Hi, I''m using xen virtualization, and I writing a very security sensitive software that I want to run completely isolated, running it on a mini-OS or a very small/tight Linux guest. That''s OK, but I also want it to boot in parallel with dom0, directly from the xen hypervisor, avoiding the need to first boot the dom0 and then boot my small self-contained guest. Is that possible? Or what should I know before trying to add this functionality to the xen hypervisor? Thanks in advance, Lúcio Maciel luciofm@gmail.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Hi, I''m using xen virtualization, and I writing a very security sensitive software that I want to run completely isolated, running it on a mini-OS or a very small/tight Linux guest. That''s OK, but I also want it to boot in parallel with dom0, directly from the xen hypervisor, avoiding the need to first boot the dom0 and then boot my small self-contained guest. Is that possible? Or what should I know before trying to add this functionality to the xen hypervisor? Thanks in advance, Lúcio Maciel luciofm@gmail.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Christopher Clark
2009-Jul-06 21:47 UTC
Re: [Xen-devel] Boot dom0 and mini-OS guest in parallel
It''s not implemented now, as far as I can tell from a quick scan of the unstable source, but it''s doable if you''re up for a project. Xen does relocation of modules passed at boot which is how the dom0 kernel and its initrd are loaded. You could specify another module to grub that Xen will relocate and then construct a domain around it within Xen, in a similar fashion to the way dom0 is constructed. See the dom0 construction code in: xen/arch/x86/domain_build.c : construct_dom0 and xen/arch/x86/setup.c : __start_xen I''m not familar enough with ia64 to pass similar pointers there, and I''m not sure what it''d take to build a neat enough implementation that it''d be considered for merge. Christopher On Mon, Jul 6, 2009 at 1:40 PM, Lucio Maciel<luciofm@gmail.com> wrote:> Hi, > > I''m using xen virtualization, and I writing a very security sensitive > software that I want to run completely isolated, running it on a > mini-OS or a very small/tight Linux guest. > > That''s OK, but I also want it to boot in parallel with dom0, directly > from the xen hypervisor, avoiding the need to first boot the dom0 and > then boot my small self-contained guest. > > Is that possible? Or what should I know before trying to add this > functionality to the xen hypervisor? > > Thanks in advance, > Lúcio Maciel > luciofm@gmail.com > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Rolf Neugebauer
2009-Jul-09 08:42 UTC
Re: [Xen-devel] Boot dom0 and mini-OS guest in parallel
I''ve done something like this about 2 1/2 years ago. IIRC it was pretty much what cristopher outlines below (dom0 build patches plus a few other bits and bobs). I probably have the now heavily outdated patches floating around somewhere. Drop me an email and I''ll dig them out. Rolf 2009/7/6 Christopher Clark <christopher.w.clark@gmail.com>:> It''s not implemented now, as far as I can tell from a quick scan of > the unstable source, but it''s doable if you''re up for a project. > > Xen does relocation of modules passed at boot which is how the dom0 > kernel and its initrd are loaded. > > You could specify another module to grub that Xen will relocate and > then construct a domain around it within Xen, in a similar fashion to > the way dom0 is constructed. > > See the dom0 construction code in: > > xen/arch/x86/domain_build.c : construct_dom0 > and > xen/arch/x86/setup.c : __start_xen > > I''m not familar enough with ia64 to pass similar pointers there, and > I''m not sure what it''d take to build a neat enough implementation that > it''d be considered for merge. > > Christopher > > > On Mon, Jul 6, 2009 at 1:40 PM, Lucio Maciel<luciofm@gmail.com> wrote: >> Hi, >> >> I''m using xen virtualization, and I writing a very security sensitive >> software that I want to run completely isolated, running it on a >> mini-OS or a very small/tight Linux guest. >> >> That''s OK, but I also want it to boot in parallel with dom0, directly >> from the xen hypervisor, avoiding the need to first boot the dom0 and >> then boot my small self-contained guest. >> >> Is that possible? Or what should I know before trying to add this >> functionality to the xen hypervisor? >> >> Thanks in advance, >> Lúcio Maciel >> luciofm@gmail.com >> >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@lists.xensource.com >> http://lists.xensource.com/xen-devel >> > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel