From mboxrd@z Thu Jan 1 00:00:00 1970 From: Doug Goldstein Subject: Re: Xen 4.7 Headline Features (for PR) Date: Sun, 1 May 2016 23:28:51 -0500 Message-ID: <8c75557c-2c3c-cc63-7a9b-d97433d9d0ed@cardoe.com> References: <04145728-eafd-e87f-eb9d-b7203bb48343@cardoe.com> <993A4CC1-21B7-49D1-86D6-5F229BEA2DD0@gmail.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2538030338125336969==" Return-path: Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ax5Tf-00043x-Sw for xen-devel@lists.xenproject.org; Mon, 02 May 2016 04:28:59 +0000 Received: by mail-yw0-f196.google.com with SMTP id i22so17817313ywc.1 for ; Sun, 01 May 2016 21:28:57 -0700 (PDT) In-Reply-To: <993A4CC1-21B7-49D1-86D6-5F229BEA2DD0@gmail.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Lars Kurth Cc: Zibby Keaton , Xen-devel , George Dunlap , Wei Liu List-Id: xen-devel@lists.xenproject.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2538030338125336969== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="kwgs90kAhe6DEGvM0qq4fwQ6D9u9DCgEs" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --kwgs90kAhe6DEGvM0qq4fwQ6D9u9DCgEs Content-Type: multipart/mixed; boundary="HQNikH1lUDcwahs1dxVttlJlwgBtnta3h" From: Doug Goldstein To: Lars Kurth Cc: George Dunlap , Zibby Keaton , Xen-devel , Wei Liu Message-ID: <8c75557c-2c3c-cc63-7a9b-d97433d9d0ed@cardoe.com> Subject: Re: [Xen-devel] Xen 4.7 Headline Features (for PR) References: <04145728-eafd-e87f-eb9d-b7203bb48343@cardoe.com> <993A4CC1-21B7-49D1-86D6-5F229BEA2DD0@gmail.com> In-Reply-To: <993A4CC1-21B7-49D1-86D6-5F229BEA2DD0@gmail.com> --HQNikH1lUDcwahs1dxVttlJlwgBtnta3h Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 4/27/16 8:12 AM, Lars Kurth wrote: >=20 >> On 24 Apr 2016, at 02:06, Doug Goldstein wrote: >> >> On 4/22/16 9:25 AM, George Dunlap wrote: >>> On Fri, Apr 22, 2016 at 3:22 PM, Lars Kurth wrote: >>>> >>>>> On 22 Apr 2016, at 15:08, George Dunlap wrote: >>>>> >>>>> >>>>> kconfig for the hypervisor >>>> >>>> This is one which potentially has a big security impact and could be= a Headline Feature. Just to remind me, is KCONFIG a run-time or build-ti= me config mechanism. If the latter, distro users will not benefit from it= =2E >>> >>> Kconfig is build-time. Distros could use it in principle, and I thin= k >>> Gentoo will (that was part of Doug's motivation for doing it, IIUC). >>> But yes, I suspect most distros will keep everything in by default. >>> It's more a feature for embedded / security-conscious vendors. >>> >>> -George >> >> Not really important but I figured I'd be clear about my motivations. >> For Gentoo I'll actually keep the stock settings. For Yocto I'll keep >> the stock settings but expose a way to run kconfig (like the linux >> kernel is in Yocto) for vendors with a security focus. I'm aware of a >> handful of downstream vendors which will utilize that capability. >=20 > Doug, this is good background information. Is the YOCTO work something = ongoing, or is it something which we can refer to in the press coverage. = I guess what you are saying is that YOCTO will (or already contains) a si= mple way to build a minimal Xen distribution. > Lars >=20 Yes I try to keep the Yocto Project's meta-virtualization [1] layer in a good state for building the latest Xen version for the latest version of Yocto. e.g. The current version of Yocto is kergoth and it contains Xen 4.6.1 (as does jethro, the prior version). I (or other people I work with) are pretty responsive on build breakages with the in development version (master) as we are working to promote Xen to the organizations we work with and they rely on Yocto. You should be able to following the Yocto Quick Start [2] with 2 hopefully minor tweaks: 1. download and add the meta-virtualization layer the same way the guide has you add other layers 2. don't build core-image-minimal or core-image-sato but instead build xen-image-minimal The resultant image should boot Xen 4.6.1 and a fairly recent Linux kernel as dom0 (I believe the version as of this writing is 4.4.x). The Xen image will be build with the stock './configure && make' options. However there are a number of ways at customizing it (e.g. using XSM) using normal Yocto methods. [1] http://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/about/ [2] http://www.yoctoproject.org/docs/current/yocto-project-qs/yocto-project-q= s.html --=20 Doug Goldstein --HQNikH1lUDcwahs1dxVttlJlwgBtnta3h-- --kwgs90kAhe6DEGvM0qq4fwQ6D9u9DCgEs Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0 iQJ8BAEBCgBmBQJXJteFXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNTM5MEQ2RTNFMTkyNzlCNzVDMzIwOTVB MkJDMDNEQzg3RUQxQkQ0AAoJEKK8A9yH7RvUivgP/1AVBQsphfWDPAp1q3Ks+Dm0 gLsOTjS3CZwUq8aHw5n8sGVXuCRsBgNToYbNuqHXEMj46JC5A9abTBpxaAfNXgA/ JjI72x/jFuGZ6ONsqRhGQv+CVOGSX4himSu/69Q8qptBBtt5TOkpc1dGtlwRVowd 7d4gEIobsbqfqPm3FQUUp4r6ecVfesnugbdOXH5MUauAkIWZHx6kKy3GhBLLVI3Y OxfWvFXapRb0aOwIwOWBeGCHFuKscuqqB8/VfRNYAa7IR61uABhAE8w/qDHklxue pVCDIW20+eiWHOq/lg0coB0puMTFh59eFWXpCD6ZHTbe/ZHxm5feZrOo+advmAFg gBrL8OXnxMzdgRWPDOzOW5vmj7Gn7UVjGXlo56yVNiUxA9Ks8XmiCgxkOBKVvAb3 /UCkAucpI8XhrH7AD5xfphqzq1odqFGjWqSWjACWA2RFA97YBFsmm9Q+OJGzcmB0 bOeAntNWGpiDU8SIYwXBSdHCXeOspst0gz1yqpFR6TWU0K6QOqcInRreyraKGwXu XQ80FJNcLa6SCxy9O2iI2J+oMc5gSIZHEubeM0Rgb9SI3WSmq/5tdzUofF6+V5CN Abm44F+OHjQLNRIgZneiQSKHMsxzPFwqDpHwZQ3Gz6S1Rt41ErGq+rIESC1/Sn1z /v+XcuAJ18AYAnR68+cD =XvT4 -----END PGP SIGNATURE----- --kwgs90kAhe6DEGvM0qq4fwQ6D9u9DCgEs-- --===============2538030338125336969== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMueGVuLm9y Zy94ZW4tZGV2ZWwK --===============2538030338125336969==--