CH 8.2
-
Xen is
4.13.1-9.1
and Dom0 kernel is4.19.0+1
. Not surprising for a Citrix LTS -
Since Xen Project released brand new 4.14 version just recent, is it too late to include it in 8.2 XCP-ng release?
-
@mathsq4 we don't do that. Including a new Xen version is often requiring a lot of work to be sure the API/ABI doesn't break anything, and probably modify stuff around it.
We could always try somehow at some point in testing repo, but it's far harder than you might think in the first place
-
Do you think Ivy Bridge will not work with XCP NG 8.2? I have a homelab and have little desire to retire my xeon
-
Again, nothing will be "blocked". It's just you won't have sec updates on those CPU because Intel stopped to ship fixed microcodes. So Citrix (and us) can't tell you are secure with those anymore (because of Intel)
-
What about future support for old AMD CPUs? I see Opteron 61xx and older support was removed in CH 8.0, are there any known issues with 62xx/63xx/P series that might cause them to become unsupported in the near future?
I rely on used servers mainly for cost reasons, recently moved from Intel to AMD in the hope they will be less insecure (not perfect either, but what is), current 6338P CPUs from 2014 seem to be good enough for now, until shiny new EPYC become cheaper in a few years... -
I have no idea. In general, "Unsupported" means no security patches possible for those old CPUs.
Does those CPUs got NPT? (Nested Page Tables)
-
According to wikipedia: "AMD Opteron CPUs beginning with the Family 0x10 Barcelona line, and Phenom II CPUs, support a second generation hardware virtualization technology called Rapid Virtualization Indexing (formerly known as Nested Page Tables during its development), later adopted by Intel as Extended Page Tables (EPT). " - so that would be since about 2008 or so.
Later there have been some critical microcode updates, 63xx series got one in 2016 (unprivileged guest could crash the host), not sure which older CPUs have this update and which don't.
-
So there's good chances it will work, but don't expect any serious security provided by AMD microcodesβ¦
-
@olivierlambert what people often forget or not think about: You want to have someting mature, tested, stability proven - especially for an LTSR. People who stay on these branches don't do it for bleeding edge stuff.
-
I don't get it, what's the connection with the current discussion?