Xen Project Hypervisor 4.13 Brings Enhanced Security and New Features

Xen Project, an open source hypervisor hosted at the Linux Foundation, has released the latest version of its Xen Project Hypervisor solution, version 4.13. The new version comes with improved security and hardware support; added new options for embedded use cases; while reflecting a wide array of contributions from the community and ecosystem.

“Xen 4.13 combines improved security, broader support for hardware platforms, an easier adoption path for embedded and safety-critical use-cases, as well as a broad representation of diverse community collaboration,” said Lars Kurth, Xen Project Advisory Board Chairperson. “In addition to the significant features we are adding, including Core scheduling, late uCode loading, live-patching and added support for OP-TEE and improvements to Dom0less, our community is laying the groundwork for a fully functional and more easily safety certifiable platform for Xen.”

The latest Xen Project Hypervisor release would represent a fundamental shift in the long-term direction of Xen, one which solidifies its resilience against security threats due to side channel attacks and hardware issues.

Security

Xen 4.13 provides key updates in defense against hardware vulnerabilities including Core scheduling, late uCode loading and branch hardening to mitigate against Spectre v1. Xen 4.13 is the first step in revamping key architectural functionality within Xen that allows users to better balance security and performance.

Key update details include:

  • Core scheduling – a newly introduced experimental technology that allows Xen to group virtual central processing units (CPUs) into virtual Cores and schedules these on physical cores. Switching between virtual cores on a physical core is synchronized and there are never virtual CPUs of different virtual cores running at the same time on a single physical core.
    While Core scheduling does not yet allow users to re-enable hyperthreading, together with other features currently under development (such as the secret-free Hypervisor), its inclusion in Xen 4.13 would be critical for providing a better security-performance trade-off in the near future. Users are encouraged to stress-test.
  • Ability to install uCode updates at run-time via late uCode loading – avoiding system reboots that are otherwise necessary.
  • Live-patching improvements – which extend the capability of the Xen Project Hypervisor without the need to reboot, providing added efficiency.
  • Branch hardening – removes a number of potential gadgets reducing the attack surface using Spectre v1.

“The Xen Project Hypervisor has always focused on securely isolating VMs, enabling operators to run multi-tenant workloads with confidence,” said Jacus de Beer, Director of Engineering, Hybrid Cloud Platforms, Citrix. “Xen 4.13 builds on this heritage by further defending against attacks which attempt to leverage hardware-based side channels. Xen 4.13 also helps integrators and operators to simplify system maintenance and reduce downtime using the new live-patching, and run-time microcode-loading features. This blend of security and serviceability helps Citrix Hypervisor, which uses Xen at its core, to deliver a dependable platform to our cloud, server and desktop virtualization customers.”

Embedded and Safety-Critical

Xen 4.13 brings new features that provide easier adoption for embedded and safety-critical use-cases, specifically ISO 26262 and ASIL-B.

Key update details include:

  • Extending the range of use-cases for Dom0less Xen and improve usability by making it easy to build Dom0less Xen configurations.
  • Adding support for Renesas’ VMSA compatible IO-MMU targeting Arm-based 3rd generation R-Car system-on-chips. This is the first IO-MMU in Xen that supports functional safety, which is an important milestone towards making Xen compliant with ASIL-B requirements.
  • OP-TEE support enabling all guests to concurrently run trusted Applications on Arm’s TrustZone without interfering one with another.

In addition, the Xen Project community has created a Functional Safety Working group supported by multiple vendors, including safety assessors. This group is working on a multi-year plan that makes it possible for vendors to consume Xen Project software in a fashion that is compatible with ASIL-B requirements. This would be quite a significant challenge that requires code and development processes to comply with key tenets of ISO 26262.

Support for new hardware platforms

Xen 4.13 brings support for a variety of hardware platforms. Most notably, Xen 4.13 introduces support for AMD 2nd Generation EPYC with “exceptional performance-per-dollar”, connectivity options, and security features. In addition, Xen 4.13 also supports Hygon Dhyana 18h processor family, Raspberry Pi4 and Intel AVX512.

“AMD has been a long-time contributor to the Xen Project and we are pleased to include Xen in our growing AMD 2nd Generation EPYC ecosystem,” said Raghu Nambiar, Corporate Vice President and CTO of Datacenter Ecosystems & Application Engineering, AMD. “The Xen 4.13 based hypervisors running on servers powered by AMD EPYC processors are well suited for many different workloads and help provide customers an attractive total cost of ownership. In particular, the results of VDI performance tests demonstrate the power of Xen on AMD EPYC processors.”