Skip to main content

XEN PROJECT SHIPS VERSION 4.16 WITH FOCUS ON IMPROVED PERFORMANCE SECURITY AND HARDWARE SUPPORT

By December 2, 2021December 7th, 2021Announcements

NEW VERSION INTRODUCES ARM VIRTUAL PERFORMANCE MONITOR COUNTERS AND BROADER X86 HARDWARE SUPPORT. COMMUNITY INITIATIVES, INCLUDING FUNCTIONAL SAFETY AND VIRTIO, CONTINUE TO PROGRESS.

The Xen Project, an open source hypervisor hosted at the Linux Foundation, announced the release of Xen Project Hypervisor 4.16, which introduces various features allowing for improved performance, security, functionality, and hardware support. The Xen Project community continues to be active and engaged, with a wide range of developers from many companies and organizations contributing to this latest release. Additionally, community-wide initiatives, including Functional Safety and VirtIO for Xen, continue to make valuable progress.

“The Xen Project continues to make progress in order to expand its use cases into the embedded world while keeping the mature enterprise support. This release has seen the broadening of hardware support for both Arm and x86, together with an increase of the automated testing support and the addition of a new community initiative.”

Notable Features

  • Miscellaneous fixes to the TPM manager software in preparation for TPM 2.0 support.
  • An increased reliance on the PV shim as 32-bit PV guests will only be supported in shim mode going forward. This change reduces the attack surface in the hypervisor.
  • Increased hardware support by allowing Xen to boot on Intel devices that lack a Programmable Interval Timer.
  • Cleanup of legacy components by no longer building QEMU Traditional or PV-Grub by default. Note both projects have upstream Xen support merged now, so it is no longer recommended to use the Xen specific forks.
  • Improved support for the Gitlab automated tests: 32-bit Arm builds and full system tests for x86.
  • Initial support for guest virtualized Performance Monitor Counters on Arm.
  • Improved support for dom0less mode by allowing the usage on Arm 64bit hardware with EFI firmware.
  • Improved support for Arm 64-bit heterogeneous systems by leveling the CPU features across all to improve big.LITTLE support.

Community Initiative Updates

Functional Safety Update

In collaboration with the Zephyr project and the MISRA consortium, the Xen FuSa Special Interest Group analyzed MISRA C rules in depth and defined a subset of rules that apply to Xen and will be tackled with the community. The SIG evaluated several static code analyzers to scan the Xen code base for MISRA C violations. The team started enhancing the Xen build system with the ability to run open source MISRA C checkers as part of the Xen build, so that for future releases Xen, contributors will be able to easily improve the quality of their patches.

VirtIO drivers for Xen:

The development of VirtIO support for Arm continued making progress, currently focusing on introducing a mechanism to ease the mapping of memory from remote domains by reporting memory regions of the domain currently unused. Further work has also been done in order to improve the toolstack support to handle VirtIO block devices.

RISC-V Port:

RISC-V, an open standard instruction set architecture (ISA) based on established reduced instruction set computer (RISC) principles, is a free and open ISA enabling hardware designers to design simpler chips with a royalty-free ISA. The Xen community, led by sub-project XCP.ng, is working on a RISC-V Port for Xen.

During this release cycle significant work has been ongoing internally in order to get dom0 booting on RISC-V hardware, focusing on introducing the functionality to allow interrupt management, together with other interfaces required for early boot code.

Zephyr RTOS:

As a result of collaboration between the Zephyr and Xen projects, starting version 2.7.0, Zephyr RTOS supports some basic Xen specific features allowing it to run on Xen. With further Xen enhancements on review and development: grant tables, XenBus and starting Zephyr as Domain-0, Xen is getting closer to a full implementation of a RTOS-based “thin dom0” targeting Embedded and Safety use cases.

Community Quotes

SUSE:

“SUSE’s investment in the Xen hypervisor community project continues to deliver a stable, secure Enterprise hypervisor for our customers. In this release we recognize in particular the community work to address security challenges, as we look forward to new and improved ways to implement virtio-based communication, leveraging Xen’s advantages in workload isolation” said Claudio Fontana, Engineering Manager Virtualization, SUSE Labs Core.

Vates:

“Vates welcomes this new Xen release as it continues adding significant improvements to its core technologies, like broader hardware support and increased security. This and several other notable improvements directly benefit the XCP-ng hypervisors and several other downstream software projects. It shows the Xen community is strong and committed to serious innovation” said Olivier Lambert, co-founder and Vates CEO.

“The Xen project and its technologies increasingly show their strategic importance. Security, reliability, independence, the ability to run in the largest datacenters down to industrial PCs are becoming crucial elements of success for the future. Our efforts to port Xen on the RISC-V architecture and our recent commitment to the RISC-V foundation both display Vates’ commitment to the Xen Project and the road ahead for Xen” said Charles Schulz, Chief Strategy Officer at Vates.