 04 Apr 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/enclosedhttps://cyberus-technology.de/en/articles/enclosedManagement and secure configuration of virtual machines can be as daunting as navigating a labyrinth. Our powerful tool 'enclosed' effortlessly transforms the complex task of compartmentalizing and managing VMs into an intuitive and streamlined process. Overcome the intricacies of low-level tools and use a higher level of abstraction with 'enclosed'. Learn how to shield your virtual environments with unmatched ease and security in this article.Thu, 21 Mar 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/vbox-kvm-sriovhttps://cyberus-technology.de/en/articles/vbox-kvm-sriovModern applications from CAD to games need beefy graphics hardware to work. In a virtual machine they are unusable, because they use slow emulated graphics. Learn in this article how to enjoy blazingly fast graphics by unlocking the graphics virtualization capability that ships in every modern Intel CPU.Fri, 08 Mar 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/vbox-kvm-deep-divehttps://cyberus-technology.de/en/articles/vbox-kvm-deep-diveIn this article, we want to provide you with a closer look under the hood of our KVM backend for VirtualBox. It replaces the original VirtualBox kernel module with a backend implementation for the KVM hypervisor provided by Linux.Thu, 22 Feb 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/vbox-kvm-public-releasehttps://cyberus-technology.de/en/articles/vbox-kvm-public-releaseToday we are announcing the open-source release of our KVM backend for Virtualbox.Thu, 08 Feb 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/the-case-for-legacy-softwarehttps://cyberus-technology.de/en/articles/the-case-for-legacy-softwarePhysical Infrastructure in the real-world has a much longer lifetime than software systems. This presents a number of challenges to operators: Hardware components fail at some point while spare parts are no longer available and need to be replaced by modern alternatives. Old software lacks support for modern components and a major software upgrade is required for continuing operation. Learn how this gap can be mediated and what can be done to solve this issue long-term.Thu, 01 Feb 2024 00:00:00 GMThttps://cyberus-technology.de/en/articles/diplomarbeit-philipp-schusterhttps://cyberus-technology.de/en/articles/diplomarbeit-philipp-schusterThe thesis presents modifications to Hedron and an associated runtime system. Together, these components enable the concurrent execution of Hedron-native applications and unmodified foreign applications using Linux programs as an example. This allows to reuse the established toolchains and developing new software for Hedron with them. Furthermore, Linux programs are supported that contain additionally Hedron-native system calls. I call them hybrid applications. This mechanism enables to communicate directly with interfaces of Hedron's runtime environment from foreign applications.Fri, 02 Dec 2022 00:00:00 GMThttps://cyberus-technology.de/en/articles/hotsos-keynotehttps://cyberus-technology.de/en/articles/hotsos-keynoteHoTSoS identifies itself as research event centered on the Science of Security, which aims to address the fundamental problems of security in a principled manner. Because the seminal Spectre paper won NSA's Best Scientific Cybersecurity Paper Competition last year, its authors were invited to give a keynote speech at the symposium. Given that the corresponding vulnerabilities were disclosed to Intel almost 4 years ago, we (the authors) decided to take a step back and to look, in HotSoS' spirit, at the fundamental problems. We (Cyberus Technology) feel deeply honoured that we were entrusted with delivering the talk and want to give you a sneak preview of what to expect.Fri, 09 Apr 2021 00:00:00 GMThttps://cyberus-technology.de/en/articles/sicherheitskongresshttps://cyberus-technology.de/en/articles/sicherheitskongressCompromised software of the trusted compute base is a major challenge as it allows attackers to fly under the radar. VMI provides for defense-in-depth and enables event-driven response in a sandbox environmentMon, 08 Feb 2021 00:00:00 GMThttps://cyberus-technology.de/en/articles/taahttps://cyberus-technology.de/en/articles/taaToday a new variant of the ZombieLoad family of side-channel attacks has been made public. This new variant is called TSX Asynchronous Abort (TAA). TAA works on all recent Intel processors that support Intel TSX, including Intel's most recent Cascade Lake processors.Tue, 12 Nov 2019 00:00:00 GMThttps://cyberus-technology.de/en/articles/1yr-meltdownhttps://cyberus-technology.de/en/articles/1yr-meltdownAbout a year ago, I (together with a small team of other security researchers) was waiting for Intel to disclose security vulnerabilities we had discovered in its microprocessor hardware. We expected a fair bit of excitement because the industry had been scrambling to get mitigations in place. However I was thoroughly gobsmacked by the kind of delayed fireworks unfolding in the media. More than a year has elapsed since then so it is only fair to ask what is left beyond the sound and smoke - and why it was not the beginning of the end of the familiar IT universe, as predicted by a couple of pessimists.Wed, 29 May 2019 00:00:00 GMThttps://cyberus-technology.de/en/articles/zombieloadhttps://cyberus-technology.de/en/articles/zombieloadZombieLoad is a novel category of side-channel attacks which we refer to as **data-sampling attack**. It demonstrates that faulting load instructions can transiently expose private values of one Hyperthread sibling to the other. This new exploit is the result of a collaboration between Michael Schwarz, Daniel Gruss and Moritz Lipp from Graz University of Technology, Thomas Prescher and Julian Stecklina from Cyberus Technology, Jo Van Bulck from KU Leuven, and Daniel Moghimi from Worcester Polytechnic Institute. In this article, we summarize the implications and shed light on the different attack scenarios across CPU privilege rings, OS processes, virtual machines, and SGX enclaves, and give advice over possible ways to mitigate such attacks.Tue, 14 May 2019 00:00:00 GMThttps://cyberus-technology.de/en/articles/l1-terminal-faulthttps://cyberus-technology.de/en/articles/l1-terminal-faultAfter Meltdown and Spectre, more vulnerabilities in out-of-order CPUs have been uncovered that use similar side channels. This article is about the L1 Terminal Fault vulnerability, a meltdown-style attack that is also effective against up-to-date system software incorporating KPTI-like patches.Tue, 14 Aug 2018 00:00:00 GMThttps://cyberus-technology.de/en/articles/intel-lazyfp-vulnerabilityhttps://cyberus-technology.de/en/articles/intel-lazyfp-vulnerabilityAfter Meltdown and Spectre, which were publicly disclosed in January, the Spectre V3a and V4 vulnerabilities followed in May. According to the German IT news publisher Heise, the latter might be part of eight new vulnerabilities in total that are going to be disclosed in the course of the year.Wed, 06 Jun 2018 00:00:00 GMThttps://cyberus-technology.de/en/articles/intel-store-load-spectre-vulnerabilityhttps://cyberus-technology.de/en/articles/intel-store-load-spectre-vulnerabilityAfter Meltdown and Spectre, more vulnerabilities in out-of-order CPUs have been uncovered that use similar attack vectors. This article is about the new variant 4 of the Spectre attack that works without misleading the branch predictor. Instead, it exploits an implementation detail of Intel's memory disambiguation technique inside the CPU's pipeline.Tue, 22 May 2018 00:00:00 GMThttps://cyberus-technology.de/en/articles/windows-on-iscsi-part3https://cyberus-technology.de/en/articles/windows-on-iscsi-part3As an important step towards automating the creation of Windows disk assets/images, we will take a closer look at the Critical Device Database (CDDB) inside the Windows registry. The goal is to transform any locally installed instance to be bootable from iSCSI without having to run a full installation onto an iSCSI disk before.Mon, 26 Mar 2018 00:00:00 GMThttps://cyberus-technology.de/en/articles/windows-on-iscsi-part2https://cyberus-technology.de/en/articles/windows-on-iscsi-part2In this article, we will describe how an ordinary Windows 7 installation can be converted to be booted from iSCSI. We will cover the particularities of the Windows network boot process and and elaborate on the differences to the normal boot. We then describe our solution using some registry modifications.Mon, 12 Mar 2018 00:00:00 GMThttps://cyberus-technology.de/en/articles/windows-on-iscsi-part1https://cyberus-technology.de/en/articles/windows-on-iscsi-part1This series of three posts is about installing Windows 7 on an iSCSI disk. In this first article, we install it using qemu and iPXE and cover some of the pitfalls and particularities of this install method, as well as the topic of duplicating the resulting disk for use in machines of the same type. Two more follow-up posts will cover details of the network boot process, leading to a method of converting an existing installation to be iSCSI-bootable.Mon, 26 Feb 2018 00:00:00 GMThttps://cyberus-technology.de/en/articles/meltdownhttps://cyberus-technology.de/en/articles/meltdownMeltdown is an attack on the general memory data security of computers with the Intel x86 architecture. Two members of the founder team of Cyberus Technology GmbH were among the first experts to discover this vulnerability. This article describes how Meltdown works and examines the mitigations that have been patched into the most widespread operating systems while the information embargo was still intact.Wed, 03 Jan 2018 00:00:00 GMT