From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: Is there an issue with turning off "scrubbing free RAM" on boot with Xen 4.1.3 Date: Thu, 10 Oct 2013 10:42:14 +0100 Message-ID: <52567676.3010102@citrix.com> References: <52559F56.3070901@mokumsolutions.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4164725848202587727==" Return-path: Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VUClT-0008R9-El for xen-devel@lists.xenproject.org; Thu, 10 Oct 2013 09:42:39 +0000 In-Reply-To: <52559F56.3070901@mokumsolutions.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Roddy Rodstein Cc: xen-devel@lists.xenproject.org List-Id: xen-devel@lists.xenproject.org --===============4164725848202587727== Content-Type: multipart/alternative; boundary="------------050007000604080901050502" --------------050007000604080901050502 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit On 09/10/13 19:24, Roddy Rodstein wrote: > > Greetings, > > > > Thank you in advance for your support! > > > > Our HP Xen 4.1.3 servers have 1TB of RAM, each Xen servers take 20 > minutes to boot largely due to the "scrub free RAM" phase. If/when we > have dom0 failures and HA kicks-in, we would like to reduce the boot > time to make the resource quickly available, perhaps using the > no-bootscrub attribute in grub.conf. > > > > Could you please share your comments about turning of RAM scrubbing, > i.e. have you seen any consequences, security issues and/or threats, > red flags, etc...? > > > > We have asked the same question at the commercially supported Xen > forums, i.e. Oracle and Citrix, as well as to each aforementioned > support team, and have not received a lick of meaningful information. > > > > Respectfully, > > Roddy > In the Xen model, domains are responsible for clearing any sensitive data they have out of memory before shutdown. The bootscrub is a preventative measure to ensure that after a crash, stale domain information is cleared from RAM before that RAM is reused for a new VM. If this is not a concern for you, then you can easily turn bootscrub off by adding "no-bootscrub" to the Xen command line. ~Andrew --------------050007000604080901050502 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit
On 09/10/13 19:24, Roddy Rodstein wrote:

Greetings,

 

Thank you in advance for your support!

 

Our HP Xen 4.1.3 servers have 1TB of RAM, each Xen servers take 20 minutes to boot largely due to the "scrub free RAM" phase. If/when we have dom0 failures and HA kicks-in, we would like to reduce the boot time to make the resource quickly available, perhaps using the no-bootscrub attribute in grub.conf.

 

Could you please share your comments about turning of RAM scrubbing, i.e. have you seen any consequences, security issues and/or threats, red flags, etc...?

 

We have asked the same question at the commercially supported Xen forums, i.e. Oracle and Citrix, as well as to each aforementioned support team, and have not received a lick of meaningful information.

 

Respectfully,

Roddy


In the Xen model, domains are responsible for clearing any sensitive data they have out of memory before shutdown.

The bootscrub is a preventative measure to ensure that after a crash, stale domain information is cleared from RAM before that RAM is reused for a new VM.

If this is not a concern for you, then you can easily turn bootscrub off by adding "no-bootscrub" to the Xen command line.

~Andrew
--------------050007000604080901050502-- --===============4164725848202587727== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============4164725848202587727==--