KubeCon + CloudNativeCon Europe · Apr 1-4 · London REGISTER TODAY

Search

    Join
    6 MIN READ

    Xen Project Announces Xen 4.20 Release with Enhanced Security and Performance

    Linux Foundation Europe | 05 March 2025

    Press Release (Twitter Post) (7)

    Xen 4.20 introduces significant security updates, improved virtualization performance, and key enhancements that further solidify Xen’s position as a leading open source hypervisor.

    SAN FRANCISCO – March 5, 2025 – The Xen Project, an open source hypervisor hosted by the Linux Foundation, today announced the release of Xen 4.20, delivering enhanced security, performance optimizations, and expanded architecture support for x86, Arm, and early staged support for RISC-V and PPC. The latest version introduces significant security updates, improved virtualization performance, and key enhancements that further solidify Xen’s position as a leading open source hypervisor for cloud computing, embedded systems, and enterprise applications.

    “Security and performance remain at the heart of Xen’s development,” said Kelly Choi, Community Manager at the Xen Project. “Xen 4.20 represents a significant milestone in virtualization technology and empowers enterprises, cloud providers, and hardware vendors with high-performance solutions that meet the demands of modern enterprise infrastructure.”

    The release of 4.20 positions Xen as the go to open source hypervisor to meet the security and performance demands of enterprise leaders and cloud providers. Xen 4.20 introduces improved security mechanisms, expanded processor support, and critical hypervisor refinements that make virtualization more robust and efficient. Compared to the previous release, Xen 4.20 features a performance boost for introspection tools, better device passthrough capabilities, and cache coloring. This release also introduces expanded support for modern enterprise architectures, with optimizations for Zen 5 processors. With a focus on usability and performance, Xen 4.20 makes virtual machine management seamless while reinforcing system security through comprehensive vulnerability mitigations. 

    Key Features and Enhancements in Xen 4.20


    Security & Code Quality Improvements 
    • Expanded MISRA C compliance: Integrated ECLAIR MISRA C scanner in GitLab CI, enforcing 90 rules with zero unjustified violations.
    • Enabled UBSAN (Undefined Behaviour Sanitiser) by default for x86, Arm64, RISC-V and PowerPC in GitLab CI.
    • Integrated two of our existing fuzzing harnesses into OSSFuzz.

    Hypervisor Core Enhancements 
    • Fixes in the blkif protocol specification for non-512b sector sizes.
    • Security and performance enhancements: The domain builder in libxenguest no longer un-gzips secondary modules, leaving it to the guest kernel.
    • Continued to improve the common/arch code split, including improved bit-operation helpers for bit scanning and hamming weight.
     
    Architecture-Specific Updates 
    • x86 Enhancements
      • On Intel CPUs, support the Paging-Write Feature.  This allows for more efficient monitoring of guest page-table updates, reducing EPT violation overhead.
      • AMD Zen 5 CPU support, including mitigation for SRSO speculative vulnerability.
      • Switched the xAPIC flat driver to use physical destination mode for external interrupts instead of logical destination mode. 
      • Improve Xen ability to boot (and reboot) using the default configuration on possibly quirky EFI firmware.  This is achieved by not using the GetTime() or ResetSystem() runtime methods, which are known to be broken on some EFI implementations.
      • Removed:
        • Support for running on Xeon Phi processors.
        • x2APIC Cluster Mode (logical delivery mode) for external interrupts.  x2APIC Physical only and Mixed Modes are still available.
      • In addition, there has been a substantial overhaul to the way in which boot module handling works (part of the Hyperlaunch work in progress), and a substantial overhaul to how the 32bit early boot code is built and linked (part of the UEFI SecureBoot work in progress).

    • Arm Enhancements
      • Support for LLC (Last Level Cache) coloring for performance optimizations.
      • Experimental support for Armv8-R.
      • Support for NXP S32G3 Processors Family and LINFlexD UART driver.
      • FF-A improvements: Adds indirect message support and enhances RXTX buffer transmission to SPMC, fixes version negotiation and partition information retrieval.
      • SCMI requests handling: basic handling for SCMI requests over SMC using Shared Memory, by allowing forwarding the calls to EL3 FW if coming from the hardware domain.
      • To enable Xen towards safety certification, 43 requirements have been added. The requirements are structured as market, product and design. OpenFastTrace is used for linking the requirements.

    • RISC-V and PowerPC Progress (development stage)
      • RISC-V: Enhancements in device tree mapping and memory management initialization.
      • PowerPC: Early boot allocation improvements.
     
    Security Announcements  Supporting Quotes

    During the 4.20 development window, 8 new Xen Security Advisories (XSAs) were published. These comprise:

    • 4 fixes in the hypervisor
    • 1 fix in the toolstack
    • 1 clarification of supported use cases
    • 2 fixes in external projects

    Industry & Ecosystem Support

    Xen 4.20 has been developed with contributions from major industry partners, including AWS, ARM, AMD, HONDA, EPAM, Vates, and XenServer. This release reinforces Xen’s role in server virtualization, cloud infrastructure, security applications, and embedded systems.

    The Xen Project invites developers, enterprises, and cloud providers to contribute to future releases and help drive the open source virtualization ecosystem forward. For more details on Xen 4.20, please visit: https://xenproject.org

     

    Supporting Quotes

    "Citrix celebrates the release of Xen 4.20 and the significant advancements it brings to code safety and security across multiple architectures. This new release represents another major step forward in trusted virtualization technology. We are committed to working with the community to further the development of the Xen hypervisor, and to integrating these enhancements into the XenServer product so that our users continue to benefit from the robustness of open-source server virtualization."
    – Diego Novellon, Software Engineering Manager, Citrix

     

    "We are excited to see this new release happening. It comes not just with several notable improvements in terms of security, but also with a host of new features for alternative architectures and improved support for advanced boot options. All this and the arrival of two new strategic sponsors show a renewed interest and focus in the Xen Project. We expect 2025 to be a year of growth for our community and for the Xen ecosystem at large".
    – Charles-H. Schulz, Chief Strategy Officer at Vates.

     

    "The Xen 4.20 release marks significant progress towards functional safety compliance and broad automotive industry adoption. This is achieved through extension of technical requirements documentation, addition of system fuzzing, and expanded MISRA C support. EPAM is actively contributing to this advancement by addressing feature gaps, refining documentation, and everything that proves Xen's safety and determinism. Ultimately, these efforts will enable Xen to fully erase the gap between mission-critical embedded systems and high-performance computing through isolation and platform virtualization."
    – Alex Agizim, CTO, Automotive & Embedded Systems

    ***

    About the Xen Project
    The Xen Project, hosted by The Linux Foundation, is an open source hypervisor powering some of the world’s largest cloud platforms, embedded systems, and security applications. Xen’s flexible architecture enables high-performance, secure, and scalable virtualization solutions. The Xen Project community includes major industry contributors, researchers, and developers dedicated to advancing open source virtualization technology.

    About the Linux Foundation 

    The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, LF Decentralized Trust, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org

    The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

     

    Media Contact

    Noah Lehman

    The Linux Foundation

    nlehman@linuxfoundation.org

     

    About The Linux Foundation

    The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

    Stay Connected with the Linux Foundation