Issue
0
Greetings,

Thank you in advance for your support!

Our HP Xen 4.1.3 servers have 1TB of RAM, each Xen servers take 20 minutes to boot largely due to the "scrub free RAM" phase. If/when we have dom0 failures and HA kicks-in, we would like to reduce the boot time to make the resource quickly available, perhaps using the no-bootscrub attribute in grub.conf.

Could you please share your comments about turning of RAM scrubbing, i.e. have you seen any consequences, security issues and/or threats, red flags, etc...?

Respectfully,
Roddy

Accepted Answer

Lars Kurth
Lars Kurth
Offline
Friday, October 18 2013, 08:14 AM - #permalink
0
I am cross-posting the link to the xen-devel thread : see http://lists.xenproject.org/archives/html/xen-devel/2013-10/msg00763.html

For context:

  • In the Xen model, domains are responsible for clearing any sensitive data they have out of memory before shutdown. The bootscrub is a preventative measure to ensure that after a crash, stale domain information is cleared from RAM before that RAM is reused for a new VM. If this is not a concern for you, then you can easily turn bootscrub off by adding no-bootscrub (see http://xenbits.xen.org/docs/unstable/misc/xen-command-line.html) in /etc/dafault/grub to the Xen command line.
  • There is also a patch to parallelize scrubbing that was posted recently at http://lists.xen.org/archives/html/xen-devel/2013-09/msg03171.html but has not made it yet into the tree


There is no specific answer to have you seen any consequences, security issues and/or threats, red flags to turning off scrubbing. This is probably more of a privacy of data, rather than security issue though.
The reply is currently minimized Show
Responses (1)
  • Accepted Answer

    Friday, October 11 2013, 08:07 PM - #permalink
    0
    It looks like you've taken this to the mailing lists already, which is a good move. If you don't find satisfaction there, let us know.
    The reply is currently minimized Show
Your Reply