Xen Winter Meetup 2025

Xen Winter Meetup 2025

To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
09:00
09:00
30min
Registration and Badge Pick-up

Get your badge by registering!

Registration and Badge Pick-up
Foyer
09:30
09:30
30min
Welcome & Opening Remarks
Olivier Lambert

Welcome session, giving the details about the events and why it was created in the first place.

Keynote Sessions
Salles de séminaire 1
10:00
10:00
30min
Xen Project Weather Report
Kelly Choi

This talk offers a concise yet comprehensive overview of the latest advancements within the Xen ecosystem, focusing on key updates by the Community Manager.

Keynote Sessions
Salles de séminaire 1
10:30
10:30
30min
Break & Networking
Hall de réception
11:00
11:00
30min
Xen and Rust
Teddy Astie

This session is about presenting the Xen effort regarding Rust integration and projects and future plans regarding the rebuilding the toolstack with Rust.
We would like to make a Xen Rust working group to structure more formally this effort.

Session Presentations
Salles de séminaire 1
11:30
11:30
30min
Key improvements & contributor opportunities in the Xen hypervisor
Andrew Cooper

In this session, Andrew Cooper, x86 hypervisor maintainer and Xen security team member, will highlight the most pressing challenges in Xen’s codebase today. From technical debt and architectural bottlenecks to security hardening and performance optimizations, Andrew will outline where contributions are most needed and how developers can get involved.

Session Presentations
Salles de séminaire 1
12:00
12:00
30min
Implementing AMD SEV technology in XEN Hypervisor
Andrei Semenov

In this talk we’re presenting our work at Vates Company of enabling Secure Encrypted Virtualization (SEV) technology for Xen Project open-source hypervisor. SEV is an extension of AMD-V technology and allows to run encrypted virtual machines on the top of “untrusted” hypervisor. Even though the hypervisor still controls the lifecycle of virtual machines, it’s up to SEV enabled guest to decide whether its memory is encrypted or not. The SEV enabled hardware ensures that the hypervisor nor other software (VMs) running on the platform can’t access (decrypt) this memory.
In the heart of the SEV technology is the “AMD Secure Processor” hardware component which offers an interface to the system software (hypervisor or guest kernels) allowing to manage virtual machines and the whole platform, so these pieces of software can run and communicate without compromising each other’s security. X86 instruction set was also enriched to fully benefit from SEV technology.
We will present our project which targets to integrate SEV extension to Xen hypervisor, the necessary developments and adaptions that have been done, where we are with this project and our future work

Session Presentations
Salles de séminaire 1
12:30
12:30
45min
Lunch Break
Hall de réception
13:15
13:15
45min
PVH: limitations, requirements & future considerations

A general discussion on PVH from both guest and Dom0 perspectives.

Design Sessions
Salles de séminaire 1
14:00
14:00
45min
Future of nested virtualization in Xen

This session will focus on discussing the current state and key challenges of Nested Virtualization in Xen.

Design Sessions
Salles de séminaire 1
14:45
14:45
45min
Xen IOMMU redesign and PV-IOMMU

Discuss on the progress and next steps for IOMMU work.

Design Sessions
Salles de séminaire 1
15:30
15:30
20min
Break & Networking
Hall de réception
17:00
17:00
120min
ACONIT Exhibit (Thursday)

ACONIT, the Association for a Conservatory of Information Technology, founded in 1985 with principle objective of preserving the history of computing and creating tools to better understand and explain to the general public the risks and rewards of current developments in the information processing as it permeates deeper into society.

Address

Aconit
12 Rue Joseph Rey
38100 Grenoble

Social Events
Social Events
20:00
20:00
120min
Restaurant "La Fondue"

Located in the heart of Grenoble, La Fondue offers a warm and authentic atmosphere, perfect for wrapping up our event with great food and conversation. Known for its traditional Savoyard cuisine, the restaurant specializes in rich, flavorful cheese fondue, hearty raclette, and other regional delights.

Address

La Fondue
5 Rue Brocherie
38000 Grenoble

Social Events
Social Events
09:00
09:00
30min
Registration and Badge Pick-up

Get your badge by registering!

Registration and Badge Pick-up
Foyer
09:30
09:30
30min
Enabling UEFI Secure Boot in XCP-ng: Establishing a Robust Chain of Trust
Piotr Król

This talk will explore challenges and proposed strategies for implementing UEFI Secure Boot within Xen and downstream distributions like XCP-ng or Qubes OS, focusing on how these changes can enhance security and contribute to a more unified framework for future development.

We will begin by examining why UEFI Secure Boot is essential in continuing the transitive chain established by the modern static root of trust, and its synergy with TrenchBoot and DRTM technology. We will delve into the implications of the UEFI Secure Boot process, showing why simply signing bootloaders and hypervisor binaries is insufficient; a comprehensive implementation must address the entire boot chain.

Session Presentations
Salles de séminaire 1
10:00
10:00
30min
Hiding VMI Pauses on a networked Xen-Based Sandbox with TANSIV
Léo Cosseron

Malware analysis sandboxes use virtual machine introspection (VMI) to analyze
malware samples. VMI is a set of techniques to monitor the execution of a
virtual machine (VM) while remaining isolated from the VM. Some so-called
evasive malware detects VM execution pauses caused by VMI to avoid exhibiting
their malicious behavior. This problem tends to disappear since sandbox
designers manipulate the VM clock to hide these pauses. On the other hand, the
fake network created by a sandbox offers new opportunities to evasive malware.
Indeed, VMI pauses have a measurable impact on network performance. In this way,
malware can detect performance differences between the observed network and the
network of the target system.

To solve this problem, the TANSIV approach consists in building the sandbox
network on top of a discrete-event network simulator. The simulator defines the
time reference and TANSIV coordinates the flow of time, by synchronizing the
virtual clocks with the simulator clock. Packets emitted by the VMs are
intercepted and transmitted to the destination VM at the virtual time calculated
by the simulator. The VMs are regularly interrupted to resynchronize them with
the network simulator. In the case of hardware virtualization, in addition to
manipulating the virtual clocks to hide VMI pauses, TANSIV hides the
synchronization pauses with the network simulator.

TANSIV is portable between hypervisors and has been ported on the Xen
hypervisor. Moreover TANSIV has been integrated with DRAKVUF, an open-source
Xen-based hypervisor which leverages VMI to analyze Xen guests. Our results show
that TANSIV is able to hide the impact of VMI pauses both on local and network
timings.

Session Presentations
Salles de séminaire 1
10:30
10:30
30min
Break and Networking
Hall de réception
11:00
11:00
30min
Characterizing live migration of virtual machines between heterogeneous CPUs
Alain Tchana, CALEB FONYUY-ASHERI SUUYNYUY

Live migration of virtual machines is a concept highly used in cloud computing environments for various reasons such as server upgrades, consolidation to reduce energy consumption, etc. This migration
however faces several challenges when taking place between servers that present a heterogeneous set of processors. It is important to properly characterize this heterogeneity as well as evaluate its impact on virtual machine migration within the context of a data center. Our work aims at providing an extensive characterization of migration issues related to processor heterogeneity and propose an amelioration to the virtual machine migration algorithm in the context.

Session Presentations
Salles de séminaire 1
11:30
11:30
30min
Enhancing Q35 Support in Xen
Thierry Escande

This session will delve into the current state of Q35 and aim to agree on the technical approach for achieving robust PCIe device support.

Session Presentations
Salles de séminaire 1
12:00
12:00
30min
REX: Integrating xcp-ng + xoa "as a Service"
Julien Durillon

In order to provide a IaaS experience to Clever Cloud customers, we decided to work on a "Xen as a Service" approach. In this presentation, I will recollect the challenges and choices we made to run xcp-ng inside our VMs.

Session Presentations
Salles de séminaire 1
12:30
12:30
45min
Lunch Beak
Hall de réception
13:15
13:15
45min
Strengthening collaboration between Xen and academia

This session aims to bridge the gap between research labs and the Xen Project by identifying synergies and mutual benefits. We’ll discuss how Xen can support academic research, how research can contribute to Xen’s evolution, and potential papers to increase Xen’s visibility.

Design Sessions
Salles de séminaire 1
14:00
14:00
45min
Getting started with Xen's codebase

(Note: may only happen if someone more knowledgeable of the topic than me can lead the sessions)

A practical session to discover Xen’s codebase structure, and maybe how to do a small example modification. Also: how to navigate the dozens git repositories on xen.org.

Design Sessions
Salles de séminaire 1
14:45
14:45
45min
Better hardware & power management

Since XSA-351, coretemp and similar modules can no longer be used in Dom0 for hardware data access.

Design Sessions
Salles de séminaire 1
15:30
15:30
90min
Networking and goodbye
Hall de réception
17:00
17:00
120min
ACONIT Exhibit (Friday)

ACONIT, the Association for a Conservatory of Information Technology, founded in 1985 with principle objective of preserving the history of computing and creating tools to better understand and explain to the general public the risks and rewards of current developments in the information processing as it permeates deeper into society.

Address

Aconit
12 Rue Joseph Rey
38100 Grenoble

Social Events
Social Events