Xen: finishing the job
Posted Mar 12, 2009 23:57 UTC (Thu) by efexis
In reply to: Xen: finishing the job
Parent article: Xen: finishing the job
"Xen is not a full hypervisor until it loads the first domain - dom0"
Yes but the domU's can't talk directly to the dom0 without going through the hypervisor code though can they? This means that dom0 doesn't have to be provably secure if the hypervisor is. The hypervisor is acting like a firewall between networks, and the smaller and simpler this bit of code is, the easier it is to reach higher levels of certainty that the system is secure.
to post comments)