September 2017 OpenXT Community Call

Monthly Call Agenda

* Maintainer and plans for stable-6 branch (6.1.x)
* Release manager for next stable-7 release (7.0.x, 7.1.x)
* Release manager for 8.0.0

* OpenXT 8.0.0 Status
- Xen 4.9
- blktap
- pyro

* OpenXT 8.0.0 Planning
- HVM driver domains
- measured launch
- vTPM
- USB3 support
- USB driver domain
- libvirt
- host license key management
- Hyper-V guest enlightenments
- Upstream Xen Windows PV drivers
- Display manager & input server
- Attack surface reduction: Kconfig, restrict grant table version via Xen cmdline

Monthly Call Minutes

PCI device reset/FLR - OXT-1217

  • A variation of this patch belongs in upstream Xen & Linux. See Jira ticket for link to upstream Xen thread. If we can maintain a list of PCI devices (e.g. lspci -v output for GPU, NIC) which require this patch, it will help with OpenXT and upstream testing.

What happens to open stable-7 tickets after the release of 7.0.0?

  • Some issues will be release noted
  • "Affects Version" remains 7.0.0
  • "Fix Version" to be triaged (7.1.0, Backlog, or none)

stable-6 branch (6.1.x)

  • Maintainer nomination: need input from Rich Turner
  • Eric submitted a versioning proposal on mailing list (add some XSAs, tag 6.0.1, move to 6.1.0, add Xen 4.6 & XSAs), no objections
  • Build and archive 6.0.1 release binaries
  • Focus moves to 6.1.0

stable-7 branch (7.0.x, 7.1.x)

  • No volunteers for stable-7 release manager. Rich Persaud nominated Eric Chanudet of AIS. Eric requires mgmt approval. Defer to Oct call.
  • Should there be a 7.0.1 bugfix/security release, in advance of 7.1 release with Intel Coffee Lake hardware support?

master (8.0.0)

  • Rich Persaud volunteered to be release manager for 8.0.0, will request technical assistance from others as needed.
  • 8.0 will target Intel Ice Lake hardware (2018/2019) and fundamental architectural changes to enable extensible OpenXT base platform
  • Notes from feature discussion
    • UEFI (host and guest), Secure Boot for Windows 10
    • Kconfig - define minimal Xen config early in 8.0 dev cycle, so that testing & feature development are done on the minimized base
    • USB3 - no high-priority devices currently need USB3, USB-C ports are compatible
    • USB driver domain - of interest, will be investigated, not yet committed within 8.0 timeframe, Qubes has an implementation
    • HVM and SR-IOV driver domains - security benefits, see upstream Xen mailing list discussion about x86 PCI passthrough security
    • libvirt - needs scoping, starting point would be for Chris Rogers to create a wiki page which documents OpenXT Haskell toolstack functions that would need to be migrated to another toolstack, whether libvirt or something else. There will always be some OpenXT-specific toolstack functions that are not provided by an existing toolstack like libvirt. This is a big task, we need to create small prototypes to identity candidates for replacing subsets of Haskell code.
    • Hyper-V guest enlightenments - of interest, is available in Xen 4.9, can be an optional build configuration for OpenXT 8.0
    • Display manager & input server - no objection to the community introducing a new, optional, open-source display/input stack
    • Upstream OE - some 8.0 OpenXT features may appear first in upstream OpenEmbedded meta-virtualization (master), then get pulled into OpenXT
    • OE pyro uprev - work underway (Eric), making Haskell toolchain fixes
    • blktap3 - work underway, see OXT-1221 (Mahantesh)
    • nested virt (Hyper-V) - targeted for 8.0 release, no backport to stable-5