CNA Support Mapping (Draft) - applies to xen-ubstable for now
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
£
%
123
 
 
 
 
 
 
 
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAA
1
FeatureGroupSupportLimit-SecurityLimit-Tested DescriptionComment
2
x86-64Host ArchitectureSupportedAre there any restrictions (e.g. unsupported HW platforms that were not out at the time we released a version of Xen)?
3
ARM v7 + Virtualization ExtensionsHost ArchitectureSupportedAre there any restrictions (e.g. unsupported HW platforms that were not out at the time we released a version of Xen)?
4
ARM v8Host ArchitectureSupportedAre there any restrictions (e.g. unsupported HW platforms that were not out at the time we released a version of Xen)?
5
x86/PVGuest TypeSupportedTraditional Xen Project PV guest
6
x86/HVMGuest TypeSupportedFully virtualised guest using hardware virtualisation extensionsRequires hardware virtualisation support
7
x86/PV-on-HVMGuest TypeSupportedFully virtualised guest using PV extensions/drivers for improved performanceRequires hardware virtualisation support
8
x86/PVHGuest TypeExperimentalPVHv2Requires hardware virtualisation support. Downgraded in 4.9 from preview to experimental when PVHv1 was removed and PVHv2 was added.
9
ARMGuest TypeSupported
10
x86/CPUsLimits/HostSecurity Supported40954095May not work/boot ... but still should provide security support
11
x86/RAMLimits/Host ... '' ...16TB16TBACTION: Andy to suggest what this should say
12
ARM/CPUsLimits/Host ... '' ...8 for 32bit; 128 for 64bit8 for 32bit; 128 for 64bit
13
ARM/RAMLimits/Host ... '' ...16GB for 32bit, 5TB for 64bit16GB for 32bit, 5TB for 64bit
14
x86/PV/Virtual CPUsLimits/Guest ... '' ...512512
15
x86/PV/Virtual RAMLimits/Guest ... '' ...>1TB>1TB
16
x86/HVM/Virtual CPUsLimits/Guest ... '' ...128128
17
x86/HVM/Virtual RAMLimits/Guest ... '' ...1TB1TB
18
ARM/Virtual CPUsLimits/Guest ... '' ...8 for 32bit; 128 for 64bit8 for 32bit; 128 for 64bit
19
ARM/Virtual RAMLimits/Guest ... '' ...1TB1TBLimited by supported host memory
20
Event ChannelsLimits/Guest ... '' ...131072131072
21
xlToolstackSupportedFor man pages, see http://xenbits.xen.org/docs/unstable/man/xl.1.html
22
Qemu based disk backend (qdisk) for xlToolstackSupportedUsed as a fallback if blkback and/or blktap2 are not available
23
Open vSwitch integration for xlToolstackSupportedSee https://wiki.xenproject.org/wiki/Xen_Networking#Open_vSwitch
24
systemd support for xlToolstackSupported
25
JSON support for xlToolstackPreview
26
AHCI support for xlToolstackSupported
27
PVUSB support for xlToolstackSupported
28
HVM USB passthrough for xlToolstackSupported
29
QEMU backend hotplugging for xlToolstackSupported
30
Soft-reset for xlToolstackSupported
31
libvirt driver for xlToolstack/3rd partySupportedNo security support for the xl libvirt driver from the Xen Project. For security support see https://libvirt.org/securityprocess.html
32
gdbsxToolingSupporteddebugger to debug ELF guestsDebugger to debug ELF guestsNot yet supported on ARM. Should there be security support?
33
vPMUToolingSupportedVirtual Performance Management Unit for HVM guestsNot yet supported on ARM. Disabled by default (enable with hypervisor command line option). This feature is not security supported: see http://xenbits.xen.org/xsa/advisory-163.html
34
Serial ConsoleToolingSupportedLogs key hypervisor and Dom0 kernel events to a fileShould there be security support?
35
xentraceToolingSupportedTool to capture Xen trace buffer dataShould there be security support?
36
gcovToolingSupportedShould there be security support?
37
Memory BallooningMemory ManagementSupported
38
Memory SharingMemory ManagementPreviewAllow sharing of identical pages between HVM guests
39
Memory PagingMemory ManagementPreviewAllow pages belonging to HVM guests to be paged to disk
40
Transcendent MemoryMemory ManagementExperimental
41
Alternative 2pmMemory ManagementPreviewAllows external monitoring of hypervisor memory using Intel EPT by allowing to maintain multiple physical memory to machine physical mappingsShould there be security support?
42
CPU PoolsResource ManagementSupportedGroups physical cpus into distinct groups called "cpupools", with each pool having the capability of using different schedulers and scheduling properties.
43
Credit SchedulerResource ManagementSupportedThe default scheduler, which is a weighted proportional fair share virtual CPU scheduler.
44
Credit2 SchedulerResource ManagementSupportedCredit2 is a general purpose scheduler for Xen, designed with particular focus on fairness, responsiveness and scalability
45
RTDS based SchedulerResource ManagementExperimentalA soft real-time CPU scheduler built to provide guaranteed CPU capacity to guest VMs on SMP hosts
46
ARINC653 SchedulerResource ManagementSupportedA periodically repeating fixed timeslice scheduler. Multicore support is not yet implemented.Multicore support is not yet implemented.
47
Null SchedulerResource ManagementExperimentalA very simple, very static scheduling posicy that always schedules the same vCPU(s) on the same pCPU(s). It is designed for maximum determinism and minimum overhead on embedded platforms.
48
Numa scheduler affinityResource ManagementSupportedEnables Numa aware scheduling in XenNot yet supported on ARM.
49
1GB/2MB super page supportScalabilitySupported
50
Deliver events to PVHVM guests using Xen event channelsScalabilitySupported
51
Fair locks (ticket-locks)ScalabilitySupported
52
Live Migration, Save & RestoreHigh Availability and Fault ToleranceSupported
53
Remus Fault ToleranceHigh Availability and Fault ToleranceExperimental
54
COLO ManagerHigh Availability and Fault ToleranceExperimentalForward Machine Check Exceptions to Appropriate guests
55
x86/vMCEHigh Availability and Fault ToleranceSupported
56
NetFront/NetBackNetwork and StorageSupported
57
BlkFront/BlkBackNetwork and StorageSupported
58
Blktap2Network and StorageObsoleteCC: Rich Persaud
59
QEMU BlckBackend, and others Network and StorageSupportedCC: Stefano
60
Online resize of virtual disksNetwork and StorageSupported
61
Driver DomainsSecuritySupported
62
Device Model Stub DomainsSecuritySupported
63
KCONFIG ExpertSecurityExperimental
64
Live PatchingSecuritySupportedFor x86 onlyCompile time disabled
65
Virtual Machine Introspection SecuritySupportedCC: Tamas, Razvan
66
XSM & FLASKSecurityExperimentalCC: Daniel De GrafCompile time disabled
67
XSM & FLASK support for IS_PRIVSecurityExperimentalCC: Daniel De GrafCompile time disabled
68
vTPM SupportSecuritySupportedCC: Daniel De Graf
69
Intel/TXT ???Security???TXT-based integrity system for the Linux kernel and Xen hypervisor
70
x86/Nested VirtualizationHardwareExperimentalRunning a hypervisor inside an HVM guest
71
x86/HVM iPXE HardwareInsecureVia iPXE
72
x86/Physical CPU HotplugHardwareSupported
73
x86/Physical Memory HotplugHardwareSupported
74
x86/Support for PV kernels in bzImage formatHardwareSupported
75
x86/PCI Passthrough PVHardwareInsecureSecurity support?
76
x86/PCI Passthrough HVMHardwareSupported
77
x86/Advanced Vector eXtensionHardwareSupported
78
Intel Platform QoS TechnologiesHardwarePreview
79
Intel Xeon FeaturesHardwareSupported
VT-d Posted Interrupts, VMX TSC Scaling,
Memory Protection Keys
Security support?
80
ARM/64K Guest PagesHardwareSupportedCC: Stefano, Julien
81
ARM/ACPI & SBBR ComplianceHardwareExperimental
82
ARM/ACPI guest supportHardwareSupported
83
ARM/PCSI CompatibilityHardwareSupportedSupport for v1 of the spec
84
ARM/Interrupt VirtualizationHardwareSupportedSupport for GiCv2, GiCv2m and GiCv3
85
ARM/Wallclock supportHardwareSupported
86
ARM/Alternative Runtime PatchingHardware???Security support?
87
Traditional Device ModelDevice ModelsSupportedDevice emulator based on Xen fork of QemuSame as Qemu Upstream Device Model?
88
Qemu Upstream Device ModelDevice ModelsSupportedDevice emulator based on upstream QemuIs only security supported when used together with the Xen hypervisor and only with a subset of all the possible QEMU emulators. Specifically:

- network: e1000, rtl8139, virtio-net
- storage: piix3 ide, ahci, xen_disk
- backing storage image format: raw, qcow, qcow2, vhd
- graphics: cirris-vga, stdvga and xenfb
- audio: sb16, es1370, ac97
- input: Xen PV keyboard and mouse (part of xenfb), USB and PS/2 keyboard and mouse
- serial cards: UART 16550A

Core components, such as the PCI host bridge and the PIIX3 chipset, are supported. All devices of one the above classes, which are not explicitly mentioned, are not supported. For example the ne2000 network card is not supported.

If you think that a specific emulated device should be supported, please contact the QEMU UPSTREAM maintainer and the Xen Security Team (security@xenproject.org).
89
Device Model Operation HypercallDevice Models???
90
ROMBIOSVirtual FirmwareSupportedBIOS used with traditional device model only
91
SeaBIOSVirtual FirmwareSupportedBIOS used with upstream qemu device model and XL only
92
OVMF/TianocoreVirtual FirmwareExperimentalUEFI Firmware used with upstream qemu device model and XL only
93
PyGrub support for GRUB 2PV Bootloader supportSupported
94
PyGrub support for /boot on ext4PV Bootloader supportSupported
95
pvnetboot supportPV Bootloader supportSupported
96
pvcallsPV Protocols and DriversExperimental
97
9pfsPV Protocols and DriversExperimental
98
99
100
Loading...