The Xen Project, an open source hypervisor hosted at the Linux Foundation, today announced the release of Xen Project Hypervisor 4.13, which improves security, hardware support, added new options for embedded use cases and reflects a wide array of contributions from the community and ecosystem. This release also represents a fundamental shift in the long-term direction of Xen, one which solidifies its resilience against security threats due to side-channel attacks and hardware issues.
Xen 4.13 provides key updates in defense against hardware vulnerabilities including Core scheduling, late uCode loading and branch hardening to mitigate against Spectre v1. Xen 4.13 is the first step in revamping key architectural functionality within Xen that allows users to better balance security and performance.
Key updates include:
- Core scheduling, a newly introduced experimental technology that allows Xen to group virtual central processing units (CPUs) into virtual Cores and schedules these on physical cores. Switching between virtual cores on a physical core is synchronized and there are never virtual CPUs of different virtual cores running at the same time on a single physical core. While Core scheduling does not yet allow users to re-enable hyperthreading, together with other features currently under development (such as the secret-free Hypervisor), it’s inclusion in Xen 4.13 is critical for providing a better security-performance trade-offs in the near future. Users are encouraged to stress-test.
- Ability to install uCode updates at run-time via late uCode loading, avoiding system reboots that are otherwise necessary.
- Live-patching improvements which extend the capability of the Xen Project Hypervisor without the need to reboot, providing added efficiency.
- Branch hardening removes a number of potential gadgets reducing the attack surface using Spectre v1.
Xen 4.13 brings new features that provide easier adoption for embedded and safety-critical use-cases, specifically ISO 26262 and ASIL-B.
Key updates include:
- Extending the range of use-cases for Dom0less Xen and improve usability by making it easy to build Dom0less Xen configurations.
- Adding support for Renesas’ VMSA compatible IO-MMU targeting Arm-based 3rd generation R-Car system-on-chips. This is the first IO-MMU in Xen that supports functional safety, which is an important milestone towards making Xen compliant with ASIL-B requirements.
- OP-TEE (https://www.op-tee.org/) support enabling all guests to concurrently run trusted Applications on Arm’s TrustZone without interfering one with another.
In addition, the Xen Project community has created a Functional Safety Working group supported by multiple vendors, including safety assessors. This group is working on a multi-year plan that makes it possible for vendors to consume Xen Project software in a fashion that is compatible with ASIL-B requirements. This is a significant challenge that requires code and development processes to comply with key tenets of ISO 26262, a challenge which has not yet been solved by any open source project, but which multiple projects are trying to address.