Xen project Mailing List

Re: [Xen-devel] Xen 4.7 Headline Features (for PR)

To: Lars Kurth <lars.kurth.xen@xxxxxxxxx>

From: Doug Goldstein <cardoe@xxxxxxxxxx>

Date: Sun, 1 May 2016 23:28:51 -0500

Cc: Zibby Keaton <zkeaton@xxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, George Dunlap <dunlapg@xxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>

Delivery-date: Mon, 02 May 2016 04:29:13 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 4/27/16 8:12 AM, Lars Kurth wrote: > >> On 24 Apr 2016, at 02:06, Doug Goldstein <cardoe@xxxxxxxxxx> wrote: >> >> On 4/22/16 9:25 AM, George Dunlap wrote: >>> On Fri, Apr 22, 2016 at 3:22 PM, Lars Kurth <lars.kurth.xen@xxxxxxxxx> >>> wrote: >>>> >>>>> On 22 Apr 2016, at 15:08, George Dunlap <dunlapg@xxxxxxxxx> wrote: >>>>> >>>>> >>>>> kconfig for the hypervisor >>>> >>>> This is one which potentially has a big security impact and could be a >>>> Headline Feature. Just to remind me, is KCONFIG a run-time or build-time >>>> config mechanism. If the latter, distro users will not benefit from it. >>> >>> Kconfig is build-time. Distros could use it in principle, and I think >>> Gentoo will (that was part of Doug's motivation for doing it, IIUC). >>> But yes, I suspect most distros will keep everything in by default. >>> It's more a feature for embedded / security-conscious vendors. >>> >>> -George >> >> Not really important but I figured I'd be clear about my motivations. >> For Gentoo I'll actually keep the stock settings. For Yocto I'll keep >> the stock settings but expose a way to run kconfig (like the linux >> kernel is in Yocto) for vendors with a security focus. I'm aware of a >> handful of downstream vendors which will utilize that capability. > > Doug, this is good background information. Is the YOCTO work something > ongoing, or is it something which we can refer to in the press coverage. I > guess what you are saying is that YOCTO will (or already contains) a simple > way to build a minimal Xen distribution. > Lars > Yes I try to keep the Yocto Project's meta-virtualization [1] layer in a good state for building the latest Xen version for the latest version of Yocto. e.g. The current version of Yocto is kergoth and it contains Xen 4.6.1 (as does jethro, the prior version). I (or other people I work with) are pretty responsive on build breakages with the in development version (master) as we are working to promote Xen to the organizations we work with and they rely on Yocto. You should be able to following the Yocto Quick Start [2] with 2 hopefully minor tweaks: 1. download and add the meta-virtualization layer the same way the guide has you add other layers 2. don't build core-image-minimal or core-image-sato but instead build xen-image-minimal The resultant image should boot Xen 4.6.1 and a fairly recent Linux kernel as dom0 (I believe the version as of this writing is 4.4.x). The Xen image will be build with the stock './configure && make' options. However there are a number of ways at customizing it (e.g. using XSM) using normal Yocto methods. [1] http://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/about/ [2] http://www.yoctoproject.org/docs/current/yocto-project-qs/yocto-project-qs.html -- Doug Goldstein

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.