[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM

To: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Wed, 25 Jul 2018 17:40:49 -0700 (PDT)
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrii Anisov <andrii_anisov@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Thu, 26 Jul 2018 00:41:22 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, 25 Jul 2018, George Dunlap wrote:
> On Wed, Jul 25, 2018 at 10:50 AM, Julien Grall <julien.grall@xxxxxxx> wrote:
> >> Anything you can select in menuconfig without passing
> >> XEN_CONFIG_EXPERT=y is security supported.  Anything hidden behind
> >> XEN_CONFIG_EXPERT is security supported in its default configuration.
> >
> >
> > Could you clarify what you mean by security supported here? For instance,
> > "livepatch" is selectable on Arm with XEN_CONFIG_EXPERT=y but it is marked
> > as "experimental" in SUPPORT.MD.
> 
> I think Andy means something like, "supported when no admin action is
> taken to activate it".  Livepatch doesn't just happen by itself; you
> have to take an action to trigger the behavior, so it's not supported.

I am OK following the same model on ARM too. Do we all agree?

If so, I can just remove this patch from the series, because the
previous patch already clarifies the role of EXPERT.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH v7 00/12] arm: more kconfig configurability and small default configs
  - From: Stefano Stabellini
- [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM
  - From: George Dunlap

Prev by Date: [Xen-devel] [ovmf test] 125576: all pass - PUSHED
Next by Date: Re: [Xen-devel] [PATCH] xenconsole: add option to avoid escape sequences in log
Previous by thread: Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM
Next by thread: Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.