Difference between revisions of "Run PV in PVH container"

From Xen
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
Xen 4.11 support running of unmodified legacy PV-only guest to be run in PVH mode. This allows users to run old, PV-only distros. This simplifies management and reduces the surface of attack significantly. Note that slide 15 of [https://www.slideshare.net/xen_com_mgr/xpdds17-keynote-towards-a-configurable-and-slimmer-x86-hypervisor-wei-liu-citrix this presentation gives an architectural overview of PVH shim].
+
Xen 4.11 support running of unmodified legacy PV-only guest to be run in PVH mode. This allows users to run old, PV-only distros. This simplifies management and reduces the surface of attack significantly. This makes vulnerabilities in PV interfaces local to guests. Note that slide 15 of [https://www.slideshare.net/xen_com_mgr/xpdds17-keynote-towards-a-configurable-and-slimmer-x86-hypervisor-wei-liu-citrix this presentation gives an architectural overview of PVH shim].
   
 
== Converting a PV config to a PVH shim config ==
 
== Converting a PV config to a PVH shim config ==
Line 10: Line 10:
   
 
== Converting a PV config to a PVH config ==
 
== Converting a PV config to a PVH config ==
{{InfoLeft|If you have a kernel capable of booting PVH, then PVH mode is both faster and more secure than PV or PVH-shim mode.}}
+
{{InfoLeft|If you have a kernel capable of booting PVH, then PVH mode is both faster and more secure than PV or PVH-shim mode. }}
   
 
* Shutdown VM
 
* Shutdown VM
 
* Remove any reference to <code>builder</code> (e.g., <code>builder="generic"</code>)
 
* Remove any reference to <code>builder</code> (e.g., <code>builder="generic"</code>)
* Add the following two lines:
+
* Add the following line:
 
type="pvh"
 
type="pvh"
 
* Restart VM
 
* Restart VM

Latest revision as of 10:36, 15 May 2018

Xen 4.11 support running of unmodified legacy PV-only guest to be run in PVH mode. This allows users to run old, PV-only distros. This simplifies management and reduces the surface of attack significantly. This makes vulnerabilities in PV interfaces local to guests. Note that slide 15 of this presentation gives an architectural overview of PVH shim.

Converting a PV config to a PVH shim config

  • Shutdown VM
  • Remove any reference to builder (e.g., builder="generic")
  • Add the following two lines:
 type="pvh"
 pvshim=1
  • Restart VM

Converting a PV config to a PVH config

Icon Info.png If you have a kernel capable of booting PVH, then PVH mode is both faster and more secure than PV or PVH-shim mode.


  • Shutdown VM
  • Remove any reference to builder (e.g., builder="generic")
  • Add the following line:
 type="pvh"
  • Restart VM