cmos-rtc-probe:
Now defaults to true, works around buggy ACPI implementations.
conring_size=64k:
Increases the scrollback in the console of dom0.
console_timestamps:
Use boot timestamps by default, like dmesg.
efi:attr=uc:
Map EFI memory regions of unknown/unrecognized cacheability as
fully uncachable. This might improve compatibility with some
UEFI platforms.
extra_guest_irqs=64,:
Increases the amount of PCI-IRQs to 64. Should improve
compatibility and/or performance with PCI passthrough.
pv:32=$pv-shim:
Automatically enable support for 32bit PV guests if xen is
running in PV shim mode.
pv-linear-pt=false:
Reduces attack surface by default instead of being opt-in.
scrub-domheap=true:
Scrub domains' freed pages to avoid domains leaking secrets by
releasing pages without proper sanitization. If they're passed
to a new domain these secrets could be recoverable if not
scrubbed.
watchdog=force:
Panics if a processor is stuck for longer than the watchdog
timeout. If a processor is stuck on a domU the watchdog will
kill the domain. The toolstack will decide whether the domain is
rebooting or shutting down. If a panic occurs on dom0 it will
crash the host.
cmos-rtc-probe: Now defaults to true, works around buggy ACPI implementations.
conring_size=64k: Increases the scrollback in the console of dom0.
console_timestamps: Use boot timestamps by default, like dmesg.
efi:attr=uc: Map EFI memory regions of unknown/unrecognized cacheability as fully uncachable. This might improve compatibility with some UEFI platforms.
extra_guest_irqs=64,:
Increases the amount of PCI-IRQs to 64. Should improve
compatibility and/or performance with PCI passthrough.
pv:32=$pv-shim: Automatically enable support for 32bit PV guests if xen is running in PV shim mode.
pv-linear-pt=false: Reduces attack surface by default instead of being opt-in.
scrub-domheap=true: Scrub domains' freed pages to avoid domains leaking secrets by releasing pages without proper sanitization. If they're passed to a new domain these secrets could be recoverable if not scrubbed.
watchdog=force: Panics if a processor is stuck for longer than the watchdog timeout. If a processor is stuck on a domU the watchdog will kill the domain. The toolstack will decide whether the domain is rebooting or shutting down. If a panic occurs on dom0 it will crash the host.