The Xen Project, an open source hypervisor hosted at the Linux Foundation, today announced the release of Xen Project Hypervisor 4.13, which improves security, hardware support, added new options for embedded use cases and reflects a wide array of contributions from the community and ecosystem. This release also represents a fundamental shift in the long-term direction of Xen, one which solidifies its resilience against security threats due to side channel attacks and hardware issues.

"Xen 4.13 combines improved security, broader support for hardware platforms, an easier adoption path for embedded and safety-critical use-cases, as well as a broad representation of diverse community collaboration," said Lars Kurth, Xen Project Advisory Board Chairperson. "In addition to the significant features we are adding, including Core scheduling, late uCode loading, live-patching and added support for OP-TEE and improvements to Dom0less, our community is laying the groundwork for a fully functional and more easily safety certifiable platform for Xen."

Security

Xen 4.13 provides key updates in defence against hardware vulnerabilities including Core scheduling, late uCode loading and branch hardening to mitigate against Spectre v1. Xen 4.13 is the first step in revamping key architectural functionality within Xen that allows users to better balance security and performance.

Key updates include:

• Core scheduling, a newly introduced experimental technology that allows Xen to group virtual central processing units (CPUs) into virtual Cores and schedules these on physical cores. Switching between virtual cores on a physical core is synchronized and there are never virtual CPUs of different virtual cores running at the same time on a single physical core. While Core scheduling does not yet allow users to re-enable hyperthreading, together with other features currently under development (such as the secret-free Hypervisor), it's inclusion in Xen 4.13 is critical for providing a better security-performance trade-offs in the near future. Users are encouraged to stress-test.
• Ability to install uCode updates at run-time via late uCode loading, avoiding system reboots that are otherwise necessary.
• Live-patching improvements which extend the capability of the Xen Project Hypervisor without the need to reboot, providing added efficiency.
• Branch hardening removes a number of potential gadgets reducing the attack surface using Spectre v1.

Embedded and Safety-Critical

Xen 4.13 brings new features that provide easier adoption for embedded and safety-critical use-cases, specifically ISO 26262 and ASIL-B.

Key updates include:

• Extending the range of use-cases for Dom0less Xen and improve usability by making it easy to build Dom0less Xen configurations.
• Adding support for Renesas' VMSA compatible IO-MMU targeting Arm-based 3^rd generation R-Car system-on-chips. This is the first IO-MMU in Xen that supports functional safety, which is an important milestone towards making Xen compliant with ASIL-B requirements.
• OP-TEE (https://www.op-tee.org/) support enabling all guests to concurrently run trusted Applications on Arm's TrustZone without interfering one with another. 

In addition, the Xen Project community has created a Functional Safety Working group supported by multiple vendors, including safety assessors. This group is working on a multi-year plan that makes it possible for vendors to consume Xen Project software in a fashion that is compatible with ASIL-B requirements. This is a significant challenge that requires code and development processes to comply with key tenets of ISO 26262, a challenge which has not yet been solved by any open source project, but which multiple projects are trying to address.

Support for new hardware platforms

Xen 4.13 brings support for a variety of hardware platforms. Most notably, Xen 4.13 introduces support for AMD 2nd Generation EPYC with exceptional performance-per-dollar, connectivity options, and security features.  In addition, Xen 4.13 also supports Hygon Dhyana 18h processor family, Raspberry Pi4 and Intel AVX512.

Comments from Xen Project Users and Contributors:

"AMD has been a long-time contributor to the Xen Project and we are pleased to include Xen in our growing AMD 2nd Generation EPYC ecosystem. The Xen 4.13 based hypervisors running on servers powered by AMD EPYC processors are well suited for many different workloads and help provide customers an attractive total cost of ownership. In particular, the results of VDI performance tests demonstrate the power of Xen on AMD EPYC processors," said Raghu Nambiar, Corporate Vice President and CTO of Datacenter Ecosystems & Application Engineering, AMD.

"The Xen Project Hypervisor has always focused on securely isolating VMs, enabling operators to run multi-tenant workloads with confidence. Xen 4.13 builds on this heritage by further defending against attacks which attempt to leverage hardware-based side channels," said Jacus de Beer, Director of Engineering, Hybrid Cloud Platforms, Citrix. "Xen 4.13 also helps integrators and operators to simplify system maintenance and reduce downtime using the new live-patching, and run-time microcode-loading features. This blend of security and serviceability helps Citrix Hypervisor, which uses Xen at its core, to deliver a dependable platform to our cloud, server and desktop virtualization customers."

"The Xen Project is making huge progress in functional safety compliance, which will allow OEMs and tier 1 suppliers to design mixed safety systems using an open source hypervisor," said Alex Agizim, CTO, Automotive & Embedded, EPAM Systems. "We are excited to be part of this initiative as one of the leaders in Xen's FuSa SiG and enable vehicles to be part of the connected services ecosystem."

"At SUSE we are constantly looking at the requirements of performance and  security in our enterprise solutions. Xen's new scheduling option 'core scheduling' is the result of many months of work in the Xen community  championed by SUSE," said Claudio Fontana, Engineering Manager, Virtualization, SUSE. "It demonstrates a new way to take advantage of hardware optimizations,  without compromising on the security of our customers' systems, that  should also be looked at as a successful example to spark similar work  and discussions in other large open source projects."

"Xilinx sees Xen Project Hypervisor as the leader in the embedded and automotive virtualization space," said Tony McDowell, Senior Product Marketing Engineer at  Xilinx. "Xilinx embraces and continues to enhance with support the Xen Project by completing our development of key features required to have usable and easily configured Dom0-less systems."