Community Call - 17th November 2016

Topics for this week's community call, today at 11:00 am US eastern:

  Dial-in number: 1-315-533-6194
  Passcode: 998 566 967

1.  OpenXT 7.0 planning:

  - tboot and UEFI design

  - Measured Launch merge
  - LibXL merge
  - Qemu 2.6 merge
  - tapdisk3 migration
  - Upstream Windows PV drivers
  - Architecture (disaggregation, platform, client, headless server/IoT)
  - Release Manager volunteers
  - OE upstream: Morty uprev (instead of Krogoth)
  - OE upstream: meta-virtualization (need to upgrade our Xen version)
  - OE meta-measured (preliminary TPM2 support) + OpenXT measured launch
  - OE meta-secure-env for IoT (UEFI secure boot, TPM 2.0, TXT planned, x86/ARM)
  - Xen upstream: V4V improvements 
  - Xen upstream: xl/qemu improvements (Linux stubdom, PCI passthrough, graphics)
  - Xen upstream: Kconfig Xen attack surface reduction
  - BVT maintenance status
  - Should OXT 7.0 test cases be written for bats or BVT or wiki (manual testing)?

2.  OpenXT 6.0 planning:

  - XSAs for 6.0.1 - testing and readiness for public merge on 11/22
  - OE uprev to tip of Jethro, no longer maintained upstream
  - upgrade support for minor version wildcards
  - 6.1 release needed?

3.  Validating "stratification" PRs for optional OE layers, qtdbd, new display manager

4.  Upstream Xen is finalizing PV audio design, requesting input from OpenXT devs:

5.  Structure and process for governance RFCs

Meeting Minutes

Rich Persaud: proceeding with the call agenda sent earlier.

tboot + uefi design

Discussion deferred, not all required attendees present this time.

Measured Launch merge

Daniel Smith:

The latest revision is out for review, with password implementation complete and Over-The-Air-upgrade fixed.

A new revision is being prepared with RSA key key-management solution.

Ross: Ross and Jed to review. PR?

Daniel: had held off on PR since RSA work known to be needed.

Rich: OK to PR and then add the RSA key handling in before OXT 7.0.

* action Daniel to PR the current version.

LibXL merge:

Jed: Work in progress. Updated to new qemu; not working with stubdoms and qmp doesn't work w/ stubdoms.

Steve Smalley has submitted security code to go with it.

PRs close to being ready; will land within a month.

libxl will be enabled when merged; replaces xenvm.

Ross: new qemu is in master already.


Ross: spoke to George Dunlap of Citrix and the Xen Project, and another member of the XenServer team.

Initial task will be to work with the XenServer team to make arrangements for the development work to be done in public.

They have requested that it be done 'under the Xen Umbrella'.

OpenXT represenatives will be contributors wherever the work takes place.

CentOS and XenServer are motivated to keep the technology alive.

tapdisk3 is actively maintained with community support.

Upstream Windows PV Drivers

Steve Meisner: Will be delivered to OpenXT for the OpenXT 7.0 release, around June 2017, and integrated ready for testing sufficently ahead of time for inclusion in that.


Discussion deferred.

Release Management

For OpenXT 7.0, Release Manager: Daniel Smith of Apertus Solutions proposed for this role.

Ross: volunteered to assist.

OpenEmbedded upstream: Morty uprev

Eric at AIS to be point person.

[discussion re: OE cycle, stable releases, timing]

Daniel: is the aim to stay _current_ or stay _stable_?

current -> track master

stable -> track most recent OE release

Ross: master can be pretty unstable

Eric: preference for stable

Rich: future aim would be to be able to use master, but since test capacity is limited, using stable at present makes most sense.

Eric: release after Morty is due April 2017.

[summarizing: uprev will be to Morty; can consider beyond that at a later time if necessary.]

OpenEmbedded upstream: meta-virtualization

meta-virtualization is tracking Xen 4.7 at the moment.

Ross: noone has yet signed up to spearhead the move to meta-virtualization.

Daniel: Apertus cares about getting to meta-measured for TPM 2.0.

Machon: meta-virt and next-version Xen are not current priorities.

Rich: Maybe with the next hardware generation?

Machon: Xen 4.6 can already handle items on current priority list.

Rich: UEFI and nesting?

Ross: not sure. Will likely be able to use existing Xen 4.6 UEFI support.

[discussion re: several TPM stacks; only 1 implements TCG spec]

Ross: AIS plans to work on TPM 1.2 and 2.0 support. tboot claims support for TPM 2.0 but have not tested it yet.

Rich: there are multiple TPM2 specs -- which will we use?

Machon: there is only one TPM2 spec (TCG) but multiple implementations from large companies.

Daniel: is AIS using Phil Tricca's TPM2 stack in meta-measured?

Rich T: Still investigating. Chris Rogers is leading TPM 2.0 work. Goal is to post RFC by end of the year.

Ross: TPM2 discussion and RFC to continue in public.

OpenEmbedded upstream: meta-secure-env

WindRiver project. Plan is to use TXT and meta-measured.

Rich: aim to share code and benefit from upstream testing.

Objective to get Measured Launch included in products from that project.

Maintainer is Bruce Ashfield, also maintainer of meta-virtualization.

Xen upstream: v4v improvements

Eric: worked on Linux module for guest VMs. Of less interest to upstream than hypervisor code.

Ross: haven't worked on hypervisor code since the 6.0 release.

Christopher: hypervisor v4v work not likely to advance imminently as preempted by other priorities, but work should incorporate changes from the v9 (last round reviewed with Xen upstream) and v10, incrementally to enable reasoning about each change in git.

Rich Turner: AIS team could contribute.

Also looking at SRIOV: could contribute upstream and post to the community when have something working.

Re: AIS display manager: actively working on the next version of display handler, called "vglass" and will work with customer re: delivering it as Open Source.

Xen upstream: libxl/qemu improvements (Linux stubdom, ...)

Rich: any changes to support features in OpenXT?

Jed: yes, a large patch. Linux stubdom changes have not been accepted upstream.

Rich: am exchanging email with Eric Shelton and Qubes.

Lars of Xen Project has offered to assist with communicating with upstream maintainers with effort to upstream code used by OpenXT and other projects.

For OpenXT 7.0, should attempt to upstream Linux stubdom support.

Xen upstream: Kconfig Xen attack surface reduction

Christopher: Kconfig support is in Xen 4.7.

Ross: In Xen 4.8, will allow removal of the shadow page tables. Nobody has a list of Xen features that we want to turn off.

* action: Rich to file a JIRA ticket to capture desirable features to disable. (eg. XenSplice...)


Rich: Is BVT maintained and used?

Rich Turner: Chris Rogers is current maintainer for BVT and has been doing a good job though has other major time commitments too.

A new hire will be starting in January who will take on responsibility for automated testing in the derivative project so will be dedicated to improving BVT and expandind test cases.

All test cases are upstream and that will continue.

OpenXT 6.*.* planning:

Ross: Several XSAs will exit embargo on the 22nd November.

Won't release a point release prior to that. Have improved the upgrade process to allow wildcard matching for micro versions.

Will track the tip of Jethro in stable-6 prior to issuing the point release.

OpenXT 6.1

context: 6.1 was planned to be a backport of the new Measured Launch implementation onto the stable-6 branch.

[disusssion re: any community members motivation for a 6.1]

Rich Turner: Derivative project will not take the new ML feature for the next sustaining release at this point due to schedule constraints.

Daniel: If anyone needs the ML feature prior to OpenXT 7.0, they should be able to backport it onto stable-6 without difficulty.

* action: Ross to post to the list about discontinuing the plan for a 6.1 release, for feedback, and if no objection, will proceed to shelve it.


Daniel nominated to test + merge PRs. Current items are for qtdbd layer as reference for upcoming display handler code, OCaml and Haskell platform code layers.

Nomination of Daniel as repository committer posted to the mailing list.

PV Audio on xen-devel

Request for OpenXT contibutions to discussion.

Christopher: Would be useful to participate as upstream discussion is around setting the ABI between front and back ends, and only a Linux front end is being used for reference.

Rich Turner: lead engineer on audio will be asked if they can contribute. They have experience with a Windows front-end.

Have forwarded the message now. Hopefully will be able to comment in a day or so.


Rich: The IETF process was referenced as a model back when Dave Quigley was a participant in the project:

  • produce the work offline and assemble a draft version and post it to the list for review and comment.
  • use the wiki for editting or any other collaboration tool, including git, which captures revision history, then produce a PDF snapshot of it.

Governance documents have a set of topics with statements about each topic.

Similar: The NIAP Virtualization Protection Profile documents, are a list of numbered items of concern, with guidance on each.

To Jed: You can follow this approach and get others to contribute.

No comment from AIS.

Jed: reported difficulty hearing Rich.

* action: schedule a separate call re: Governance.