A key feature in virtualization support is the addition of a hypervisor-controlled second stage of translation. This allows a hypervisor to control which areas of physical memory are available to a virtual machine. Figure 2 illustrates the basic idea. A guest operating system controls the first stage of translation, which translates between the virtual address space (VA) and the intermediate physical address space (IPA). A second stage of translation, controlled by the hypervisor, translates between IPA and physical address space (PA). This enables a hypervisor to control which portions of the physical address space are visible to a given virtual machine.
It accomplishes the goal by exploiting virtualization support in hardware as much as possible and using paravirtualized interfaces for IO. As a result Xen on ARM is faster and more secure.
Xen discovers the hardware via device tree. It assigns all the devices that it does not use to Dom0 by remapping the corresponding MMIO regions and interrupts. It generates a flatten device tree binary for Dom0 that describes exactly the environment exposed to it.
hierarchy of devices and specifying what type they are and a set of “bindings” for that device. A binding is essentially a schema for specifying I/O regions, interrupt mappings, GPIOs and clocks etc.