diff --git a/.goreleaser-stable.yaml b/.goreleaser-stable.yaml
index 1b236db8d..3fb3e4901 100644
--- a/.goreleaser-stable.yaml
+++ b/.goreleaser-stable.yaml
@@ -171,11 +171,7 @@ builds:
     binary: #@ bin
     main: #@ "./cmd/{}".format(bin)
     env:
-    #@ if bin == "runu":
       - CGO_ENABLED=1
-    #@ else:
-      - CGO_ENABLED=0
-    #@ end
       - GOMOD=kraftkit.sh
     goos:
       - #@ os
@@ -186,9 +182,20 @@ builds:
       - -X {{ .Env.GOMOD }}/internal/version.version={{ .Version }}
       - -X {{ .Env.GOMOD }}/internal/version.commit={{ .Commit }}
       - -X {{ .Env.GOMOD }}/internal/version.buildTime={{ .Date }}
+      #@ if bin == "kraft" and os == "linux":
+      - -linkmode external -extldflags "-static -lyajl -Wl,--whole-archive -llzma -lbz2 -lzstd -llzo2
+        -lxenguest -Wl,--no-whole-archive -lxenevtchn -lxenlight -lxenstore -lxenctrl
+        -lxenforeignmemory -lxenforeignmemory -lxencall -lxentoolcore -lxenhypfs
+        -lxendevicemodel -lxengnttab -lxentoollog -lz -lnl-route-3 -lnl-3 -luuid -lutil"
+      #@ else:
+      - -linkmode external -extldflags "-static"
+      #@
     tags:
       - containers_image_storage_stub
       - containers_image_openpgp
+      #@ if bin == "kraft" and os == "linux":
+      - xen
+      #@ end
 #@ end
 #@ end
 #@ end
diff --git a/.goreleaser-staging.yaml b/.goreleaser-staging.yaml
index 2b60ee425..58c1d9872 100644
--- a/.goreleaser-staging.yaml
+++ b/.goreleaser-staging.yaml
@@ -84,11 +84,7 @@ builds:
     binary: #@ bin
     main: #@ "./cmd/{}".format(bin)
     env:
-    #@ if bin == "runu":
       - CGO_ENABLED=1
-    #@ else:
-      - CGO_ENABLED=0
-    #@ end
       - GOMOD=kraftkit.sh
     goos:
       - #@ os
@@ -99,9 +95,20 @@ builds:
       - -X {{ .Env.GOMOD }}/internal/version.version={{ .Version }}
       - -X {{ .Env.GOMOD }}/internal/version.commit={{ .Commit }}
       - -X {{ .Env.GOMOD }}/internal/version.buildTime={{ .Date }}
+      #@ if bin == "kraft" and os == "linux":
+      - -linkmode external -extldflags "-static -lyajl -Wl,--whole-archive -llzma -lbz2 -lzstd -llzo2
+        -lxenguest -Wl,--no-whole-archive -lxenevtchn -lxenlight -lxenstore -lxenctrl
+        -lxenforeignmemory -lxenforeignmemory -lxencall -lxentoolcore -lxenhypfs
+        -lxendevicemodel -lxengnttab -lxentoollog -lz -lnl-route-3 -lnl-3 -luuid -lutil"
+      #@ else:
+      - -linkmode external -extldflags "-static"
+      #@
     tags:
       - containers_image_storage_stub
       - containers_image_openpgp
+      #@ if bin == "kraft" and os == "linux":
+      - xen
+      #@ end
 #@ end
 #@ end
 #@ end
diff --git a/Makefile b/Makefile
index fb6f75f15..2b5d0ac0c 100644
--- a/Makefile
+++ b/Makefile
@@ -140,16 +140,20 @@ $(addprefix $(.PROXY), $(BIN)): GO_GCFLAGS ?= -N -l
 else
 $(addprefix $(.PROXY), $(BIN)): GO_LDFLAGS ?= -s -w
 endif
+
+ifeq ($(XEN), y)
+$(addprefix $.PROXY), $(BIN)): TAGS ?= xen,
+endif
+$(addprefix $(.PROXY), $(BIN)): TAGS += containers_image_storage_stub,containers_image_openpgp
 $(addprefix $(.PROXY), $(BIN)): GO_LDFLAGS += -X "$(GOMOD)/internal/version.version=$(VERSION)"
 $(addprefix $(.PROXY), $(BIN)): GO_LDFLAGS += -X "$(GOMOD)/internal/version.commit=$(GIT_SHA)"
 $(addprefix $(.PROXY), $(BIN)): GO_LDFLAGS += -X "$(GOMOD)/internal/version.buildTime=$(shell date)"
-$(addprefix $(.PROXY), $(BIN)): tidy
 $(addprefix $(.PROXY), $(BIN)):
 	GOOS=$(GOOS) \
 	GOARCH=$(GOARCH) \
 	$(GO) build \
 		-v \
-		-tags "containers_image_storage_stub,containers_image_openpgp" \
+		-tags '$(TAGS)' \
 		-buildmode=pie \
 		-gcflags=all='$(GO_GCFLAGS)' \
 		-ldflags='$(GO_LDFLAGS)' \
@@ -164,6 +168,10 @@ $(addprefix $(.PROXY), $(TOOLS)): GO_GCFLAGS ?= -N -l
 else
 $(addprefix $(.PROXY), $(TOOLS)): GO_LDFLAGS ?= -s -w
 endif
+ifeq ($(XEN), y)
+$(addprefix $.PROXY), $(TOOLS)): TAGS ?= xen,
+endif
+$(addprefix $(.PROXY), $(TOOLS)): TAGS += containers_image_storage_stub,containers_image_openpgp
 $(addprefix $(.PROXY), $(TOOLS)): GO_LDFLAGS += -X "$(GOMOD)/internal/version.version=$(VERSION)"
 $(addprefix $(.PROXY), $(TOOLS)): GO_LDFLAGS += -X "$(GOMOD)/internal/version.commit=$(GIT_SHA)"
 $(addprefix $(.PROXY), $(TOOLS)): GO_LDFLAGS += -X "$(GOMOD)/internal/version.buildTime=$(shell date)"
diff --git a/buildenvs/Makefile b/buildenvs/Makefile
index 5d2497a3c..7d5f23cd9 100644
--- a/buildenvs/Makefile
+++ b/buildenvs/Makefile
@@ -22,6 +22,26 @@ PLATFORM     ?= linux/x86_64
 
 WITH_CACHE   ?= y
 
+.PHONY: xen
+xen: XEN_VERSION   ?= 4.18
+xen: MAKE_NPROC    ?= $(shell nproc)
+xen: ENVIRONMENT   ?= xen
+xen: IMAGE         ?= $(REGISTRY)/xen:$(XEN_VERSION)
+ifeq ($(WITH_CACHE),y)
+xen: _WITH_CACHE  := --cache-from $(IMAGE)
+else
+xen: _WITH_CACHE  := --no-cache
+endif
+xen:
+	$(DOCKER) build \
+		--platform $(PLATFORM) \
+		--build-arg XEN_VERSION=$(XEN_VERSION) \
+		--build-arg MAKE_NPROC=$(MAKE_NPROC) \
+		--tag $(IMAGE) \
+		$(_WITH_CACHE) \
+		--file $(BUILDENVSDIR)/xen.Dockerfile \
+		$(DOCKER_BUILD_EXTRA) $(WORKDIR)
+
 .PHONY: qemu
 qemu: QEMU_VERSION ?= 8.2.4
 qemu: MAKE_NPROC   ?= $(shell nproc)
@@ -47,6 +67,7 @@ myself: GO_VERSION  ?= 1.22.3
 myself: ENVIRONMENT ?= myself
 myself: IMAGE       ?= $(REGISTRY)/myself:$(IMAGE_TAG)
 myself: TARGET      ?= kraftkit
+myself: XEN_VERSION ?= 4.18
 ifeq ($(WITH_CACHE),y)
 myself: _WITH_CACHE := --cache-from $(IMAGE)
 else
@@ -56,6 +77,7 @@ myself:
 	$(DOCKER) build \
 		--platform $(PLATFORM) \
 		--build-arg GO_VERSION=$(GO_VERSION) \
+		--build-arg XEN_VERSION=$(XEN_VERSION) \
 		--tag $(IMAGE) \
 		--target $(TARGET) \
 		$(_WITH_CACHE) \
@@ -72,6 +94,7 @@ base: GO_VERSION       ?= 1.22.3
 base: IMAGE            ?= $(REGISTRY)/base:$(IMAGE_TAG)
 base: KRAFTKIT_VERSION ?= latest
 base: QEMU_VERSION     ?= 8.2.4
+base: XEN_VERSION      ?= 4.18
 ifeq ($(WITH_CACHE),y)
 base: _WITH_CACHE      := --cache-from $(IMAGE)
 else
@@ -82,6 +105,7 @@ base:
 		--build-arg GO_VERSION=$(GO_VERSION) \
 		--build-arg KRAFTKIT_VERSION=$(KRAFTKIT_VERSION) \
 		--build-arg QEMU_VERSION=$(QEMU_VERSION) \
+		--build-arg XEN_VERSION=$(XEN_VERSION) \
 		--build-arg REGISTRY=$(REGISTRY) \
 		--tag $(IMAGE) \
 		$(_WITH_CACHE) \
@@ -94,6 +118,7 @@ base-golang: GO_VERSION       ?= 1.22.3
 base-golang: IMAGE            ?= $(REGISTRY)/base-golang:$(IMAGE_TAG)
 base-golang: KRAFTKIT_VERSION ?= latest
 base-golang: QEMU_VERSION     ?= 8.2.4
+base-golang: XEN_VERSION      ?= 4.18
 ifeq ($(WITH_CACHE),y)
 base-golang: _WITH_CACHE      := --cache-from $(IMAGE)
 else
@@ -105,6 +130,7 @@ base-golang:
 		--build-arg GO_VERSION=$(GO_VERSION) \
 		--build-arg KRAFTKIT_VERSION=$(KRAFTKIT_VERSION) \
 		--build-arg QEMU_VERSION=$(QEMU_VERSION) \
+		--build-arg XEN_VERSION=$(XEN_VERSION) \
 		--build-arg REGISTRY=$(REGISTRY) \
 		--tag $(IMAGE) \
 		$(_WITH_CACHE) \
diff --git a/buildenvs/base.Dockerfile b/buildenvs/base.Dockerfile
index 809ecf2d1..536ecf6d4 100644
--- a/buildenvs/base.Dockerfile
+++ b/buildenvs/base.Dockerfile
@@ -6,8 +6,10 @@ ARG DEBIAN_VERSION=bookworm-20240513
 ARG KRAFTKIT_VERSION=latest
 ARG QEMU_VERSION=8.2.4
 ARG REGISTRY=kraftkit.sh
+ARG XEN_VERSION=4.18
 
 FROM ${REGISTRY}/qemu:${QEMU_VERSION}       AS qemu
+FROM ${REGISTRY}/xen:${XEN_VERSION}			AS xen
 FROM ${REGISTRY}/myself:${KRAFTKIT_VERSION} AS kraftkit
 FROM debian:${DEBIAN_VERSION}               AS base
 
@@ -15,6 +17,9 @@ COPY --from=qemu     /bin/        /usr/local/bin
 COPY --from=qemu     /share/qemu/ /share/qemu
 COPY --from=qemu     /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu
 COPY --from=kraftkit /kraft       /usr/local/bin
+COPY --from=xen 	 /usr/lib/x86_64-linux-gnu/*.a /lib/x86_64-linux-gnu
+COPY --from=xen 	 /usr/local/lib/libxen*.a /usr/local/lib/libxen*.so* /usr/local/lib
+COPY --from=xen		 /usr/local/include/* /usr/local/include
 
 # Install unikraft dependencies
 RUN set -xe; \
diff --git a/buildenvs/myself.Dockerfile b/buildenvs/myself.Dockerfile
index f68142e00..4175dbe20 100644
--- a/buildenvs/myself.Dockerfile
+++ b/buildenvs/myself.Dockerfile
@@ -4,8 +4,11 @@
 # You may not use this file except in compliance with the License.
 
 ARG GO_VERSION=1.22.3
+ARG XEN_VERSION=4.18
+ARG REGISTRY=kraftkit.sh
 
-FROM golang:${GO_VERSION}-bookworm AS kraftkit-full
+FROM ${REGISTRY}/xen:${XEN_VERSION} AS xen
+FROM golang:${GO_VERSION}-bookworm  AS kraftkit-full
 
 # Install build dependencies
 RUN set -xe; \
@@ -32,6 +35,20 @@ RUN set -xe; \
     mv cosign-linux-amd64 /usr/local/bin/cosign; \
     chmod +x /usr/local/bin/cosign;
 
+COPY --from=xen /usr/local/lib/libxen*.a /usr/local/lib/libxen*.so* /usr/local/lib
+COPY --from=xen /usr/local/include/* /usr/local/include/
+COPY --from=xen /usr/lib/x86_64-linux-gnu/liblzma.a \
+				/usr/lib/x86_64-linux-gnu/libbz2.a \
+				/usr/lib/x86_64-linux-gnu/libzstd.a \
+				/usr/lib/x86_64-linux-gnu/liblzo2.a \
+				/usr/lib/x86_64-linux-gnu/libyajl.a \
+				/usr/lib/x86_64-linux-gnu/libz.a \
+				/usr/lib/x86_64-linux-gnu/libnl-route-3.a \
+				/usr/lib/x86_64-linux-gnu/libnl-3.a \
+				/usr/lib/x86_64-linux-gnu/libuuid.a \
+				/usr/lib/x86_64-linux-gnu/libutil.a \
+				/usr/lib/x86_64-linux-gnu
+
 WORKDIR /go/src/kraftkit.sh
 
 COPY --from=ghcr.io/goreleaser/goreleaser-cross:v1.22.3 /usr/bin/goreleaser /usr/bin/
@@ -56,4 +73,4 @@ FROM scratch AS kraftkit
 
 COPY --from=kraftkit-build /go/src/kraftkit.sh/dist/kraft /kraft
 
-ENTRYPOINT [ "/kraft" ]
\ No newline at end of file
+ENTRYPOINT [ "/kraft" ]
diff --git a/buildenvs/xen.Dockerfile b/buildenvs/xen.Dockerfile
new file mode 100644
index 000000000..d02519bc2
--- /dev/null
+++ b/buildenvs/xen.Dockerfile
@@ -0,0 +1,78 @@
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright (c) 2024, Unikraft GmbH and The KraftKit Authors.
+# Licensed under the BSD-3-Clause License (the "License").
+# You may not use this file except in compliance with the License.
+
+ARG DEBIAN_VERSION=bookworm-20240513
+
+FROM debian:${DEBIAN_VERSION} AS xenbuild
+
+ARG XEN_VERSION=4.18
+ARG MAKE_NPROC=1
+
+# The sed line should stay here until [1] is merged or forever if it's not
+# [1]: https://lists.xenproject.org/archives/html/xen-devel/2024-07/msg00295.html
+
+RUN set -xe; \
+	apt-get update; \
+    apt-get install -y \
+        binutils \
+        bison \
+        build-essential \
+        cmake \
+        flex \
+        gcc \
+        git \
+        iasl \
+		libbz2-dev \
+        libglib2.0-dev \
+		liblzo2-dev \
+		liblz-dev \
+		liblzma-dev \
+		libnl-3-dev \
+		libnl-route-3-dev \
+        libncurses5-dev \
+        libpixman-1-dev \
+        libslirp-dev \
+        libssh2-1-dev \
+        libssl-dev \
+		libuuid1 \
+        libyajl-dev \
+		libz3-dev \
+		libzstd-dev \
+        make \
+        ninja-build \
+        perl \
+        pkg-config \
+        python3 \
+        python3-pip \
+        python3-setuptools \
+        python3-wheel \
+        uuid-dev; \
+	pip3 install python-config --break-system-packages; \
+    git clone -b stable-${XEN_VERSION} https://xenbits.xen.org/git-http/xen.git /xen; \
+	sed '/xs.opic: CFLAGS += -DUSE_PTHREAD/a xs.o: CFLAGS += -DUSE_PTHREAD' /xen/tools/libs/store/Makefile; \
+    cd /xen; \
+    ./configure --enable-virtfs; \
+    make -j ${MAKE_NPROC} build-tools; \
+    make -j ${MAKE_NPROC} install-tools; \
+	cp  /usr/lib/x86_64-linux-gnu/libyajl_s.a /usr/lib/x86_64-linux-gnu/libyajl.a
+    #apt-get clean; \
+    #rm -rf /var/lib/apt/lists/*; \
+
+FROM scratch AS xen
+
+COPY --from=xenbuild /usr/lib/x86_64-linux-gnu/liblzma.a \
+				/usr/lib/x86_64-linux-gnu/libbz2.a \
+				/usr/lib/x86_64-linux-gnu/libzstd.a \
+				/usr/lib/x86_64-linux-gnu/liblzo2.a \
+				/usr/lib/x86_64-linux-gnu/libyajl.a \
+				/usr/lib/x86_64-linux-gnu/libz.a \
+				/usr/lib/x86_64-linux-gnu/libnl-route-3.a \
+				/usr/lib/x86_64-linux-gnu/libnl-3.a \
+				/usr/lib/x86_64-linux-gnu/libuuid.a \
+				/usr/lib/x86_64-linux-gnu/libutil.a \
+				/usr/lib/x86_64-linux-gnu/
+COPY --from=xenbuild /usr/local/lib/libxen*.a /usr/local/lib/
+COPY --from=xenbuild /usr/local/lib/libxen*.so* /usr/local/lib/
+COPY --from=xenbuild /usr/local/include/*.h /usr/local/include/