[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.7 Headline Features (for PR)

On 4/27/16 8:12 AM, Lars Kurth wrote:
>> On 24 Apr 2016, at 02:06, Doug Goldstein <cardoe@xxxxxxxxxx> wrote:
>> On 4/22/16 9:25 AM, George Dunlap wrote:
>>> On Fri, Apr 22, 2016 at 3:22 PM, Lars Kurth <lars.kurth.xen@xxxxxxxxx> 
>>> wrote:
>>>>> On 22 Apr 2016, at 15:08, George Dunlap <dunlapg@xxxxxxxxx> wrote:
>>>>> kconfig for the hypervisor
>>>> This is one which potentially has a big security impact and could be a 
>>>> Headline Feature. Just to remind me, is KCONFIG a run-time or build-time 
>>>> config mechanism. If the latter, distro users will not benefit from it.
>>> Kconfig is build-time.  Distros could use it in principle, and I think
>>> Gentoo will (that was part of Doug's motivation for doing it, IIUC).
>>> But yes, I suspect most distros will keep everything in by default.
>>> It's more a feature for embedded / security-conscious vendors.
>>> -George
>> Not really important but I figured I'd be clear about my motivations.
>> For Gentoo I'll actually keep the stock settings. For Yocto I'll keep
>> the stock settings but expose a way to run kconfig (like the linux
>> kernel is in Yocto) for vendors with a security focus. I'm aware of a
>> handful of downstream vendors which will utilize that capability.
> Doug, this is good background information. Is the YOCTO work something 
> ongoing, or is it something which we can refer to in the press coverage. I 
> guess what you are saying is that YOCTO will (or already contains) a simple 
> way to build a minimal Xen distribution.
> Lars

Yes I try to keep the Yocto Project's meta-virtualization [1] layer in a
good state for building the latest Xen version for the latest version of
Yocto. e.g. The current version of Yocto is kergoth and it contains Xen
4.6.1 (as does jethro, the prior version). I (or other people I work
with) are pretty responsive on build breakages with the in development
version (master) as we are working to promote Xen to the organizations
we work with and they rely on Yocto.

You should be able to following the Yocto Quick Start [2] with 2
hopefully minor tweaks:

1. download and add the meta-virtualization layer the same way the guide
has you add other layers
2. don't build core-image-minimal or core-image-sato but instead build

The resultant image should boot Xen 4.6.1 and a fairly recent Linux
kernel as dom0 (I believe the version as of this writing is 4.4.x). The
Xen image will be build with the stock './configure && make' options.
However there are a number of ways at customizing it (e.g. using XSM)
using normal Yocto methods.

[1] http://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/about/

Doug Goldstein

Attachment: signature.asc
Description: OpenPGP digital signature

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.