-current paravirtualized kernel on bare hardware
It is message I found running installer. So installer kernel is paravirtualized - does it mean it was build to work in virtual environment and kernel warns that it is not good idea to run such kernel on bare hardware?
|
The Slackware kernel is not built/optimized for virtualized environments. You will probably have to build the correct modules for the correct bare metal hypervisor (Xen or ESXi).
|
My point is why to use paravirtualized - whatever that means - kernel as kernel used during installation. Final installed kernel comes from package. Does paravirtualized is the same as vanilla? What is purpose of this? Why not to use just common vanilla kernel? I emphasize: it is all about installer kernel. Just there is something I don't understand.*And no one warned us that kernel has something peculiar inside.
|
To put it simply, Paravirtualization allows for better performance over Full Virtualization.
https://en.wikipedia.org/wiki/Paravirtualization |
Quote:
Quote:
Quote:
|
Its not a warning at all: its informational in fact, as this means this kernel can run unmodified on both bare metal and on VMs. Contrast with say, booting the same under a hypervisor, it'll tell this instead:
Code:
root@current:~# dmesg | grep paravirt |
Quote:
Under Xen you will not get the benefit of PV unless the PV drivers are loaded. If you don't load PV drivers (because they're absent from the kernel) Xen will switch to pure HVM mode, and present you with a Xen SCSI controller much like any real hardware. You're stuck with this 'hardware' until you reboot. You can either have one or the other. For the newcomer this is a bit strange. I expected a configuration option to determine the functionality presented to the guest but it's all done through the behaviour of the guest on boot. Under ESXi it seems to work slightly differently. You get to choose in VM config whether you want PV or SCSI-this or SCSI-that (there are a few choices), however VMWare seems to have done a lot more work on optimising the non-PV case, so without PV it seems to perform rather better than HVM Xen. I think a lot of confusion may persist about PV vs HVM modes because a lot of Slackware-related stuff talks about pure PV booting (which will require a special kernel, more akin to user-mode linux) instead of the latterly introduced HVM booting. For some time PV out-performed HVM, but this is no longer the case see: https://cloudacademy.com/blog/aws-am...irtual-amazon/ |
BUT, is not a security liability having a virtualized kernel on bare hardware? There is no performance impact?
In the Linux reunions where I have been, I heard discussions about about the possibility to have rogue virtual machines at EFI level, planted for industrial espionage in the boot or ESP partition. After all, that's WHY they insists on having signed EFI binaries and the motherboards offers the ability to the disable hardware virtualization. How Slackware looks intending to look to Enterprise, as probably only there matters that PAM and Kerberos, does not introduce those virtualization ready kernels a security flaw? After all, I believe that those virtualized kernels should be stand-alone, and eventually aware chosen by user, instead of having them by default. I for one, I do not need virtualization, but a maximum performance, also. |
Quote:
|
Quote:
A virtualized kernel doesn't simplify the life of a rogue virtual machine put in a computer for whatever rogue reasons? |
Quote:
In terms of security, of course there is potential increase in attack surface if including something you don't need, but normal kernels are surely going to be susceptible to blue pill concepts as well, if that's what you mean? |
Quote:
|
Quote:
|
Quote:
|
Quote:
Code:
--- config-5.7.7-default 2020-07-01 14:29:54.000000000 +0300 |
All times are GMT -5. The time now is 11:32 PM. |