I'd like to petition this patch to be included in 3.3, so that the
official releases continue to fully support the TXT/tboot trust model.
Joe
-----Original Message-----
From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Espen
Skoglund
Sent: Wednesday, August 06, 2008 6:02 AM
To: Han, Weidong
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] [VTD] Add 'force_iommu' option
[Weidong Han]
> For security reasons, add 'force_iommu' option to ensure that it
should
> not be possible under any conditions to boot Xen w/o VT-d being
enabled.
> This would only be specified by users that really want the added
> security.
Here's a followup which collects all the iommu parameters into a
single parameter. Makes things more intuitive from a users
perspective.
eSk
---
iommu: Make the iommu boot parameters more generic and flexible
Make the 'iommu' boot parameter take a comma separated value indicating
wheter iommu is required to boot and whether to enable iommu for pv
domains.
Signed-off-by: Espen Skoglund <espen.skoglund@xxxxxxxxxxxxx>
diff -r 152ba12fc55c xen/drivers/passthrough/iommu.c
--- a/xen/drivers/passthrough/iommu.c Wed Aug 06 13:07:34 2008 +0100
+++ b/xen/drivers/passthrough/iommu.c Wed Aug 06 13:55:46 2008 +0100
@@ -20,18 +20,48 @@
extern struct iommu_ops intel_iommu_ops;
extern struct iommu_ops amd_iommu_ops;
+static void parse_iommu_param(char *s);
static int iommu_populate_page_table(struct domain *d);
int intel_vtd_setup(void);
int amd_iov_detect(void);
+/*
+ * The 'iommu' parameter enables the IOMMU. Optional comma separated
+ * value may contain:
+ *
+ * off|no|false|disable Disable IOMMU (default)
+ * pv Enable IOMMU for PV domains
+ * no-pv Disable IOMMU for PV domains (default)
+ * force|required Don't boot unless IOMMU is enabled
+ */
+custom_param("iommu", parse_iommu_param);
int iommu_enabled = 0;
-boolean_param("iommu", iommu_enabled);
+int iommu_pv_enabled = 0;
+int force_iommu = 0;
-int iommu_pv_enabled = 0;
-boolean_param("iommu_pv", iommu_pv_enabled);
+static void __init parse_iommu_param(char *s)
+{
+ char *ss;
+ iommu_enabled = 1;
-int force_iommu = 0;
-boolean_param("force_iommu", force_iommu);
+ do {
+ ss = strchr(s, ',');
+ if ( ss )
+ *ss = '\0';
+
+ if ( !strcmp(s, "off") || !strcmp(s, "no") || !strcmp(s,
"false") ||
+ !strcmp(s, "0") || !strcmp(s, "disable") )
+ iommu_enabled = 0;
+ else if ( !strcmp(s, "pv") )
+ iommu_pv_enabled = 1;
+ else if ( !strcmp(s, "no-pv") )
+ iommu_pv_enabled = 0;
+ else if ( !strcmp(s, "force") || !strcmp(s, "required") )
+ force_iommu = 1;
+
+ s = ss + 1;
+ } while ( ss );
+}
int iommu_domain_init(struct domain *domain)
{
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|