3 weeks ago, the Xen Project developer community gathered in Chicago to collaborate, connect and solve the important challenges we all face.
As always we kicked off the Summit with the State of Xen, which we call the “Weather Report,” where we discussed the year in review as well as high-level themes prominent in the community. All of these topics were followed up in more detail in design sessions and additional talks.
Key Takeaways from the weather report and decisions made during design sessions
- CI Infrastructure which centres around bots to automate our workflow. Most of the pieces for this have been put in place in the last 12 months, but have not been integrated into the official CI infrastructure
- Community Involvement: we have been using open community calls to coordinate better, which is something we will do more of.
- We established a prioritized list of contributions based on what various vendors were planning to upstream in the coming months
You can see my talk here: https://www.youtube.com/watch?v=cEu4K8TNNjQ&list=PLYyw7IQjL-zHmP6CuqwuqfXNK5QLmU7Ur&index=10 collaborate.
Xen In the Cloud
The Xen Project continues to serve the cloud segment as a mature and stable open-source hypervisor. This year, we had the pleasure of having representatives from Amazon Web Services speak at the Summit and provide some really exciting updates on the work they are doing at AWS with Xen. Amit Shah and David Woodhouse of AWS gave a talk on Live Updates. Xen currently has two major mechanisms to maintain security while hosting untrusted VMs without causing disruption to those guests: live patching, and live migration. In this talk, Amit and David introduced a third option, live-updating Xen. A live-update operation involves loading of the newly-staged hypervisor into RAM, the currently-running Xen serializing its state, and then transferring control to the newly-staged Xen, all without disrupting running instances, beyond a little downtime when neither hypervisor is running guest vCPUs.
AWS is planning to develop live patching capability in collaboration with upstream and is also planning to submit numerous improvements to Xen’s live patching capability and build tools.
Check out the entire talk here: https://www.youtube.com/watch?v=ANaDS9BUhuA&list=PLYyw7IQjL-zHmP6CuqwuqfXNK5QLmU7Ur&index=14
Other good talks related to security and cloud computing were
- Speculative Sidechannels and Mitigations: https://www.youtube.com/watch?v=-6db2ZQg33s&list=PLYyw7IQjL-zHmP6CuqwuqfXNK5QLmU7Ur&index=23
- Secret-free Hypervisor: Now and Future: https://www.youtube.com/watch?v=ljWLSEomuaU&list=PLYyw7IQjL-zHmP6CuqwuqfXNK5QLmU7Ur&index=8
Xen in Automotive
Automotive continued to be an important area of focus for us. Artem Mygaiev from member organization EPAM Systems gave a talk around Xen in Automotive, outlining the motivation, recent achievements and challenges around safety certification.
Check out Artem’s talk here: https://www.youtube.com/watch?v=JV61-kOz1Qk&list=PLYyw7IQjL-zHmP6CuqwuqfXNK5QLmU7Ur&index=9
Walt Miner, The Community Manager for Automotive Grade Linux, gave a great update on AGL and the progress of the Project’s Virtualization Expert Group. Additionally, Walt discussed the possibility of AGL and Xen working together toward safety certification, using Xen as an AGL supported reference stack.
Unikraft Incubator Project Continues to Gain Momentum
The Unikraft Project is now two years old. Simon Kuenzer, Senior Researcher & Felipe Huici, Chief Researcher, NEC Laboratories Europe GmbH gave an update on the project and where it’s going from an internal system at NEC to an open-source incubation project within the Xen Project. Unikraft is starting to build significant momentum: it is likely to become a good platform to build specialized service domains on Xen (e.g. for a Xenstore Unikraft unikernels or driver domains) and possibly may also be of use in automotive as a small Dom0 replacement.
See the entire talk here : https://www.youtube.com/watch?v=hn3Nna-GevY&list=PLYyw7IQjL-zHmP6CuqwuqfXNK5QLmU7Ur&index=28
In this talk, Stefano Stabellini, Principal Engineer, Xilinx introduced Dom0-less VMs and Dom0-less Xen as a new way of using Xen to build mixed-criticality solutions. Dom0-less VMs are a new Xen feature that allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Dom0-less VMs use a device tree based Xen boot protocol to describe Dom0-less VMs. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings. Xen userspace tools, such as xl and libvirt, become optional. This lays the groundwork for some embedded use-cases which previously could not be handled effectively by Xen. Once a full Dom0-less Xen has been completed, it is also extremely attractive for safety certification, as it enables building Xen based systems without the need of a Dom0 or toolstack making safety certification significantly cheaper.
See Stefano’s talk here: https://www.youtube.com/watch?v=OrtV6gyHW74&list=PLYyw7IQjL-zHmP6CuqwuqfXNK5QLmU7Ur&index=29
Design Session Highlights
In addition to presentations, the Xen Project hosted design sessions where attendees, in real-time, proposed and voted on sessions at the summit. Most talks were followed by design sessions on related topics to hash out details: e.g. on Live Patching, Live Updating, etc. Not all design session notes have been posted on xen-devel@ yet: once these have been posted, I will make available a link to all session notes.
Instead of going through individual sessions, I wanted to highlight sessions which impacted how the Xen Community works:
- Following the keynote and Doug Goldstein’s talk on using robots in the CI process (see https://www.youtube.com/watch?v=qoSrqFU4LVw) we agreed on a plan for the Xen Project’s official CI Official Infrastructure v2 and worked out how to make this all happen
- We had a session on community best practice and agreed to introduce a Code of Conduct (draft to be sent) and to augment the Code of Conduct a set of Best Practices that are intended to improve how we communicate with each other on xen-devel@ and how we can make decisions more effectively
- Agreed priority list of upcoming development items: see https://cryptpad.fr/pad/#/2/pad/view/YmbVkmPVdvniTjOaUTF2kjUFXFaZu1lvYMgkrU5A8Pk/ – these will be used in Community Calls
The Xen Project has been around for more than 15 years now: as I said in the Weather Report, we are clearly headed toward adulthood, but need to get through these teenage years first. I’m excited to see the new areas for Xen to flourish, particularly Automotive and Embedded as well as the opportunity for broad collaboration on Safety Certification. In addition, it is great to see Amazon’s large presence at the developer summit and their first steps to become a significant contributor to the Xen Project. It was also great to see a significant presence from the security community, including QubesOS, OpenXT and commercial vendors active in this space. Stay tuned for a recap from Open Source Summit Japan and Automotive Grade Linux Summit, where I outlined our progress toward safety certification and the work being done in the Xen Community on this important topic.
Thank you very much to those who made it out to the Xen Summit. Your participation, support, and collaboration are critical to our community. Also, big thanks to our sponsors, Citrix, Huawei, ARM, and Vates for making our time together possible.