STATUS: OPERATIONAL

Installing and Configuring the Xen Hypervisor

Table of Contents

1. Introduction

Virtualization is implemented through a software layer known as a hypervisor. Hypervisors are broadly categorized into two types. Type-2, or hosted, hypervisors (e.g., VirtualBox, VMware Workstation) run as applications atop a conventional host operating system. While convenient, they introduce performance overhead due to the additional OS layer. In contrast, Type-1, or bare-metal, hypervisors (e.g., Xen Project, VMware ESXi) run directly on the host's hardware, taking on the role of the operating system itself. This architecture grants them direct access to hardware resources, resulting in superior performance, security, and isolation—characteristics that make them the standard in enterprise and cloud computing environments.

2. Xen Hypervisor Installation

ssh user@laptop-ip

Install the Xen hypervisor and the command-line tools. 

apt install xen-system-amd64

3. GRUB Configuration

Find the Xen menu entry name as GRUB sees it. You can find this by searching the GRUB config file. 

grep 'menuentry' /boot/grub/grub.cfg

Edit the GRUB default file. 

nano /etc/default/grub

Set the default. Change GRUBDEFAULT=0 to the full name of the Xen entry in quotes, like this: 

GRUB_DEFAULT="Debian GNU/Linux GNU/Linux, with Xen hypervisor>Debian GNU/Linux GNU/Linux, with Xen 4.20-amd64.efi and Linux 6.12.43+deb13-amd64"

Update GRUB again and reboot. 

update-grub && reboot

Once you log back into Debian, you can confirm that Xen is active and that the Debian system is running as the host OS, Dom0. 

sudo xl info

You may need to install the sudo utility.

4. Xen Hypervisor Configuration

Modify the GRUBCMDLINEXENDEFAULT and GRUBCMDLINELINUXDEFAULT lines. These settings:

  • Enable IOMMU in Xen (iommu=1) and the Linux kernel (inteliommu=on iommu=pt).
  • Limit Dom0's resources for stability (dom0mem, dom0maxvcpus).
  • Dedicate specific CPU cores to Dom0 for performance (dom0vcpuspin).
  • Crucially, hide the target PCI device (0000:01:00.0) from Dom0 so we can test VT-d.

Your final lines should look like this: 

GRUB_DEFAULT="Debian GNU/Linux GNU/Linux, with Xen Hypervisor>Debian GNU/Linux GNU/Linux, with Xen 4.20-amd.efi and Linux 6.12.43+deb13-a>GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`( . /etc/os-release && echo ${NAME} )`
GRUB_CMDLINE_XEN_DEFAULT="iommu=1 dom0_mem=4096M,max:4096M dom0_max_vcpus=2 dom0_vcpus_pin xen-pciback.hide=(0000:01:00.0)"
GRUB_CMDLINE_LINUX_DEFAULT="intel_iommu=on iommu=pt"
GRUB_CMDLINE_LINUX=""