--- wikisrc/ports/xen/howto.mdwn	2019/04/11 17:31:14	1.164
+++ wikisrc/ports/xen/howto.mdwn	2020/04/03 10:48:35	1.168
@@ -45,12 +45,12 @@ matching versions.
 Versions available in pkgsrc:
 
 [[!table data="""
-Xen Version	|Package Name	|Xen CPU Support	|EOL'ed By Upstream
-4.2		|xenkernel42	|32bit, 64bit		|Yes
-4.5		|xenkernel45	|64bit			|Yes
-4.6		|xenkernel46	|64bit			|Partially
-4.8		|xenkernel48	|64bit			|No
-4.11		|xenkernel411	|64bit			|No
+Xen Version	|Package Name	|Xen CPU Support	|xm?	|EOL'ed By Upstream
+4.2		|xenkernel42	|i386 x86_64		|yes	|Yes
+4.5		|xenkernel45	|x86_64			|	|Yes
+4.6		|xenkernel46	|x86_64			|	|Yes
+4.8		|xenkernel48	|x86_64			|	|Yes
+4.11		|xenkernel411	|x86_64			|	|No
 """]]
 
 See also the [Xen Security Advisory page](http://xenbits.xen.org/xsa/).
@@ -63,27 +63,34 @@ dom0		|No
 domU		|Yes
 """]]
 
-Note: NetBSD support is called XEN3. However, it does support Xen 4,
+Note: NetBSD support is called XEN3.  However, it does support Xen 4,
 because the hypercall interface has remained identical.
 
+Older Xen had a python-based management tool called xm, now replaced
+by xl.  xm is obsolete, but 4.2 remains in pkgsrc because migrating
+from xm to xl is not always trivial, and because 4.2 is the last
+version to run on an i386 dom0.
+
 Architecture
 ------------
 
-Xen itself runs on x86_64 hardware.
+Xen 4.5 and later runs on x86_64 hardware (the NetBSD amd64 port).
+Xen 4.2 can in theory use i386 hardware, but we do not have
+recent reports of success.
 
 The dom0 system, plus each domU, can be either i386PAE or amd64.
 i386 without PAE is not supported.
 
 The standard approach is to use NetBSD/amd64 for the dom0.
 
-To use an i386PAE dom0, one must build or obtain a 64bit Xen kernel and
-install it on the system.
+To use an i386PAE dom0 (other than on 4.2), one must build or obtain a
+64bit Xen kernel and install it on the system.
 
 For domUs, i386PAE is considered as
 [faster](https://lists.xen.org/archives/html/xen-devel/2012-07/msg00085.html)
 than amd64.
 
-#Creating a dom0
+# Creating a dom0
 
 In order to install a NetBSD as a dom0, one must first install a normal
 NetBSD system, and then pivot the install to a dom0 install by changing
@@ -283,7 +290,7 @@ the dom0.  NetBSD's /dev/random system w
 Config files
 ------------
 
-See /usr/pkg/share/examples/xen/xlexample*,
+See /usr/pkg/share/examples/xen/xlexample*
 for a small number of well-commented examples, mostly for running
 GNU/Linux.
 
@@ -650,14 +657,6 @@ A second issue is multiple CPUs.  With N
 multiple vcpus, and it is typical for VPS providers to enable multiple
 CPUs for NetBSD domUs.
 
-pygrub
--------
-
-pygrub runs in the dom0 and looks into the domU file system.  This
-implies that the domU must have a kernel in a file system in a format
-known to pygrub.  As of 2014, pygrub seems to be of mostly historical
-interest.
-
 pvgrub
 ------
 
@@ -684,6 +683,21 @@ partition for the kernel with the intent
 which leads to /netbsd not being the actual kernel.  One must remember
 to update the special boot partition.
 
+pygrub
+-------
+
+pygrub runs in the dom0 and looks into the domU file system.  This
+implies that the domU must have a kernel in a file system in a format
+known to pygrub.
+
+pygrub doesn't seem to work to load Linux images under NetBSD dom0,
+and is inherently less secure than pvgrub due to running inside dom0. For both these
+reasons, pygrub should not be used, and is only still present so that
+historical DomU images using it still work.
+
+As of 2014, pygrub seems to be of mostly historical
+interest. New DomUs should use pvgrub.
+
 Amazon
 ------