With their newest release, the team behind Xen Project Hypervisor 4.12 says that it is focusing on security and reducing code size in the open-source virtual machine monitoring platform. In a blog post, the team outlined the plans and their additional focus on renewed x86 architecture support, features for embedded and automotive, and more.
“This version of Xen will be more configurable, significantly reducing integration costs for business and organizations which customize Xen heavily,” Lars Kurth, director of open source at Citrix, which manages Xen Project, wrote in the post. “Additionally, Xen 4.12 continues to build upon previous versions regarding cleaner architecture, improved user experience, and future proofing.”
Kurth wrote in the blog post that the “leaner” x86 architecture support in Hypervisor 4.12 means fewer lines of code and thus a smaller attack surface. The update implements the Credit 2 Scheduler for scheduling latency-sensitive workloads, PVH with the ability to boot in Grub2, and PVH Dom0, an Intel-exclusive option that fixes some bugs.
Features like HVM/PVH and PV only Hypervisor implements a number of features which help to produce final builds with a significant reduction in memory use and attack surface. The feature also “enables cloud and hosting providers which do not offer support for PV guests to deploy HVM/PVG only hypervisors which in turn, increases security,” Kurth wrote.
Additionally, QEMU deprivilege improves security at the QEMU layer; Argo — a hypervisor-mediated data exchange, provides improved exchange pathways between different virtual machines; and improvements to virtual machine introspection improves zero-day vulnerability detection, Kurth wrote.
Embedded and automotive features add Dom0less VMs for statically partitioned systems, decreasing boot times and reducing safety certification with the removal of Dom0; and tiny arm configurations, which lets users build Xen variants “for specific hardware, such as Renesas RCar 3 and Xilinx Ultrascale+ MPSoC with a minimal set of drivers and features that are needed for mixed-criticality systems,” Kurth wrote.
More information about the release can be found on the project’s blog.