Ecosystem

Provium

A general-purpose KVM test harness for kernel modules. Write tests in Lua, run them against real VMs. No mocks, no simulations — real kernels, real syscalls, real results.

View on GitHub 
-- Test that a syscall returns the expected value
local vm = provium.create("peios-kacs")
vm:boot({ memory = "512M", cpus = 2 })

-- Call a custom KACS syscall
local result = vm:syscall(1100, 0, 0)
assert(result.ret == 0, "kacs_get_token_info failed")

-- Execute a command inside the VM
local out = vm:exec("idn whoami")
assert(out.stdout:match("SYSTEM"), "expected SYSTEM identity")

Architecture

Provium is a Go binary with an embedded Lua scripting engine. Tests are Lua scripts that control VMs through a high-level API. Communication between the host and guest happens over vsock — no guest networking required. 

Lua test → provium (Go, host) → QEMU/KVM → agent (C, guest) → commands
                                    ↑
                              vsock connection

Features

Real VMs, not mocks

Tests run against actual QEMU/KVM virtual machines with real kernels. No simulation layer between your tests and the code being tested.

Lua scripting

Write tests in Lua — readable, expressive, and fast to iterate on. No recompilation needed between test runs.

Raw syscalls

Call syscalls directly from Lua. Test custom kernel interfaces, ioctls, and module behaviour without writing C test harnesses.

File injection

Write files into the guest and read them back. Inject configuration, binaries, or test data without modifying the VM image.

VM snapshots

Cache booted VM state with fixtures. Subsequent tests resume from a snapshot instead of cold-booting — dramatically faster test suites.

Not Peios-specific

Provium is a general-purpose tool. Test any kernel module, any Linux distribution, any boot configuration. Peios uses it; you can too.

Built for

Kernel module developers

Test your module's syscalls, ioctls, and behaviour against real kernels with Lua scripts instead of C test programs.

Security researchers

Probe kernel interfaces, test access control boundaries, and verify security properties in isolated VMs that can be destroyed and recreated instantly.

CI pipelines

Run kernel-level integration tests in CI. Boot a VM, run tests, check results, tear it down — all from a single binary with no dependencies beyond QEMU.