The Xen Project announced this week that the latest version of the open source hypervisor can now take advantage of core scheduling, an experimental technology that enables Xen to group multiple processors together to create a single virtual central processor unit (CPU).
Lars Kurth, chairperson for the Xen Project advisory board, said this capability also represents an important first step toward developing a more secure form of hyperthreading. Since earlier this year, many IT organizations have turned off hyperthreading because of cybersecurity concerns. However, such decisions have resulted in significant performance penalties for many applications.
In addition to adding support for core scheduling, version 4.13 of Xen Project Hypervisor adds support for live patching and late uCode loading that makes it possible to install updates at runtime without having to reboot the hypervisor.
The latest version of Xen also adds support for additional processors, including AMD 2nd Generation EPYC, Hygon Dhyana 18h, Raspberry Pi4 and Intel AVX512-based platforms.
Finally, version 4.13 of Xen adds support for OP-TEE, which enables all guests to concurrently run trusted Applications on TrustZone, firmware created by ARM to isolate processors on the same system, and improvements to Dom0less, which makes it possible to partition processors running in parallel.
The Xen Project Group also announced it has created a Functional Safety Working Group, which is committed to making the Xen hypervisor compatible with ASIL-B requirements, a set of compliance requirements defined by the automotive industry. That effort represents a significant challenge because it requires code and development processes to comply with key tenets of ISO 26262, a set of standards for embedding electronics into any road vehicle.
The Xen Group is also working on developing a secret-free hypervisor, which Kurth said will play a critical role in thwarting side-channel cybersecurity attacks. Cybercriminals can employ side-channel attacks to break encryption algorithms by measuring and analyzing the physical attributes such as the amount of radiation being generated by a processor.
Kurth said version 4.13 represents a major milestone in the ongoing development of Xen. In the future, Xen will also be able to take advantage of the Rust-vmm project being led by Intel that will make it possible for a processor to run multiple types of hypervisors in a modular fashion. In addition to providing a more agile way of isolating virtual machines, Rust-vmm will reduce the amount of time required to spin up a virtual machine. Specifically, Intel is trying to make it easier for a processor to be able to run different classes of hypervisors that are optimized for legacy monolithic applications and cloud-native applications based on containers that require a much lighter-weight hypervisor.
It’s not clear to what degree advances in technologies such as core scheduling will influence the selection of hypervisors and virtual machines. However, from a DevOps perspective, it’s clear core capabilities being added to the next generation of hypervisors will not only improve application performance, but they should also significantly advance best DevSecOps practices.
Redis is taking it in the chops, as both maintainers and customers move to the Valkey Redis fork.
GitLab Duo Chat is a natural language interface which helps generate code, create tests and access code summarizations.
Expect attacks on the open source software supply chain to accelerate, with attackers automating attacks in common open source software…
The emergence of low/no-code platforms is challenging traditional notions of coding expertise. Gone are the days when coding was an…
Datadog today published a State of DevSecOps report that finds 90% of Java services running in a production environment are…
Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux…