[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] RFC: Boot Domain, domB

Hello Christopher,

On 20.06.18 03:58, Christopher Clark wrote:
Mixed-criticality and safety-critical systems under development need support for timely boot of multiple domains at system launch -- “Initial Domains” -- with static assignment of resources between them, each isolated from the others and without runtime dependency on a “dom0”-type domain.
DomB is responsible for starting a set of domains from the material it discovers within its ramdisk. Once they are running, DomB terminates with launch success status indicator, in a step we refer to as “Exit Xen Boot Services”. The domain termination makes it easy to verify that all DomB privileges have been dropped.

If you are speaking about mixed criticality systems, you need domain reboot functionality. Which seems to be lost with DomB termination. Even if it is a safety-critical system, with several domains, you still have to handle possible crashes (reboots, shutdowns, etc.) of one of the domains. And again, with DomB termination, you are losing an entity able to handle the situation.


*Andrii Anisov*

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.