Xen 4.16 arrives with support improvements for ARM, an initial port for RISC-V and more

After eight months of development, free Xen 4.16 hypervisor released, version in which companies such as Amazon, Arm, Bitdefender, Citrix and EPAM Systems have contributed to the development of the new version.

For those unfamiliar with Xen, you should know that is an open source virtual machine monitor developed by the University of Cambridge. The design goal is to be able to run fully functional instances of operating systems in a fully functional way on a single computer.

Xen provides secure isolation, resource control, quality of service guarantees and hot virtual machine migration. Operating systems can be explicitly modified to run Xen (while maintaining compatibility with user applications).

This enables Xen to achieve high-performance virtualization. without special hardware support. Intel has made a number of contributions to Xen that have added support for its VT-X Vanderpool architecture extensions.

This technology allows unmodified operating systems to act as hosts within virtual machines Xen, as long as the physical server supports the Intel VT or AMD Pacifica extensions.

Xen 4.16 Main New Features

In this new version of the hypervisor it is highlighted that in TPMManager, which provides virtual chips for storing cryptographic keys (vTPM), implemented on the basis of a common physical TPM (Trusted Platform Module), It has been patched to further support the TPM 2.0 specification.

Also se added a greater reliance on PV Shim layer used to run unmodified paravirtualized guest (PV) systems in PVH and HVM environments. In the future, use of 32-bit paravirtualized guest systems will only be possible in PV Shim mode., which will reduce the number of places in the hypervisor where there can be potential vulnerabilities.

It is also highlighted that obsolete components were cleaned, stopped compiling "qemu-xen-traditional" and PV-Grub code by default (the need for these Xen-specific forks disappeared after Xen-compatible changes were carried over to the main QEMU and Grub).

On the other hand, we can find the improved support for non-dom0 mode, which allows you to bypass the implementation of the dom0 environment by starting virtual machines at an early stage of server startup. The changes made allow the implementation of support for 64-bit ARM systems with EFI firmware.

The support for ARM systems 64-bit heterogeneous systems based on the big.LITTLE architecture, combining powerful, but power-consuming cores and less efficient, but more energy-efficient cores on a single chip.

Besides, also a RISC-V port stands out, which during this release cycle, significant work has been done internally to get dom0 to boot on RISC-V hardware, focusing on introducing functionality to allow interrupt management, along with other interfaces needed for early boot code.

Of the other changes that stand out from this new version:

  • Added the ability to boot on Intel devices without a Programmable Interval Timer (PIT).
  • For ARM guests, initial support for virtualized performance monitor counters was implemented.
  • Increased hardware support by allowing Xen to start on Intel devices that lack a programmable interval timer.
  • Cleanup of legacy components when you stop compiling QEMU Traditional or PV-Grub by default. Note that both projects have merged Xen upstream support now, so using Xen-specific forks is no longer recommended.
  • Initial support for guest virtualized performance monitor counters on Arm.
  • Improved support for heterogeneous 64-bit Arm systems by leveling out CPU roles across all to improve big.LITTLE support.

Finally if you are interested in knowing more about it, you can consult the details in the following link. The release of updates for the Xen 4.16 branch will last until June 2, 2023 and the release of vulnerability fixes until December 2, 2024.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.