Major release makes Xen an attractive option for automotive and embedded technologies.
SAN FRANCISCO – April 2, 2019 — The Xen Project, an open source hypervisor hosted at the Linux Foundation, today announced the release of Xen Project Hypervisor 4.12. This latest release adds impressive feature improvements around security and code size, x86 architectural renewal and additional updates making the technology ideal for embedded and automotive industries.
The leaner architecture in Xen 4.12 reduces the lines of code and in turn, reducing the potential for security vulnerabilities while making Xen an attractive option for use in mixed-criticality systems. Additionally, improving de-privileged QEMU, through defense-in-depth techniques, as well as improving VMI, reduces exposure to unknown security threats. This version of Xen will be more configurable, significantly reducing integration costs for business and organizations which customize Xen heavily. Additionally, Xen 4.12 continues to build upon previous versions regarding cleaner architecture, improved user experience, and future proofing.
“Xen Project Hypervisor 4.12 is a clear example of the project delivering on its promise for revamped architecture, a major step forward to unlock market segments such as security products as well as embedded and automotive,” said Lars Kurth, chairperson of the Xen Project Advisory Board. “As we continue to serve the hosting and cloud markets, we will also focus on streamlining the certification process for Xen while helping the security embedded automotive vendors that are invested in Xen continue to build attractive products on top of the hypervisor.”
Security & Code Size
The Xen 4.12 release builds upon the security features of previous releases, continuing Xen’s legacy of being the safest and most stable hypervisor for security-focused environments.
x86 Architectural Renewal
The new Xen 4.12 features renew how x86 architecture support is implemented in Xen, a multi-year effort that is nearing completion.
Embedded/Automotive
The Project is working to make Xen more easily safety certifiable targeting embedded and automotive use-cases. These new upgrades will increase the viability of Xen for use in mixed-criticality systems.
Additional Technical Features
The new Xen 4.12 upgrade also includes improved IOMMU mapping code, which is designed to significantly improve the startup times of AMD EPYC based systems.
The upgrade also features Automatic Dom0 Sizing which allows the setting of Dom0 memory size as a percentage of host memory (e.g. 10%) or with an offset (e.g. 1G+10%).
Comments from Xen Project Users and Contributors:
Apertus Solutions
“With today’s introduction of the hypervisor-mediated exchange protocol Argo, Non-bypassable and Always-invoked (NEAT) properties are now possible with the Xen hypervisor,” said Daniel P. Smith, Chief Technologist at Apertus Solutions. “Early separation kernel concepts were defined in the 1980’s by John Rushby’s seminal work, extended by Jim Alves-Foss for virtual systems, and distilled into NEAT properties for Multiple Independent Levels of Separation (MILS) systems. Apertus Solutions looks forward to future Xen Security Modules (XSM) type assertion capabilities that only a hypervisor-mediated exchange protocol like Argo can deliver on a per-message basis, on the trusted computing foundations of DRTM, TrenchBoot, disaggregated Xen and OpenXT.”
Assured Information Security
“Argo is a robust inter-VM communication protocol for Xen with emphasis on security and isolation for trusted systems,” said Rich Turner, Principal Engineer, SecureView, Assured Information Security. “Assured Information Security (AIS) is committed to advancing the support and implementation of Argo in secure products and services. As long-standing supporters and contributors of OpenXT, AIS is excited by the security advancements that Argo provides to Xen and downstream projects like OpenXT. Our customers count on secure isolation and communication within our products and Argo will further our ability to deliver secure, safe, and mission-critical products.”
Bitdefender
“As a member of the Advisory Board, we are fully committed to supporting Xen Project. We are impressed with the technological advancements the Xen Project team introduced with the Xen 4.12 release and look forward to contributing to the future success of the project,” said Mihai Donțu, Chief Linux Officer at Bitdefender. “The new functionality developed in Virtual Machine Introspection (VMI) is enhancing the overall performance of purposely built security solutions that take advantage of this subsystem. Bitdefender Hypervisor Introspection is leveraging the VMI subsystem to defend virtual machines against zero-day exploits and is using Altp2m and #VE to improve the solution performance.”
Citrix
“With its 4.12 release, the Xen Project Hypervisor builds upon its already strong foundations of dependable workload isolation and cutting edge security features,” said James Bulpin, Senior Director, Technology, Citrix. “By delivering on QEMU de-privilege, and enabling integrators to optionally exclude code for unused virtualization modes, Xen 4.12 exhibits valuable defense-in-depth, and attack surface minimization qualities. These capabilities enable Citrix Hypervisor, which uses Xen at its core, to deliver dependable security to our cloud, server, and desktop virtualization customers.”
DornerWorks
“As a long time proponent of embedded virtualization for commercial and safety-critical applications, DornerWorks is excited by the continued focus of the Xen community on not only large server clusters but also on the smaller embedded systems that we rely on every day,” said Steven H. VanderLeest, Ph.D, Chief Operating Officer at DornerWorks. “We are especially pleased with the release of Dom0less boot and configuration options to reduce ARM code size, which will help reduce the certification and maintenance burden while improving Xen’s boot time and performance.”
EPAM
“The latest release of Xen Hypervisor is the first step towards functional safety regulation compliance, reducing external non-compliant component dependency and introducing minimal code footprint configuration. These changes enable the usage of Xen Hypervisor in complex, mixed-safety automotive systems, such as digital cockpits or communication gateways,” said Alex Agizim, CTO, Automotive & Embedded Systems, EPAM.
Star Lab
“The release of Xen 4.12 enables Star Lab to continue delivering Crucible, our highly performant and secure virtualized solution for tactical virtualization,” said Irby Thompson, CEO of Star Lab. “Xen 4.12 helps reduce the size of the core hypervisor, while further isolating control logic from the guests, increasing security benefits for Star Lab and our customers. Additionally, Xen 4.12 will enable Star Lab to continue the development of hypervisor offerings for its ARM platform customers. Star Lab is looking forward to collaborating with the Xen community on additional dom0less and tiny ARM developments.”
Qubes OS
“Reducing the Xen code size, its complexity, moving more parts away from Paravirtualization (PV), and making optional features configurable at build time is hugely beneficial in terms of reducing attack surface,” said Marek Marczykowski-Górecki, Qubes OS project leader. “We look forward to using Xen 4.12 in the next Qubes OS release to even better utilize hardware virtualization and provide secure client environment.”
SUSE
“We at SUSE have been supporting Xen as a high end, reliable technology since the very beginning of virtualization support in our enterprise products, “said Jiri Kosina Director, SUSE Labs Core. “Therefore we are very happy to see that this new hypervisor release is, once again, expanding the set of features that meet the rapidly growing demand of the current virtualization market.”
Xilinx
“Xilinx is excited to see the new features introduced by the Xen development team for the 4.12 release, especially the new Dom0-less fast boot combined with the code size reductions targeting Xilinx Zynq UltraScale+ MPSoC,” said Simon George, Director of System Software and SoC Solution Marketing at Xilinx. “These features, along with the earlier null scheduler, allow Xen to better serve diverse, embedded use cases. We look forward to Xen’s roadmap for continued work on new features for these markets.”
Additional Resources
About the Xen Project
Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including Alibaba, Amazon Web Services, AMD, Arm, Bitdefender, Citrix, Huawei, Intel, and Oracle. For more information about the Xen Project software and to participate, please visit XenProject.org.
Intel and Xeon are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.
About Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.