SlideShare a Scribd company logo

Rootlinux17: An introduction to Xen Project Virtualisation

The Linux Foundation
The Linux Foundation

This talk provides an overview of the Xen Project eco-system and its main use-cases in a number of important market segments: it covers server virtualization, cloud computing and embedded, automotive and related. Lars Kurth highlights why the Xen Project is relevant in these market segments: he provides an overview of the Xen Project's architecture, relevant existing functionality and ongoing and planned developments. To complement the picture, he covers open-source projects that are related to Xen and are of interest for these use-cases. Excellent Software security is key to all of these use-cases. Thus, Lars specifically covers the Xen Project's security features, track record and touches on the project's security practices. He concludes with a few resources that help you get started with the Xen Project and highlight Internship Programs which the project supports. The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video is available at https://www.youtube.com/watch?v=sjQnAIJji4k

Technology
1 of 66
Download to read offline
Lars Kurth Community Manager, Xen Project Chairman, Xen Project Advisory Board Director, Open Source, Citrix lars_kurth www.slideshare.net/xen_com_mgr/presentations
Was a contributor to various projects Worked in parallel computing, tools, mobile and now virtualization Community guy for the Xen Project Working for Citrix Accountable to the Xen Project Community Chairman of Xen Project Advisory Board
Consolidation Servers/Equipment, Cooling, Floor space Faster provisioning Flexibility Less dependency on specific Hardware Co-existing OS environments Increased uptime Live migration, storage migration, fault tolerance, HA Enhanced security
Strong Isolation Architecture provides strong isolation between VMs Grant tables System Partitioning Disaggregation: sandboxing parts of the system Fine-grain control of VM capabilities Enables multi-layered security approach Secure I/O Sandboxing disk, memory, etc. drivers New classes of threat detection Virtual Machine Introspection, alt2pm
Consolidation Single SoC Maintainability, BoM Flexibility Less dependency on specific Hardware Co-existing OS environments Additional Requirements Security requirements (same as on previous slide) Minimal IRQ latency Safety Certification Low or 0 scheduling overhead Drivers for special I/O devices
Benefits to the entire Community
Benefits to the entire Community
Introduction of key concepts
HWCPUsMemoryI/O VM1 (DomU1) Guest OS Applications VM0 (or Dom0) Dom0 Kernel Native Driver VM2 VMn Applications Guest OS Applications Guest OS Toolstack Scheduler MMU Timers InterruptsConfig *Back Driver *Front Driver
Marketing Term Mode With HVM / Fully Virtualized HVM HVM + PV drivers 1 HVM PV Drivers PVH PV pvh=1 PV PV Qemu Qemu HW PV Qemu HW HWPV PV PV PV PV WindowsLinux,BSDs,… ARM N/A PV PV HW 1) When running a Linux/BSD guest on HVM with PV drivers, we also use the term PVHVM User perspective (config file)
HW P HW PVH PV PV PV PV PV PV PV ARM N/A PV PV Simplicity: Less code & fewer Interfaces in Linux/FreeBSD Security : smaller TCB and attack surface, fewer possible exploits Clean-up : simplify Xen-Linux kernel, Xen-Any-OS interface Better Performance & Lower Latency for some workloads Dom0 must be a PV guest: run Dom0 using hardware extensions 32 bit: PV guest kernels were run in ring 1, userspace in ring 3 (HW isolation) 64 bit: no ring 1 & 2  kernel & user space must share ring 3 (TLB flushes) This is the most complex part of Xen today!
Recent developments
A tale of improved collaboration within the Xen Project Community
2015 2016 2017 4.84.7 P Why did we develop Live Patching? Affected AWS, Rackspace, IBM SoftLayer and many others Deploying security patches may require reboots; Inconveniences users How did we fix this? 2015: Design with input from AWS, Alibaba, Citrix, Oracle and SUSE Replace functions while running (old with new) in a payload Stackable payloads can be applied and removed 2016: Xen 4.7 came with Live Patching for x86 2016: Xen 4.8 added extra x86 use-cases and ARM support 2017: XenServer 7.1 releases Live Patching in first commercial product … D
Pratap Sankar @ Flickr Specification & Status xenbits.xen.org/docs/unstable/misc/livepatch.html wiki.xenproject.org/wiki/LivePatch Presentations, Videos, Demos bit.do/live-patch-detailed-ppt bit.do/live-patch-detailed-video bit.do/live-patch-short-ppt bit.do/live-patch-short-video
A new way to protect against malware
2007 2009 2011 2013 2015 2017 Enablers: from xenaccess/xenprobes to LibVMI Interesting research topic Originally used for forensics (too intrusive for server virt) AA A Xenaccess/Xenprobes LibVMI A Products AIS Introvirt, BitDefender Hypervisor Introspection, Zentific Zazen VMI: enabling commercial applications Hardware assisted VMI solves the intrusion problem Collaboration between: Zentific, Citrix, BitDefender, Intel and others VMI: HW Support (EPT, …) ARM, alt2pm, .. C CC
VM3 Guest OS App VMn Guest OS App VM2 Guest OS App Dom0 Dom0 Kernel Drivers Agent(s) Agent(s) Agent(s) Installed in-guest agents, e.g. anti-virus software, VM disk & memory scanner, network monitor, etc. Can be disabled by rootkits and advanced persistent threats (APT)
Several VM3 VMnVM2Dom0 Dom0 Kernel Drivers VM3 Guest OS App VMn Guest OS App VM2 Guest OS App Security Appliance VM1 Introspection Engine Protected area XSM/Flask or another mechanism to protect the IF Uses HW extensions to monitor memory (e.g. Intel EPT)  Low Intrusion Register rules with Xen to trap on and inspect suspicious activities (e.g. execution of memory on the dynamic heap)
All malware need an attack technique to gain a foothold Attack techniques exploit specific software bugs/vulnerability The number of available attack techniques is small Buffer Overflows, Heap Sprays, Code Injection, API Hooking, … Because VMI protects against attack techniques It can protect against entirely new malware Verified to block these advanced attacks in real-time APT28, Energetic Bear, DarkHotel, Epic Turla, Regin, ZeuS, Dyreza, … solely by relying on VMI
Rootkits & APTs Exploit 0-days in Operating Systems/System Software Can disable agent based security solutions (mask their own existence) VMI solutions operate from outside the VM Thus, it cannot be disabled using traditional attack vectors BUT: VMI is not a replacement, for traditional security solutions It is an extra tool that can be used to increase protection
Pratap Sankar @ Flickr Documentation wiki.xenproject.org/wiki/Virtual_Machine_Introspection Products AIS Introvirt XenServer www.ainfosec.com Zentific Zazen (Apr 17) Xen & XenServer & … www.zentific.com Protection & Remedial Monitoring & Admin Forensics & Data gathering Malware analysis BitDefender HVI XenServer www.bitdefender.com Protection & Remedial Monitoring & Admin
Pratap Sankar @ Flickr How secure is the Xen Project Hypervisor really?
Vulnerability data from cvdetails.com 0 50 100 150 200 250 2016 2015 2014 2013 2012 All CVE’s 2015+ Active initiatives to find bugs XTF to help find bugs Fuzzing of some components Very few ARM issues 2016: 2/33 2015: 6/47 Does not use QEMU  Xen  Linux Kernel  QEMU
0 200 400 600 800 1000 0 97 4 CVE’s by CVSS Severity Average CSSV Scores Xen: 4.7 Linux Kernel: 5.9 QEMU: 4.3 Known 0-Day Exploits Xen: 0 Linux Kernel: 18 QEMU: 0 Low = 0.1-3.9; Medium = 4.0-6.9; High = 7.0-8.9; Critical = 9.0-10.0  Xen  Linux Kernel  QEMU
Team Process Severity 1 Type CVEs Days 2 Who? 3 Xen Hypervisor Includes Linux & QEMU vulnerabilities in supported Xen configurations Yes Yes All Responsible Yes 14 D, S, P OpenStack OSSA OpenStack OSSN Yes Yes Yes Yes > Low <= Low Responsible Full, post-fix Yes 3-5 D, S, P Linux Kernel via OSS security distros OSS security Yes Yes Partly 4 Yes No > Low <= Low Responsible Full, immediate Yes 14-19 D 4 QEMU via OSS security distros OSS security Yes Partly 4 > Low <= Low Responsible 5 Full, immediate Yes 14-19 D 4 Jailhouse No No 3) D = Distros/Products, S = Public Service, P = Private Downstream 4) No own pre-disclosure list 5) Only handles x86 KVM bugs 1) Is the CVE severity used as cut-off for the process? 2) Days embargoed Responsible only
HWCPUsMemoryI/O Dom0 Dom0 Kernel VM1 uKernel xtf.git arch xtf.git common Each test is a file in xtf.git tests test_main() In essence a unikernel per test, with fewer safeguards in place to allow for easy testing of corner cases Also used for Vulnerability Investigation and Testing Qemu Xenstore *Back Drivers hypercalls evtchn gnttab x86 emulator
Picture by Lars Kurth
Track Record 81% of Vulnerabilities Low and Medium Average severity of vulnerabilities getting lower Hardening Activities Security Audits by Cloud and Product Vendors Testing (fuzzing, XTF, code inspection, …) Industry Leading Vulnerability Process Includes QEMU and Kernel XSAs Designed with input from Cloud Providers Isolation Limits impact of exploits Picture by Lars Kurth
2007 2009 2011 2013 2015 2017 A A A Q Q C C C CC Technology enablers: XSM, vTPM & TXT (TEE), Disaggregation & Driver Domains Qubes OS Architecture, Qubes OS 1.0, … 2009: Project Independence (Intel / Citrix) 2010: XenClient 1.0 2013: XenClient XT 2014: Became OpenXT (BAE Systems, Assured Information Security) 2015: Support for Cell Phones, Tablets and Embedded Devices Crucible:Defense uXen (Bromium) – Windows only, thus never made it upstream Du
Dom0 Toolstack HWI/O DomU Guest OS Applications Dom0 Kernel Native Driver *Back Driver *Front Driver Config
DomU Guest OS Applications Dom0 Dom0 Kernel NetFront Driver BlockFront Driver Toolstack Config Driver Domain Guest OS*: Linux, BSD, MiniOS, unikernel, … Disk Controller Storage Domain Guest OS* Disk Driver BlockBack Driver Network Domain Guest OS* Network Driver NetBack Driver Netw Controller Qemu Xenstore
Attack Surface Reduction Similar to Linux Security Modules/SELinux Same policy syntax as SELinux Different types, roles, users and attributes Same tools for policy compilation / verification (checkpolicy) VM hypervisor domain(self) domain(other) memory (grant, mmu, shadow) inter-VM communicationpassthroughsecurity config Fine-grained policy, controlling which hypervisor functionality is accessible to this (class of) VM Effect: limit what an exploit in this VM could do
User defined App VMs for individual apps or groups of apps USB Service Domain Banking Domain Personal Domain Firewall VM enforces network policies Network Domain Dom0 Secure UI and sysadmin domain
User defined App VMs for individual apps or groups of apps USB Service Domain Banking Domain Personal Domain Firewall VM enforces network policies Network Domain Dom0 Secure UI and sysadmin domain Tor VM pre-configured from whonix.org
Pratap Sankar @ Flickr Crucible:Defense starlab.io Xen Project based virtualization platform for technology protection, cyber-hardening, and system integrity for aerospace & defense systems Documentation wiki.xenproject.org/wiki/Dom0_Disaggregation wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK Products & Projects Qubes OS www.qubes-os.org Secure OS OpenXT www.openxt.org FOSS Platform for security research, security application and embedded appliance integration building on Xen & OpenEmbedded
Pratap Sankar @ Flickr AIS ainfosec.com BAE Systems baesystems.com Galois galois.com Maintain FreeRTOS Xen Port Developed and maintain HalVM Dornerworks dornerworks.com/xen Consulting Xen Embedded Distros Xen for Xilinx Zynq Xen for NXP i.MX 8 ARLX Hypervisor DO-178 (EAL6+), IEC 62304, ISO 26262 MILS EAL FACE, VICTORY, ARINC 653 Starlab starlab.io Crucible and Crucible:Defense Xen embedded hypervisor In progress: DO-178, MILS EAL Uses a minimal Dom0 using MiniOS, disaggregation and XSM/FLASK Precedents of military grade certification for Xen based systems www.slideshare.net/xen_com_mgr/art-certification & www.youtube.com/watch?v=UyW5ul_1ct0 www.linux.com/news/xen-project/2017/2/how-shrink-attack-surfaces-hypervisor
Additional Requirements Security requirements Safety certification Low or 0 scheduling overhead Minimal IRQ latency Drivers for special I/O devices
Xen supports several different schedulers with different properties.
Xen supports several different schedulers with different properties. Regular VM scheduler (Credit) Hard real-time (ARINC653) Dedicated to 1 VCPU (pinning)  no scheduler overheads Soft real-time (RTDS)
Scheduler Use-cases Xen 4.8 Future plans Credit General Purpose Supported Default Supported Optional Credit 2 General Purpose Optimized for lower latency, higher VM density Supported Default RTDS Soft & Firm Real-time Multicore Embedded, Automotive, Graphics & Gaming in the Cloud, Low Latency Workloads Experimental Better XL support <1μs granularity Supported Hardening Optimization ARINC 653 Hard Real-time Single core Avionics, Drones, Medical Supported Compile time Legend: Likely in 4.9 or 4.10 Possible in 4.10
A53 Programmable Logic (FPGA) R5R5A53 A53 A53 Dom0 Dom0 Kernel Toolstack Bare Metal1 Bare Metal ELF payload FPGA Library VM1 - VMn DomU Kernel Application FPGA Driver Dedicated Bare Metal2 Bare Metal ELF payload Dedicated dornerworks.com/wp-content/uploads/2017/01/Xen-Zynq-Distribution-XZD-Users-Manual.pdf
vCPU 0 pCPU 0 vCPU 1 pCPU 1 irq 109 virq 109 IRQ injection Always on the CPU running the vCPU
vCPU 0 pCPU 0 irq 109 virq 109 vCPU 1 pCPU 1 IF vIRQ target changes or vCPU is moved THEN vIRQ is moved immediately virq 109
vCPU 0 pCPU 0 vCPU 1 pCPU 1 irq 109 virq 109 IRQs always shadow the vIRQ  minimizes latency Xilinx ZynqMP board (four Cortex A53 cores, GICv2) WARM_MAX (excluding the first 3 interrupts): <2000ns marc.info/?l=xen-devel&m=148778423725945 marc.info/?l=xen-devel&m=148839743820338
DomU Xen DomU Xen irq 109 virq 109 GIGC_LH Write EOI DomU Xen Maintenance interrupt GIGC_LH Clear IRQ received by DomU DomU performs EOI The guest kernel issues an "EOI” at the end of the interrupt service routine, to notify the HW that the IRQ handling is finished. No maintenance IRQ Additional context switch to handle EOI. Use EOI support in HW to directly EOI the physical IRQ
Existing net, block, console keyboard, mouse, USB framebuffer, GPU sharing* New 9pfs PVcalls multitouch, sound, display, DRM Developing New Ones Easy to write (GPL and BSD samples) Kernel and User Space *) A number of different approaches by different vendors in different market segments are being deployed, which are PV-like, but not strictly a PV protocol
Vehicles are becoming the ultimate mobile device
Pratap Sankar @ Flickr LG Electronics Demo bit.do/lg-xen-demo-2016 Bosch Car GmbH Contributions 10 smaller features in 2016 Perseus Founded by Xen maintainer bit.do/perseus-2017 GlobalLogic Product: Nautilus bit.do/gl-nautilus First product in production expected in Q1 2018 Supports: HW: Renesas R-Car Gen2 & Gen3, TI Jacinto6, Intel Apollo Lake, Qualcomm 410C, Sinlinx A33 Guests: Linux up to 4.9  Android M, N, N-Car  QNX, ThreadX, FreeRTOS PV Drivers for: GPU, Audio, HW accelerated Video codecs, DRM, … Contributions: 27 smaller features from 2013 to 2016 EPAM Demo youtube.com/watch?v=jMmz1odBZb8 Interesting Features: Container based telematics applications running in a Xen VM that can be downloaded from a cloud service Ongoing Contributions: ABIs for PV Sound, PV Display & PV DRM Leading development of co-processor sharing framework
Dom0 System Control DomU Cluster Domain Automotive Grade Linux or QNX DomU HMI Domain HMI Realtime OS CAN Processing HW Drivers Hypervisor Application Core Realtime Core Watchdog PV back* Drivers HW Drivers Linux Kernel HW DriversPV front* Drivers MW Frameworks RVC, SVS Instrument Cluster Automotive Grade Android HW DriversPV front* Drivers Connectivity Media AUTOSAR / RTOS Tell Tales RVC = Rear View Camera SVS = Service Vehicle Soon HMI = Human Machine Interface Tell Tales = various status indicators
AWS Dom0 - Control DomD – HW Drivers & Cluster Wayland/Weston OpenGL ES Linux Kernel with GPU and other HW Drivers ALSA w PV_ALSAS_BE DomU Fusion Container mgmt tool Linux Kernel w/o HW Drivers Minimal rootfs with systems library Telematics simulation Agent (Acceleration, Braking, Corning, GPS) DomU – Linux IVI MW Frameworks PV DISPLAY Linux Kernel with GPU and w/o other HW Drivers PV EVENTS PV SOUND IVI Simulation App Trusted Apps TrustZone Hypervisor R-Car H3 Platform OP-TEE OS TZ monitor Driver Behavior Based Insurance Backend Telematics Simulation Agent ver 2.0 Telematics Simulation Agent ver 1.0 Monitoring Dashboard Wayland BE (Events/Display) Cluster Simulation AppDom0 Services Minimal rootfs Linux Kernel w/o HW Drivers Containers
0 500 1000 1500 2000 2500 3000 3500 2011 2012 2013 2014 2015 2016 Stats are impacted by release model (code freezes) and our transition to 2 releases per year 4.7 4.84.1 4.2 4.3 4.4 4.5 4.6
Top: Citrix 48% Suse 17% Oracle 6% Intel 6% Red Hat 4% Linaro 3% FreeBSD 2% Star Lab 1% Other 13% Others: Fujitsu Invisible Things Lab BitDefender Huawei Zentific Verizon Cavium GlobalLogic NSA …
Top: Citrix 39% Suse 22% Oracle 7% ARM 5% Red Hat 4% Linaro 3% Intel 3% Star Lab 2% BSD 2% Fujitsu 2% Bitdefender 2% Zentific 1% NSA 1% Zentific 1% Qualcomm 1% Huawei 1% Other 6% First-time contributors in 2016: ARM Aporeto Bosch Car Multimedia Gmbh Netflix Qualcomm Xilinx
Picture by Lars Kurth
Extremely Flexible and Versatile Proven in different markets Easy to port to new environments Easy to develop new PV drivers Highly customizable Security and Resilience Isolation, Partitioning, Security Features Track record in handling security issues Safety Examples of Military Grade Certification Vibrant and Diverse Community Covering Server, Cloud, Security, Embedded, Automotive Picture by Lars Kurth
Developer Portal: bit.do/xen-devs Xen on ARM whitepaper: bit.do/xenarm-white Xen on ARM wiki: bit.do/xenarm-wiki Port Xen to a new SOC: bit.do/xenarm-porting Add Xen support Xen to your OS: bit.do/xenarm-os Device Passthrough presentation: bit.do/xenarm-pt OE meta-virtualization Xen recipe: bit.do/xenmeta OpenXT (Xen + OpenEmbedded): openxt.org Xenbedded presentation: bit.do/xenbedded Monthly ARM Community Call: bit.do/xenarm-call
Lists and IRC on freenode: xen-devel@lists.xenproject.org xen-users@lists.xenproject.org #xenarm or #xen-devel Internships in 2017: Google Summer of Code (Students) Outreachy (Women and other groups) bit.do/xen-internships Xen Project Developer and Design Summit: July 11-13, Budapest, Hungary CfP: open until April 14 bit.do/xensummit17
Picture by Lars Kurth

Recommended

Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Stefano Stabellini
 
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsXen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedStefano Stabellini
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARMNational Cheng Kung University
 
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...The Linux Foundation
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Linaro
 
ALSS14: Xen Project Automotive Hypervisor (Demo)
ALSS14: Xen Project Automotive Hypervisor (Demo)ALSS14: Xen Project Automotive Hypervisor (Demo)
ALSS14: Xen Project Automotive Hypervisor (Demo)The Linux Foundation
 

Recommended

Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Stefano Stabellini
 
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsXen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedStefano Stabellini
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARMNational Cheng Kung University
 
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...The Linux Foundation
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Linaro
 
ALSS14: Xen Project Automotive Hypervisor (Demo)
ALSS14: Xen Project Automotive Hypervisor (Demo)ALSS14: Xen Project Automotive Hypervisor (Demo)
ALSS14: Xen Project Automotive Hypervisor (Demo)The Linux Foundation
 
Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Stefano Stabellini
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systemsMarian Marinov
 
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
 
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...The Linux Foundation
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Aananth C N
 
Fosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationFosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationThe Linux Foundation
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the LineThe Linux Foundation
 
2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov UpdateThe Linux Foundation
 
Run Qt on Linux embedded systems using Yocto
Run Qt on Linux embedded systems using YoctoRun Qt on Linux embedded systems using Yocto
Run Qt on Linux embedded systems using YoctoMarco Cavallini
 
Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Thomas Petazzoni
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMThe Linux Foundation
 
Linux Device Tree
Linux Device TreeLinux Device Tree
Linux Device Tree艾鍗科技
 
Hardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsHardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsThe Linux Foundation
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorNational Cheng Kung University
 
PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation
PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation
PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation Manish Jaggi
 
Safety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen HypervisorSafety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen HypervisorStefano Stabellini
 
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...The Linux Foundation
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Samsung Open Source Group
 
LFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and BeyondLFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and BeyondThe Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 

More Related Content

What's hot

Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Stefano Stabellini
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
 
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...The Linux Foundation
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Aananth C N
 
Fosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationFosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationThe Linux Foundation
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the LineThe Linux Foundation
 
2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov UpdateThe Linux Foundation
 
Run Qt on Linux embedded systems using Yocto
Run Qt on Linux embedded systems using YoctoRun Qt on Linux embedded systems using Yocto
Run Qt on Linux embedded systems using YoctoMarco Cavallini
 
Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Thomas Petazzoni
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMThe Linux Foundation
 
Hardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsHardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsThe Linux Foundation
 
PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation
PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation
PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation Manish Jaggi
 
Safety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen HypervisorSafety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen HypervisorStefano Stabellini
 
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...The Linux Foundation
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Samsung Open Source Group
 

What's hot (20)

Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systems
 
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
 
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+
 
Fosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationFosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using Virtualization
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the Line
 
2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update
 
Run Qt on Linux embedded systems using Yocto
Run Qt on Linux embedded systems using YoctoRun Qt on Linux embedded systems using Yocto
Run Qt on Linux embedded systems using Yocto
 
Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
 
Linux Device Tree
Linux Device TreeLinux Device Tree
Linux Device Tree
 
Hardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsHardware accelerated Virtualization in the ARM Cortex™ Processors
Hardware accelerated Virtualization in the ARM Cortex™ Processors
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisor
 
PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation
PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation
PCI Passthrough and ITS Support in Xen / ARM :Xen Dev Summit 2015 Presentation
 
Safety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen HypervisorSafety-Certifying Open Source Software: The Case of the Xen Hypervisor
Safety-Certifying Open Source Software: The Case of the Xen Hypervisor
 
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?
 

Similar to Rootlinux17: An introduction to Xen Project Virtualisation

CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 
Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneThe Linux Foundation
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixThe Linux Foundation
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)The Linux Foundation
 
LCC17 - Live Patching, Virtual Machine Introspection and Vulnerability Manag...
LCC17 - Live Patching, Virtual Machine Introspection and Vulnerability Manag...LCC17 - Live Patching, Virtual Machine Introspection and Vulnerability Manag...
LCC17 - Live Patching, Virtual Machine Introspection and Vulnerability Manag...The Linux Foundation
 
Xen Euro Par07
Xen Euro Par07Xen Euro Par07
Xen Euro Par07congvc
 
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORVanika Kapoor
 
Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013The Linux Foundation
 
Linux container & docker
Linux container & dockerLinux container & docker
Linux container & dockerejlp12
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
CEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxCEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxYasserOuda2
 
4 implementation
4 implementation4 implementation
4 implementationhanmya
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureSonatype
 

Similar to Rootlinux17: An introduction to Xen Project Virtualisation (20)

LFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and BeyondLFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and Beyond
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
 
A Xen Case Study
A Xen Case StudyA Xen Case Study
A Xen Case Study
 
Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zone
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
 
Xen Community Update 2011
Xen Community Update 2011Xen Community Update 2011
Xen Community Update 2011
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
 
Cl306
Cl306Cl306
Cl306
 
LCC17 - Live Patching, Virtual Machine Introspection and Vulnerability Manag...
LCC17 - Live Patching, Virtual Machine Introspection and Vulnerability Manag...LCC17 - Live Patching, Virtual Machine Introspection and Vulnerability Manag...
LCC17 - Live Patching, Virtual Machine Introspection and Vulnerability Manag...
 
Xen Euro Par07
Xen Euro Par07Xen Euro Par07
Xen Euro Par07
 
OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training
 
.ppt
.ppt.ppt
.ppt
 
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
 
Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013
 
Aplura virtualization slides
Aplura virtualization slidesAplura virtualization slides
Aplura virtualization slides
 
Linux container & docker
Linux container & dockerLinux container & docker
Linux container & docker
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
CEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxCEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptx
 
4 implementation
4 implementation4 implementation
4 implementation
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
 

More from The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information SecurityXPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information SecurityThe Linux Foundation
 
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSEXPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSEThe Linux Foundation
 

More from The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information SecurityXPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
 
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSEXPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Rootlinux17: An introduction to Xen Project Virtualisation

  • 1. Lars Kurth Community Manager, Xen Project Chairman, Xen Project Advisory Board Director, Open Source, Citrix lars_kurth www.slideshare.net/xen_com_mgr/presentations
  • 2. Was a contributor to various projects Worked in parallel computing, tools, mobile and now virtualization Community guy for the Xen Project Working for Citrix Accountable to the Xen Project Community Chairman of Xen Project Advisory Board
  • 3.
  • 4. Consolidation Servers/Equipment, Cooling, Floor space Faster provisioning Flexibility Less dependency on specific Hardware Co-existing OS environments Increased uptime Live migration, storage migration, fault tolerance, HA Enhanced security
  • 5. Strong Isolation Architecture provides strong isolation between VMs Grant tables System Partitioning Disaggregation: sandboxing parts of the system Fine-grain control of VM capabilities Enables multi-layered security approach Secure I/O Sandboxing disk, memory, etc. drivers New classes of threat detection Virtual Machine Introspection, alt2pm
  • 6. Consolidation Single SoC Maintainability, BoM Flexibility Less dependency on specific Hardware Co-existing OS environments Additional Requirements Security requirements (same as on previous slide) Minimal IRQ latency Safety Certification Low or 0 scheduling overhead Drivers for special I/O devices
  • 10. HWCPUsMemoryI/O VM1 (DomU1) Guest OS Applications VM0 (or Dom0) Dom0 Kernel Native Driver VM2 VMn Applications Guest OS Applications Guest OS Toolstack Scheduler MMU Timers InterruptsConfig *Back Driver *Front Driver
  • 11. Marketing Term Mode With HVM / Fully Virtualized HVM HVM + PV drivers 1 HVM PV Drivers PVH PV pvh=1 PV PV Qemu Qemu HW PV Qemu HW HWPV PV PV PV PV WindowsLinux,BSDs,… ARM N/A PV PV HW 1) When running a Linux/BSD guest on HVM with PV drivers, we also use the term PVHVM User perspective (config file)
  • 12. HW P HW PVH PV PV PV PV PV PV PV ARM N/A PV PV Simplicity: Less code & fewer Interfaces in Linux/FreeBSD Security : smaller TCB and attack surface, fewer possible exploits Clean-up : simplify Xen-Linux kernel, Xen-Any-OS interface Better Performance & Lower Latency for some workloads Dom0 must be a PV guest: run Dom0 using hardware extensions 32 bit: PV guest kernels were run in ring 1, userspace in ring 3 (HW isolation) 64 bit: no ring 1 & 2  kernel & user space must share ring 3 (TLB flushes) This is the most complex part of Xen today!
  • 14. A tale of improved collaboration within the Xen Project Community
  • 15. 2015 2016 2017 4.84.7 P Why did we develop Live Patching? Affected AWS, Rackspace, IBM SoftLayer and many others Deploying security patches may require reboots; Inconveniences users How did we fix this? 2015: Design with input from AWS, Alibaba, Citrix, Oracle and SUSE Replace functions while running (old with new) in a payload Stackable payloads can be applied and removed 2016: Xen 4.7 came with Live Patching for x86 2016: Xen 4.8 added extra x86 use-cases and ARM support 2017: XenServer 7.1 releases Live Patching in first commercial product … D
  • 16. Pratap Sankar @ Flickr Specification & Status xenbits.xen.org/docs/unstable/misc/livepatch.html wiki.xenproject.org/wiki/LivePatch Presentations, Videos, Demos bit.do/live-patch-detailed-ppt bit.do/live-patch-detailed-video bit.do/live-patch-short-ppt bit.do/live-patch-short-video
  • 17. A new way to protect against malware
  • 18. 2007 2009 2011 2013 2015 2017 Enablers: from xenaccess/xenprobes to LibVMI Interesting research topic Originally used for forensics (too intrusive for server virt) AA A Xenaccess/Xenprobes LibVMI A Products AIS Introvirt, BitDefender Hypervisor Introspection, Zentific Zazen VMI: enabling commercial applications Hardware assisted VMI solves the intrusion problem Collaboration between: Zentific, Citrix, BitDefender, Intel and others VMI: HW Support (EPT, …) ARM, alt2pm, .. C CC
  • 19. VM3 Guest OS App VMn Guest OS App VM2 Guest OS App Dom0 Dom0 Kernel Drivers Agent(s) Agent(s) Agent(s) Installed in-guest agents, e.g. anti-virus software, VM disk & memory scanner, network monitor, etc. Can be disabled by rootkits and advanced persistent threats (APT)
  • 20. Several VM3 VMnVM2Dom0 Dom0 Kernel Drivers VM3 Guest OS App VMn Guest OS App VM2 Guest OS App Security Appliance VM1 Introspection Engine Protected area XSM/Flask or another mechanism to protect the IF Uses HW extensions to monitor memory (e.g. Intel EPT)  Low Intrusion Register rules with Xen to trap on and inspect suspicious activities (e.g. execution of memory on the dynamic heap)
  • 21. All malware need an attack technique to gain a foothold Attack techniques exploit specific software bugs/vulnerability The number of available attack techniques is small Buffer Overflows, Heap Sprays, Code Injection, API Hooking, … Because VMI protects against attack techniques It can protect against entirely new malware Verified to block these advanced attacks in real-time APT28, Energetic Bear, DarkHotel, Epic Turla, Regin, ZeuS, Dyreza, … solely by relying on VMI
  • 22. Rootkits & APTs Exploit 0-days in Operating Systems/System Software Can disable agent based security solutions (mask their own existence) VMI solutions operate from outside the VM Thus, it cannot be disabled using traditional attack vectors BUT: VMI is not a replacement, for traditional security solutions It is an extra tool that can be used to increase protection
  • 23. Pratap Sankar @ Flickr Documentation wiki.xenproject.org/wiki/Virtual_Machine_Introspection Products AIS Introvirt XenServer www.ainfosec.com Zentific Zazen (Apr 17) Xen & XenServer & … www.zentific.com Protection & Remedial Monitoring & Admin Forensics & Data gathering Malware analysis BitDefender HVI XenServer www.bitdefender.com Protection & Remedial Monitoring & Admin
  • 24. Pratap Sankar @ Flickr How secure is the Xen Project Hypervisor really?
  • 25. Vulnerability data from cvdetails.com 0 50 100 150 200 250 2016 2015 2014 2013 2012 All CVE’s 2015+ Active initiatives to find bugs XTF to help find bugs Fuzzing of some components Very few ARM issues 2016: 2/33 2015: 6/47 Does not use QEMU  Xen  Linux Kernel  QEMU
  • 26. 0 200 400 600 800 1000 0 97 4 CVE’s by CVSS Severity Average CSSV Scores Xen: 4.7 Linux Kernel: 5.9 QEMU: 4.3 Known 0-Day Exploits Xen: 0 Linux Kernel: 18 QEMU: 0 Low = 0.1-3.9; Medium = 4.0-6.9; High = 7.0-8.9; Critical = 9.0-10.0  Xen  Linux Kernel  QEMU
  • 27. Team Process Severity 1 Type CVEs Days 2 Who? 3 Xen Hypervisor Includes Linux & QEMU vulnerabilities in supported Xen configurations Yes Yes All Responsible Yes 14 D, S, P OpenStack OSSA OpenStack OSSN Yes Yes Yes Yes > Low <= Low Responsible Full, post-fix Yes 3-5 D, S, P Linux Kernel via OSS security distros OSS security Yes Yes Partly 4 Yes No > Low <= Low Responsible Full, immediate Yes 14-19 D 4 QEMU via OSS security distros OSS security Yes Partly 4 > Low <= Low Responsible 5 Full, immediate Yes 14-19 D 4 Jailhouse No No 3) D = Distros/Products, S = Public Service, P = Private Downstream 4) No own pre-disclosure list 5) Only handles x86 KVM bugs 1) Is the CVE severity used as cut-off for the process? 2) Days embargoed Responsible only
  • 28. HWCPUsMemoryI/O Dom0 Dom0 Kernel VM1 uKernel xtf.git arch xtf.git common Each test is a file in xtf.git tests test_main() In essence a unikernel per test, with fewer safeguards in place to allow for easy testing of corner cases Also used for Vulnerability Investigation and Testing Qemu Xenstore *Back Drivers hypercalls evtchn gnttab x86 emulator
  • 30. Track Record 81% of Vulnerabilities Low and Medium Average severity of vulnerabilities getting lower Hardening Activities Security Audits by Cloud and Product Vendors Testing (fuzzing, XTF, code inspection, …) Industry Leading Vulnerability Process Includes QEMU and Kernel XSAs Designed with input from Cloud Providers Isolation Limits impact of exploits Picture by Lars Kurth
  • 31.
  • 32. 2007 2009 2011 2013 2015 2017 A A A Q Q C C C CC Technology enablers: XSM, vTPM & TXT (TEE), Disaggregation & Driver Domains Qubes OS Architecture, Qubes OS 1.0, … 2009: Project Independence (Intel / Citrix) 2010: XenClient 1.0 2013: XenClient XT 2014: Became OpenXT (BAE Systems, Assured Information Security) 2015: Support for Cell Phones, Tablets and Embedded Devices Crucible:Defense uXen (Bromium) – Windows only, thus never made it upstream Du
  • 33. Dom0 Toolstack HWI/O DomU Guest OS Applications Dom0 Kernel Native Driver *Back Driver *Front Driver Config
  • 34. DomU Guest OS Applications Dom0 Dom0 Kernel NetFront Driver BlockFront Driver Toolstack Config Driver Domain Guest OS*: Linux, BSD, MiniOS, unikernel, … Disk Controller Storage Domain Guest OS* Disk Driver BlockBack Driver Network Domain Guest OS* Network Driver NetBack Driver Netw Controller Qemu Xenstore
  • 35. Attack Surface Reduction Similar to Linux Security Modules/SELinux Same policy syntax as SELinux Different types, roles, users and attributes Same tools for policy compilation / verification (checkpolicy) VM hypervisor domain(self) domain(other) memory (grant, mmu, shadow) inter-VM communicationpassthroughsecurity config Fine-grained policy, controlling which hypervisor functionality is accessible to this (class of) VM Effect: limit what an exploit in this VM could do
  • 36.
  • 37. User defined App VMs for individual apps or groups of apps USB Service Domain Banking Domain Personal Domain Firewall VM enforces network policies Network Domain Dom0 Secure UI and sysadmin domain
  • 38. User defined App VMs for individual apps or groups of apps USB Service Domain Banking Domain Personal Domain Firewall VM enforces network policies Network Domain Dom0 Secure UI and sysadmin domain Tor VM pre-configured from whonix.org
  • 39. Pratap Sankar @ Flickr Crucible:Defense starlab.io Xen Project based virtualization platform for technology protection, cyber-hardening, and system integrity for aerospace & defense systems Documentation wiki.xenproject.org/wiki/Dom0_Disaggregation wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK Products & Projects Qubes OS www.qubes-os.org Secure OS OpenXT www.openxt.org FOSS Platform for security research, security application and embedded appliance integration building on Xen & OpenEmbedded
  • 40.
  • 41. Pratap Sankar @ Flickr AIS ainfosec.com BAE Systems baesystems.com Galois galois.com Maintain FreeRTOS Xen Port Developed and maintain HalVM Dornerworks dornerworks.com/xen Consulting Xen Embedded Distros Xen for Xilinx Zynq Xen for NXP i.MX 8 ARLX Hypervisor DO-178 (EAL6+), IEC 62304, ISO 26262 MILS EAL FACE, VICTORY, ARINC 653 Starlab starlab.io Crucible and Crucible:Defense Xen embedded hypervisor In progress: DO-178, MILS EAL Uses a minimal Dom0 using MiniOS, disaggregation and XSM/FLASK Precedents of military grade certification for Xen based systems www.slideshare.net/xen_com_mgr/art-certification & www.youtube.com/watch?v=UyW5ul_1ct0 www.linux.com/news/xen-project/2017/2/how-shrink-attack-surfaces-hypervisor
  • 42. Additional Requirements Security requirements Safety certification Low or 0 scheduling overhead Minimal IRQ latency Drivers for special I/O devices
  • 43.
  • 44. Xen supports several different schedulers with different properties.
  • 45. Xen supports several different schedulers with different properties. Regular VM scheduler (Credit) Hard real-time (ARINC653) Dedicated to 1 VCPU (pinning)  no scheduler overheads Soft real-time (RTDS)
  • 46. Scheduler Use-cases Xen 4.8 Future plans Credit General Purpose Supported Default Supported Optional Credit 2 General Purpose Optimized for lower latency, higher VM density Supported Default RTDS Soft & Firm Real-time Multicore Embedded, Automotive, Graphics & Gaming in the Cloud, Low Latency Workloads Experimental Better XL support <1μs granularity Supported Hardening Optimization ARINC 653 Hard Real-time Single core Avionics, Drones, Medical Supported Compile time Legend: Likely in 4.9 or 4.10 Possible in 4.10
  • 47. A53 Programmable Logic (FPGA) R5R5A53 A53 A53 Dom0 Dom0 Kernel Toolstack Bare Metal1 Bare Metal ELF payload FPGA Library VM1 - VMn DomU Kernel Application FPGA Driver Dedicated Bare Metal2 Bare Metal ELF payload Dedicated dornerworks.com/wp-content/uploads/2017/01/Xen-Zynq-Distribution-XZD-Users-Manual.pdf
  • 48. vCPU 0 pCPU 0 vCPU 1 pCPU 1 irq 109 virq 109 IRQ injection Always on the CPU running the vCPU
  • 49. vCPU 0 pCPU 0 irq 109 virq 109 vCPU 1 pCPU 1 IF vIRQ target changes or vCPU is moved THEN vIRQ is moved immediately virq 109
  • 50. vCPU 0 pCPU 0 vCPU 1 pCPU 1 irq 109 virq 109 IRQs always shadow the vIRQ  minimizes latency Xilinx ZynqMP board (four Cortex A53 cores, GICv2) WARM_MAX (excluding the first 3 interrupts): <2000ns marc.info/?l=xen-devel&m=148778423725945 marc.info/?l=xen-devel&m=148839743820338
  • 51. DomU Xen DomU Xen irq 109 virq 109 GIGC_LH Write EOI DomU Xen Maintenance interrupt GIGC_LH Clear IRQ received by DomU DomU performs EOI The guest kernel issues an "EOI” at the end of the interrupt service routine, to notify the HW that the IRQ handling is finished. No maintenance IRQ Additional context switch to handle EOI. Use EOI support in HW to directly EOI the physical IRQ
  • 52.
  • 53. Existing net, block, console keyboard, mouse, USB framebuffer, GPU sharing* New 9pfs PVcalls multitouch, sound, display, DRM Developing New Ones Easy to write (GPL and BSD samples) Kernel and User Space *) A number of different approaches by different vendors in different market segments are being deployed, which are PV-like, but not strictly a PV protocol
  • 54. Vehicles are becoming the ultimate mobile device
  • 55. Pratap Sankar @ Flickr LG Electronics Demo bit.do/lg-xen-demo-2016 Bosch Car GmbH Contributions 10 smaller features in 2016 Perseus Founded by Xen maintainer bit.do/perseus-2017 GlobalLogic Product: Nautilus bit.do/gl-nautilus First product in production expected in Q1 2018 Supports: HW: Renesas R-Car Gen2 & Gen3, TI Jacinto6, Intel Apollo Lake, Qualcomm 410C, Sinlinx A33 Guests: Linux up to 4.9  Android M, N, N-Car  QNX, ThreadX, FreeRTOS PV Drivers for: GPU, Audio, HW accelerated Video codecs, DRM, … Contributions: 27 smaller features from 2013 to 2016 EPAM Demo youtube.com/watch?v=jMmz1odBZb8 Interesting Features: Container based telematics applications running in a Xen VM that can be downloaded from a cloud service Ongoing Contributions: ABIs for PV Sound, PV Display & PV DRM Leading development of co-processor sharing framework
  • 56. Dom0 System Control DomU Cluster Domain Automotive Grade Linux or QNX DomU HMI Domain HMI Realtime OS CAN Processing HW Drivers Hypervisor Application Core Realtime Core Watchdog PV back* Drivers HW Drivers Linux Kernel HW DriversPV front* Drivers MW Frameworks RVC, SVS Instrument Cluster Automotive Grade Android HW DriversPV front* Drivers Connectivity Media AUTOSAR / RTOS Tell Tales RVC = Rear View Camera SVS = Service Vehicle Soon HMI = Human Machine Interface Tell Tales = various status indicators
  • 57. AWS Dom0 - Control DomD – HW Drivers & Cluster Wayland/Weston OpenGL ES Linux Kernel with GPU and other HW Drivers ALSA w PV_ALSAS_BE DomU Fusion Container mgmt tool Linux Kernel w/o HW Drivers Minimal rootfs with systems library Telematics simulation Agent (Acceleration, Braking, Corning, GPS) DomU – Linux IVI MW Frameworks PV DISPLAY Linux Kernel with GPU and w/o other HW Drivers PV EVENTS PV SOUND IVI Simulation App Trusted Apps TrustZone Hypervisor R-Car H3 Platform OP-TEE OS TZ monitor Driver Behavior Based Insurance Backend Telematics Simulation Agent ver 2.0 Telematics Simulation Agent ver 1.0 Monitoring Dashboard Wayland BE (Events/Display) Cluster Simulation AppDom0 Services Minimal rootfs Linux Kernel w/o HW Drivers Containers
  • 58.
  • 59. 0 500 1000 1500 2000 2500 3000 3500 2011 2012 2013 2014 2015 2016 Stats are impacted by release model (code freezes) and our transition to 2 releases per year 4.7 4.84.1 4.2 4.3 4.4 4.5 4.6
  • 60. Top: Citrix 48% Suse 17% Oracle 6% Intel 6% Red Hat 4% Linaro 3% FreeBSD 2% Star Lab 1% Other 13% Others: Fujitsu Invisible Things Lab BitDefender Huawei Zentific Verizon Cavium GlobalLogic NSA …
  • 61. Top: Citrix 39% Suse 22% Oracle 7% ARM 5% Red Hat 4% Linaro 3% Intel 3% Star Lab 2% BSD 2% Fujitsu 2% Bitdefender 2% Zentific 1% NSA 1% Zentific 1% Qualcomm 1% Huawei 1% Other 6% First-time contributors in 2016: ARM Aporeto Bosch Car Multimedia Gmbh Netflix Qualcomm Xilinx
  • 63. Extremely Flexible and Versatile Proven in different markets Easy to port to new environments Easy to develop new PV drivers Highly customizable Security and Resilience Isolation, Partitioning, Security Features Track record in handling security issues Safety Examples of Military Grade Certification Vibrant and Diverse Community Covering Server, Cloud, Security, Embedded, Automotive Picture by Lars Kurth
  • 64. Developer Portal: bit.do/xen-devs Xen on ARM whitepaper: bit.do/xenarm-white Xen on ARM wiki: bit.do/xenarm-wiki Port Xen to a new SOC: bit.do/xenarm-porting Add Xen support Xen to your OS: bit.do/xenarm-os Device Passthrough presentation: bit.do/xenarm-pt OE meta-virtualization Xen recipe: bit.do/xenmeta OpenXT (Xen + OpenEmbedded): openxt.org Xenbedded presentation: bit.do/xenbedded Monthly ARM Community Call: bit.do/xenarm-call
  • 65. Lists and IRC on freenode: xen-devel@lists.xenproject.org xen-users@lists.xenproject.org #xenarm or #xen-devel Internships in 2017: Google Summer of Code (Students) Outreachy (Women and other groups) bit.do/xen-internships Xen Project Developer and Design Summit: July 11-13, Budapest, Hungary CfP: open until April 14 bit.do/xensummit17