News Go

News & articles

Xen Hypervisor 4.10 Focuses on Security and Better ARM Support

The Xen Project released version 4.10 of their hypervisor with an improved architecture for x86, support for ARM processor hardware updates, and changes to schedulers and the user interface.

Xen is an open source hypervisor. Amazon Web Services (AWS) has been using Xen, which is a Linux Foundation project, as its primary hypervisor. It’s also used by other cloud providers like Tencent, Alibaba Cloud, Oracle Cloud and IBM SoftLayer. The 4.10 release was a short one with code quality and hardened security as the focus areas. Xen has seen security issues in the past that affected cloud provider services.

The x86 core of the hypervisor has been re-architected to support the PVHv2 mode. Guest operating systems running on PVHv2 have a smaller Trusted Computing Base (TCB). The TCB is a collective acronym for hardware and software that are critical to a system’s security, e.g., the kernel and some utilities in an operating system. Reducing the TCB in turn reduces the attack surface of the system. Xen uses QEMU, the open source emulator, to support hardware virtualization to take full advantage of underlying hardware capabilities. In both versions 4.9 and 4.10 of Xen, the interface between Xen and QEMU was reworked to restrict the impact that security vulnerabilities in QEMU can have on guest operating systems running on Xen.

The 4.10 release also saw support for newer ARM hardware features. ARM processors are commonly used in portable and embedded devices. Xen on ARM architectures supports a single kind of guest, unlike for x86, which supports both paravirtualization and hardware virtualization. The former type of virtualization requires changes to the operating system’s code whereas the latter does not. ARM processors have a number of virtualization extensions which are supported by Xen. The 4.10 release adds support for latest System-on-Chip (SOC) technology, UART emulation and Interrupt Translation Services (ITS). UART is a chip that can manage computer…

Read the full article from the Source…

Back to Top