Re: [Publicity] Blog-post RFC: Hardening Xen against VENOM-style attacks

[George Dunlap <george.dunlap@xxxxxxxxxxxxx>]

On 05/14/2015 11:39 AM, Anil Madhavapeddy wrote:
> Yeah... it's worth noting that unikernels like MirageOS or HaLVM never use 
> the x86 device emulation and so require a far easier to audit hypervisor TCB 
> that doesn't involve qemu.
> 
> Also, is it worth mentioning why the qemu stub domain isn't the default?  Is 
> it all compiled and installed in most of the hypervisor distributions on 
> Ubuntu/CentOS/etc?  I don't think even XenServer uses qemu stub domains, 
> although that might have changed in the recent release.

Well the main reason is that qemu-upstream doesn't work with stub
domains yet.  Anthony worked on it for what, a year?  He got pretty far
but there are just a lot of thorny issues to deal with.

 -George


_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity