Xen Project Q&A Forum: First Line Help for Simple Questions
This is your chance to ask questions and provide answers about basic use of the Xen Project software. For debugging problems and for more complex issues, consider using the xen-users mailing list instead. You can find information about xen-users under "HELP | Mailing Lists" in the navigation bar above.
Thank you in advance for your support!
Our HP Xen 4.1.3 servers have 1TB of RAM, each Xen servers take 20 minutes to boot largely due to the "scrub free RAM" phase. If/when we have dom0 failures and HA kicks-in, we would like to reduce the boot time to make the resource quickly available, perhaps using the no-bootscrub attribute in grub.conf.
Could you please share your comments about turning of RAM scrubbing, i.e. have you seen any consequences, security issues and/or threats, red flags, etc...?
- In the Xen model, domains are responsible for clearing any sensitive data they have out of memory before shutdown. The bootscrub is a preventative measure to ensure that after a crash, stale domain information is cleared from RAM before that RAM is reused for a new VM. If this is not a concern for you, then you can easily turn bootscrub off by adding no-bootscrub (see http://xenbits.xen.org/docs/unstable/misc/xen-command-line.html) in /etc/dafault/grub to the Xen command line.
- There is also a patch to parallelize scrubbing that was posted recently at http://lists.xen.org/archives/html/xen-devel/2013-09/msg03171.html but has not made it yet into the tree
There is no specific answer to have you seen any consequences, security issues and/or threats, red flags to turning off scrubbing. This is probably more of a privacy of data, rather than security issue though.
Accepted AnswerRussell PavlicekOffline