Firecracker requires KVM, but QEMU can be used with instruction emulation, correct? Does that make this potentially a little easier to develop with in certain environments?
>>maxmcd+(OP)
That's correct. The initial versions of the microvm patch series did require KVM, but the one that got upstreamed does work with TCG [1], thanks to the QEMU's maintainers feedback.
That said, I'm not sure for which kind of use cases it would be useful to run it this way, as the performance won't be amazing. I find TCG acceleration mainly useful for debugging and foreign systems emulation.
>>maxmcd+(OP)
I wonder if that's a security benefit, too... I would expect that KVM equals more attack surface, and direct to the host kernel at that. Now, weighing likelihood of exploiting KVM through qemu vs qemu through TCG (or whatever)... I'm not qualified to asses, and probably depends on your threat model. But it sure feels good if you can run qemu with no special privileges.